safefinder

[Smidla]

Zdravim,
mozila ma porat problem se safefinder.com prosim o kontrolu logu. kdyz uz se zda ze to nejaky soft odstranil, vrati se po chvili zpet. Nevidim ho ani v modulech, neni videt v PC. DIky.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-08-2016
Ran by Smidla (administrator) on SMIDLA-PC (04-08-2016 01:23:54)
Running from C:\Users\Smidla\Desktop
Loaded Profiles: Smidla (Available Profiles: Smidla)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Crawler Group, LLC) C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
(Crawler Group, LLC) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
(Crawler Group, LLC) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AutoKMS] => C:\Windows\AutoKMS.exe [615936 2014-12-20] ()
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397752 2016-04-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [SpywareTerminatorShield] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [5321448 2016-04-09] (Crawler Group, LLC)
HKLM\...\Run: [SpywareTerminatorUpdater] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [5560040 2016-04-09] (Crawler Group, LLC)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKU\S-1-5-21-1768121611-4049446793-1409843139-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5583120 2015-02-26] (Disc Soft Ltd)
HKU\S-1-5-21-1768121611-4049446793-1409843139-1000\...\MountPoints2: E - E:\Setup.exe
HKU\S-1-5-21-1768121611-4049446793-1409843139-1000\...\MountPoints2: F - F:\Setup.exe
HKU\S-1-5-21-1768121611-4049446793-1409843139-1000\...\MountPoints2: J - J:\Autorun.exe
HKU\S-1-5-21-1768121611-4049446793-1409843139-1000\...\MountPoints2: K - K:\autoplay.exe
HKU\S-1-5-21-1768121611-4049446793-1409843139-1000\...\MountPoints2: L - L:\Autorun.exe
HKU\S-1-5-21-1768121611-4049446793-1409843139-1000\...\MountPoints2: {5644f56e-dbb0-11e4-9ddb-001fd0967936} - K:\autoplay.exe
HKU\S-1-5-21-1768121611-4049446793-1409843139-1000\...\MountPoints2: {5644f575-dbb0-11e4-9ddb-001fd0967936} - L:\Autorun.exe
HKU\S-1-5-21-1768121611-4049446793-1409843139-1000\...\MountPoints2: {5bbef813-4d02-11e6-834c-001fd0967936} - E:\Autoplay.exe
HKU\S-1-5-21-1768121611-4049446793-1409843139-1000\...\MountPoints2: {b2e5a122-1211-11e6-8ec3-001fd0967936} - F:\Setup.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [S-1-5-21-1768121611-4049446793-1409843139-1000] => hxxp://stoppblock.net/wpad.dat?1f09da67743d88d12d4476f11e8d690113644287
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{CD86601D-1924-4AFF-A4E6-02E6478634CE}: [DhcpNameServer] 192.168.2.1
ManualProxies: 0hxxp://stoppblock.net/wpad.dat?1f09da67743d88d12d4476f11e8d690113644287

Internet Explorer:
==================
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Spyware Terminator 2015 Internet Guard -> {82A76710-4F98-4957-92BE-99648A4E2475} -> C:\Program Files (x86)\Spyware Terminator\STInternetGuard64.dll [2015-07-27] (Crawler Group, LLC)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Podpora odkazu pro Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-22] (Oracle Corporation)
BHO-x32: Spyware Terminator 2015 Internet Guard -> {82A76710-4F98-4957-92BE-99648A4E2475} -> C:\Program Files (x86)\Spyware Terminator\STInternetGuard.dll [2015-07-27] (Crawler Group, LLC)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-22] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Smidla\AppData\Roaming\Mozilla\Firefox\Profiles\xvb3i9rg.default-1429010367015
FF Homepage: about:home
FF Session Restore: -> is enabled.
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-13] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-03-22] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-03-22] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-26] (Disc Soft Ltd)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2520928 2016-03-03] (ESET)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1164856 2016-04-05] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-04-05] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-04-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-04-05] (NVIDIA Corporation)
R2 ST2012_Svc; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [3269864 2016-04-09] (Crawler Group, LLC)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-01-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30352 2015-04-06] (Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [264552 2016-04-14] (ESET)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [251632 2015-07-14] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [186784 2016-04-14] (ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [142976 2016-04-14] (ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [198096 2016-04-14] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [53384 2016-04-14] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [84800 2016-04-14] (ESET)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-04-05] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-03-21] (NVIDIA Corporation)
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [163644 2016-03-10] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
R2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2011-08-24] (Windows (R) Win 7 DDK provider)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [60416 2014-01-07] (Microsoft Corporation)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-04 01:23 - 2016-08-04 01:24 - 00012279 _____ C:\Users\Smidla\Desktop\FRST.txt
2016-08-04 01:23 - 2016-08-04 01:23 - 00000000 ____D C:\FRST
2016-08-04 01:22 - 2016-08-04 01:19 - 02393600 _____ (Farbar) C:\Users\Smidla\Desktop\FRST64.exe
2016-08-04 00:59 - 2016-08-04 00:59 - 00242312 _____ C:\Users\Smidla\Downloads\Firefox Setup Stub 48.0.exe
2016-08-04 00:44 - 2016-08-04 00:51 - 00000000 ____D C:\ProgramData\Spyware Terminator
2016-08-04 00:44 - 2016-08-04 00:51 - 00000000 ____D C:\Program Files (x86)\Spyware Terminator
2016-08-04 00:44 - 2016-08-04 00:44 - 00001042 _____ C:\Users\Public\Desktop\Spyware Terminator 2015.lnk
2016-08-04 00:44 - 2016-08-04 00:44 - 00000000 ____D C:\Users\Smidla\AppData\Roaming\Spyware Terminator
2016-08-04 00:44 - 2016-08-04 00:44 - 00000000 ____D C:\Users\Smidla\AppData\LocalLow\Spyware Terminator
2016-08-04 00:44 - 2016-08-04 00:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2015
2016-08-04 00:14 - 2016-08-04 00:42 - 00000000 ____D C:\Program Files\Plumbytes Software
2016-08-04 00:14 - 2016-08-04 00:36 - 00000000 ____D C:\Users\Smidla\AppData\Local\{698D0BA5-6E4B-44BD-9F9A-AA32F2E98D9A}
2016-08-04 00:12 - 2016-08-04 00:12 - 00582416 _____ (Plumbytes Software) C:\Users\Smidla\Downloads\antimalwaresetup.exe
2016-08-04 00:08 - 2016-08-04 00:43 - 00000000 ____D C:\Program Files\Reimage
2016-08-04 00:07 - 2016-08-04 00:09 - 00000150 _____ C:\Windows\Reimage.ini
2016-08-04 00:06 - 2016-08-04 00:07 - 00603824 _____ (Reimage) C:\Users\Smidla\Downloads\ReimageRepair.exe
2016-08-04 00:02 - 2016-08-04 01:01 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-08-04 00:02 - 2016-08-04 01:01 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-08-04 00:02 - 2016-08-04 01:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-08-03 23:46 - 2016-08-03 23:46 - 00001889 _____ C:\Users\Smidla\Desktop\CCleaner.lnk
2016-08-03 23:46 - 2016-08-03 23:46 - 00000000 ____D C:\Program Files (x86)\CCleaner
2016-08-02 02:24 - 2016-08-02 02:24 - 00001907 _____ C:\Users\Public\Desktop\SrpnFiles.lnk
2016-08-02 02:24 - 2016-08-02 02:24 - 00000000 ____D C:\Users\Smidla\AppData\Roaming\SpringFiles
2016-08-02 02:24 - 2016-08-02 02:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\SrpnFiles
2016-08-02 01:46 - 2016-08-02 01:47 - 10358961 _____ C:\Users\Smidla\Downloads\patch 2013.3.rar.part
2016-08-02 01:17 - 2016-08-02 01:17 - 00002004 _____ C:\Users\Public\Desktop\Cars CDP+.lnk
2016-08-02 01:17 - 2016-08-02 01:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autocom
2016-08-02 01:16 - 2016-08-02 01:16 - 00000000 ____D C:\Program Files (x86)\Autocom
2016-08-02 00:36 - 2016-08-02 00:36 - 00000000 ____D C:\ProgramData\Autocom
2016-08-02 00:35 - 2016-08-02 00:35 - 00000000 ____D C:\Users\Smidla\AppData\Roaming\Autocom
2016-08-02 00:32 - 2016-08-02 00:32 - 15018891 _____ C:\Users\Smidla\Downloads\patch installation.zip
2016-08-02 00:03 - 2016-08-02 00:03 - 00000000 ____D C:\Users\Smidla\AppData\Roaming\Delphi
2016-08-02 00:03 - 2016-08-02 00:03 - 00000000 ____D C:\ProgramData\Delphi
2016-08-02 00:03 - 2016-08-02 00:03 - 00000000 ____D C:\ProgramData\Common Diagnostics
2016-08-01 23:49 - 2016-08-01 23:50 - 00000000 ____D C:\VCDS
2016-08-01 23:49 - 2016-08-01 23:49 - 00000562 _____ C:\Users\Public\Desktop\VCDS.lnk
2016-08-01 23:49 - 2016-08-01 23:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VCDS
2016-08-01 23:33 - 2016-08-01 23:33 - 00000534 _____ C:\Users\Smidla\Desktop\VAG Info System 1.5.lnk
2016-08-01 23:33 - 2016-08-01 23:33 - 00000000 ____D C:\VIS
2016-08-01 23:33 - 2016-08-01 23:33 - 00000000 ____D C:\Users\Smidla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VAG Info System
2016-08-01 23:33 - 2016-08-01 23:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAG Info System
2016-08-01 23:05 - 2016-08-01 23:05 - 00001081 _____ C:\Users\Smidla\Desktop\Auto-diagnostika – zástupce.lnk
2016-08-01 23:04 - 2016-08-01 23:04 - 00000000 ____D C:\Program Files\DIFX
2016-07-31 20:29 - 2016-07-31 20:30 - 08452748 _____ C:\Users\Smidla\Downloads\Internet-Download-Manager-Full-Version-6.25-build-24-+-Crack.rar
2016-07-31 20:21 - 2016-07-31 20:22 - 20478366 _____ C:\Users\Smidla\Downloads\VAG-COM-IHR-304-funkční_cz.rar
2016-07-31 20:08 - 2016-07-31 20:11 - 00000000 ____D C:\Auto-diagnostika
2016-07-31 20:08 - 2016-07-31 20:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auto-diagnostika
2016-07-31 20:06 - 2016-07-31 20:06 - 25878008 _____ (Ross-Tech, LLC) C:\Users\Smidla\Downloads\VCDS_CZ.exe
2016-07-26 00:54 - 2016-07-26 00:54 - 00000000 ____D C:\Windows\EOONotify
2016-07-25 20:06 - 2016-08-01 02:47 - 00000000 ____D C:\Users\Smidla\Documents\OpenTTD
2016-07-25 17:58 - 2016-07-25 17:58 - 00001273 _____ C:\Users\Smidla\Desktop\TTD.lnk
2016-07-14 17:28 - 2016-06-11 06:48 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-07-14 17:28 - 2016-06-10 23:19 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-07-14 17:28 - 2016-06-10 23:08 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-07-14 17:28 - 2016-06-10 23:03 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-07-14 17:28 - 2016-06-10 22:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-07-14 17:28 - 2016-06-10 22:38 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-07-14 17:28 - 2016-06-10 22:13 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-07-14 17:28 - 2016-06-10 20:53 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-07-14 17:28 - 2016-06-10 20:53 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-07-14 17:28 - 2016-06-10 20:52 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-07-14 17:28 - 2016-06-10 20:45 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-07-14 17:28 - 2016-06-10 20:42 - 20348928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-07-14 17:28 - 2016-06-10 20:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-07-14 17:28 - 2016-06-10 20:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-07-14 17:28 - 2016-06-10 20:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-07-14 17:28 - 2016-06-10 20:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-07-14 17:28 - 2016-06-10 20:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-07-14 17:28 - 2016-06-10 20:10 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-07-14 17:28 - 2016-06-10 19:41 - 01315840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-07-14 17:27 - 2016-06-11 08:57 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-07-14 17:27 - 2016-06-10 23:38 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-07-14 17:27 - 2016-06-10 23:38 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-07-14 17:27 - 2016-06-10 23:20 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-07-14 17:27 - 2016-06-10 23:19 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-07-14 17:27 - 2016-06-10 23:18 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-07-14 17:27 - 2016-06-10 23:18 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-07-14 17:27 - 2016-06-10 23:17 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-07-14 17:27 - 2016-06-10 23:10 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-07-14 17:27 - 2016-06-10 23:05 - 25814016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-07-14 17:27 - 2016-06-10 23:04 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-07-14 17:27 - 2016-06-10 23:03 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-07-14 17:27 - 2016-06-10 23:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-07-14 17:27 - 2016-06-10 23:02 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-07-14 17:27 - 2016-06-10 22:53 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-07-14 17:27 - 2016-06-10 22:50 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-07-14 17:27 - 2016-06-10 22:49 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-07-14 17:27 - 2016-06-10 22:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-07-14 17:27 - 2016-06-10 22:34 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-07-14 17:27 - 2016-06-10 22:31 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-07-14 17:27 - 2016-06-10 22:28 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-07-14 17:27 - 2016-06-10 22:15 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-07-14 17:27 - 2016-06-10 22:12 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-07-14 17:27 - 2016-06-10 22:11 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-07-14 17:27 - 2016-06-10 22:10 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-07-14 17:27 - 2016-06-10 21:45 - 15409664 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-07-14 17:27 - 2016-06-10 21:44 - 02869248 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-07-14 17:27 - 2016-06-10 21:30 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-07-14 17:27 - 2016-06-10 21:21 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-07-14 17:27 - 2016-06-10 21:09 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-07-14 17:27 - 2016-06-10 20:54 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-07-14 17:27 - 2016-06-10 20:53 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-07-14 17:27 - 2016-06-10 20:47 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-07-14 17:27 - 2016-06-10 20:46 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-07-14 17:27 - 2016-06-10 20:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-07-14 17:27 - 2016-06-10 20:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-07-14 17:27 - 2016-06-10 20:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-07-14 17:27 - 2016-06-10 20:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-07-14 17:27 - 2016-06-10 20:32 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-07-14 17:27 - 2016-06-10 20:24 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-07-14 17:27 - 2016-06-10 20:14 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-07-14 17:27 - 2016-06-10 20:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-07-14 17:27 - 2016-06-10 20:09 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-07-14 17:27 - 2016-06-10 20:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-07-14 17:27 - 2016-06-10 19:58 - 13806080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-07-14 17:27 - 2016-06-10 19:45 - 02392576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-07-14 17:27 - 2016-06-10 19:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-07-14 17:26 - 2016-06-26 02:35 - 00041704 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-07-14 17:26 - 2016-06-26 02:27 - 01208320 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-07-14 17:26 - 2016-06-26 02:27 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-07-14 17:26 - 2016-06-26 02:27 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-07-14 17:26 - 2016-06-26 02:27 - 00344576 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2016-07-14 17:26 - 2016-06-26 02:27 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2016-07-14 17:26 - 2016-06-26 02:27 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
2016-07-14 17:26 - 2016-06-25 21:54 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-07-14 17:26 - 2016-06-25 21:53 - 00297472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2016-07-14 17:26 - 2016-06-25 21:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
2016-07-14 17:26 - 2016-06-25 21:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
2016-07-14 17:26 - 2016-06-25 21:41 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
2016-07-14 17:26 - 2016-06-22 15:06 - 00268800 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-07-14 17:26 - 2016-06-17 20:24 - 01490432 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-07-14 17:26 - 2016-06-17 20:24 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-07-14 17:26 - 2016-06-17 20:24 - 00544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-07-14 17:26 - 2016-06-17 20:24 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-07-14 17:26 - 2016-06-17 20:24 - 00219136 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-07-14 17:26 - 2016-06-17 20:24 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-07-14 17:26 - 2016-06-14 17:03 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-07-13 14:58 - 2016-07-13 14:58 - 06079168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-04 01:22 - 2016-02-28 20:32 - 00000000 ____D C:\Install
2016-08-04 01:01 - 2014-12-12 03:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-08-04 00:58 - 2014-12-13 00:28 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-08-04 00:56 - 2009-07-14 06:45 - 00026144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-04 00:56 - 2009-07-14 06:45 - 00026144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-04 00:00 - 2015-10-07 20:09 - 00000253 _____ C:\Windows\KA.ini
2016-08-04 00:00 - 2015-10-07 20:09 - 00000000 ____D C:\ProgramData\Vivendi Universal Games
2016-08-04 00:00 - 2015-10-07 20:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Barbie(TM)
2016-08-04 00:00 - 2015-05-17 11:09 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-08-03 23:46 - 2011-04-12 10:34 - 00668866 _____ C:\Windows\system32\perfh005.dat
2016-08-03 23:46 - 2011-04-12 10:34 - 00141526 _____ C:\Windows\system32\perfc005.dat
2016-08-03 23:46 - 2009-07-14 07:13 - 01584554 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-03 23:46 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-08-03 22:54 - 2014-12-12 02:52 - 00000000 ____D C:\ProgramData\NVIDIA
2016-08-03 22:54 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-02 12:54 - 2016-01-26 19:47 - 00000000 ____D C:\Filmy
2016-08-02 12:42 - 2014-12-12 03:03 - 00000000 ____D C:\Games
2016-08-02 10:59 - 2016-04-15 19:51 - 00000000 ____D C:\Users\Smidla\AppData\Local\CrashDumps
2016-08-02 02:23 - 2014-12-12 02:02 - 00001607 _____ C:\Users\Smidla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-08-02 00:14 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2016-08-01 23:54 - 2014-12-30 23:52 - 00000000 ____D C:\Users\Smidla\AppData\Roaming\vlc
2016-07-31 20:25 - 2014-12-12 02:01 - 00000000 ____D C:\Users\Smidla\AppData\Local\VirtualStore
2016-07-26 14:24 - 2010-11-21 05:27 - 00504488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-07-26 00:54 - 2015-04-06 03:00 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-07-26 00:54 - 2015-04-06 03:00 - 00000000 ___SD C:\Windows\system32\GWX
2016-07-18 19:50 - 2015-11-08 17:09 - 00001511 _____ C:\Windows\disney.ini
2016-07-16 14:53 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2016-07-16 12:05 - 2009-07-14 06:45 - 00411312 _____ C:\Windows\system32\FNTCACHE.DAT
2016-07-16 12:04 - 2014-12-12 23:57 - 00000000 ____D C:\Windows\system32\appraiser
2016-07-16 12:04 - 2011-04-12 10:45 - 00000000 ____D C:\Program Files\Windows Journal
2016-07-15 02:05 - 2014-12-15 21:46 - 00000000 ____D C:\Windows\system32\MRT
2016-07-15 02:01 - 2014-12-15 21:46 - 144749672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-07-13 14:58 - 2014-12-13 00:28 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-07-13 14:58 - 2014-12-13 00:28 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-07-13 14:58 - 2014-12-13 00:28 - 00003852 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-07-13 14:58 - 2014-12-13 00:28 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-07-13 14:58 - 2014-12-13 00:28 - 00000000 ____D C:\Windows\system32\Macromed
2016-07-12 11:30 - 2014-12-23 21:21 - 00000000 ____D C:\Users\Smidla\Documents\Soubory aplikace Outlook

==================== Files in the root of some directories =======

2014-12-31 20:28 - 2014-12-31 20:28 - 0099384 _____ () C:\Users\Smidla\AppData\Roaming\inst.exe
2014-12-31 20:28 - 2014-12-31 20:28 - 0007859 _____ () C:\Users\Smidla\AppData\Roaming\pcouffin.cat
2014-12-31 20:28 - 2014-12-31 20:28 - 0001167 _____ () C:\Users\Smidla\AppData\Roaming\pcouffin.inf
2014-12-31 20:28 - 2014-12-31 20:28 - 0000034 _____ () C:\Users\Smidla\AppData\Roaming\pcouffin.log
2014-12-31 20:28 - 2014-12-31 20:28 - 0082816 _____ (VSO Software) C:\Users\Smidla\AppData\Roaming\pcouffin.sys

Some files in TEMP:
====================
C:\Users\Smidla\AppData\Local\Temp\m0qXoXKXkD.exe
C:\Users\Smidla\AppData\Local\Temp\p7KBVpslPl.exe
C:\Users\Smidla\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Smidla\AppData\Local\Temp\Uninstall.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe
[2014-12-12 06:15] - [2011-01-16 02:01] - 0389632 ____A (Microsoft Corporation) 81257415084B84F3C0D95C381A8D4C8F

C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll
[2015-12-16 20:28] - [2011-01-16 02:01] - 1008640 ____A (Microsoft Corporation) 0B864E15A0BADFF0E7BB8B59009FDDCF

C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-07-27 18:39

==================== End of FRST.txt ============================

[Smidla]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-08-2016
Ran by Smidla (2016-08-04 01:24:36)
Running from C:\Users\Smidla\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2014-12-12 00:01:25)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1768121611-4049446793-1409843139-500 - Administrator - Disabled)
Guest (S-1-5-21-1768121611-4049446793-1409843139-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1768121611-4049446793-1409843139-1003 - Limited - Enabled)
Smidla (S-1-5-21-1768121611-4049446793-1409843139-1000 - Administrator - Enabled) => C:\Users\Smidla

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Smart Security 9.0.376.1 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 9.0.376.1 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personální firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Reader 8 - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-A80000000000}) (Version: 8.0.0 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.1 - Nero AG) Hidden
AIDA64 Extreme v4.20 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 4.20 - FinalWire Ltd.)
Aktualizace NVIDIA 2.11.2.66 (Version: 2.11.2.66 - NVIDIA Corporation) Hidden
Autocom Cars CDP+ (HKLM-x32\...\Autocom Cars CDP+) (Version: - )
Auto-diagnostika VAG-COM (VCDS) . (HKLM-x32\...\Auto-diagnostika VAG-COM (VCDS)) (Version: . - AutoComSoft)
Balíček ovladače systému Windows - Ross-Tech USB Driver Package (06/16/2010 2.06.02) (HKLM\...\F2D626F9A8E5C6126BED6EBD3E3504D0B2AB8443) (Version: 06/16/2010 2.06.02 - Ross-Tech)
Barbie(TM) Dobrodružství s koňmi(TM) (HKLM-x32\...\{F827DB7E-9F8F-46BA-9F22-46CE2CEE1D7E}) (Version: 1.00.0000 - )
Barbie(TM) Salon krásy CD-ROM (HKLM-x32\...\InstallShield_{C5F0FD86-1E2B-4FE3-8996-B976FCA2E64F}) (Version: 1.00.000 - Název společnosti:)
Barbie(TM) Salon krásy CD-ROM (x32 Version: 1.00.000 - Název společnosti:) Hidden
Canon iP2700 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2700_series) (Version: - )
CCleaner (remove only) (HKLM-x32\...\CCleaner) (Version: - Piriform)
Civilization: Call To Power (HKLM-x32\...\Activision_CivCTPUninstallKey) (Version: - )
Čestina do SimCity 4 Rush Hour a Delux BETA (HKLM-x32\...\Čestina do SimCity 4 Rush Hour a Delux BETA) (Version: 1.00 - Max_2_Max)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0406 - Disc Soft Ltd)
Disney Popelka (HKLM-x32\...\{2048F008-BDCD-485E-B552-B60E15BDC668}) (Version: 1.0 - Disney Interactive)
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
DVDFab 6.2.0.5 (11/11/2009) (HKLM-x32\...\DVDFab 6_is1) (Version: - Fengtao Software Inc.)
DVDFab 9.1.2.5 (22/01/2014) (HKLM-x32\...\DVDFab 9_is1) (Version: - Fengtao Software Inc.)
ESET Smart Security (HKLM\...\{B7DE9695-00B8-4935-97B5-A2CBFBA6A3F8}) (Version: 9.0.376.1 - ESET, spol. s r.o.)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Microsoft .NET Framework 4.6.1 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft Zoo Tycoon (HKLM-x32\...\Zoo Tycoon 1.0) (Version: - )
Mozilla Firefox 48.0 (x86 cs) (HKLM-x32\...\Mozilla Firefox 48.0 (x86 cs)) (Version: 48.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 9 Essentials (HKLM-x32\...\{316d31f7-1c60-4de3-bf09-d0416fb452b5}) (Version: - Nero AG)
NVIDIA GeForce Experience 2.11.2.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.2.66 - NVIDIA Corporation)
NVIDIA Ovladač 3D Vision 364.72 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 364.72 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA Ovladač řídící jednotky 3D Vision 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 364.72 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 364.72 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Ovládací panel NVIDIA 364.72 (Version: 364.72 - NVIDIA Corporation) Hidden
PSPad editor (HKLM-x32\...\PSPad editor_is1) (Version: - Jan Fiala)
Rayman 2 (HKLM-x32\...\Rayman 2_is1) (Version: - GOG.com)
Rayman 2: The Great Escape GOG Edition (HKLM\...\{0e82bf4c-b906-4635-a97e-6a9740686b33}.sdb) (Version: - )
Rayman Legends CZ (HKLM\...\{AFEC7CAB-BA90-4388-91C8-A8CB2F81205D}) (Version: 1.0 - Majkumi)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.2.66 - NVIDIA Corporation) Hidden
Sid Meier's Civilization 4 Complete (HKLM-x32\...\{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}) (Version: 1.74 - Firaxis Games)
Sid Meier's Civilization IV Colonization (HKLM-x32\...\{EF36A836-BF89-4A4F-B079-057B0C68C1E0}) (Version: 1.00 - Firaxis Games)
Sid Meier's Civilization V (HKLM\...\Steam App 8930) (Version: - Firaxis Games)
SimCity 4 Deluxe (HKLM-x32\...\{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}) (Version: - )
SketchUp 2015 (HKLM\...\{350488A4-1540-4103-8F01-B27503891EB0}) (Version: 15.3.331 - Trimble Navigation Limited)
Skype™ 7.21 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.21.100 - Skype Technologies S.A.)
Spyware Terminator 2015 (HKLM-x32\...\{56736259-613E-4A3B-B428-6235F2E76F44}_is1) (Version: 3.0.0.102 - Crawler Group)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.41110 - TeamViewer)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.0.615 - Electronic Arts)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH)
Uplay (HKLM-x32\...\Uplay) (Version: 4.8 - Ubisoft)
VAG Info System (HKLM-x32\...\{64D24CA4-3E42-460A-B4C7-FB7A1CE1C629}) (Version: - B.J.SERVIS)
VCDS verze 10.6.4 (HKLM-x32\...\{51970586-34F9-4EF8-A15C-67EB0EC609DA}_is1) (Version: 10.6.4 - Ross-Tech, LLC)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
World of Tanks (HKU\S-1-5-21-1768121611-4049446793-1409843139-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version: - Wargaming.net)
Zoo Tycoon 2 (HKLM-x32\...\Zoo Tycoon 2) (Version: 1.0 - Microsoft)
Zoo Tycoon Čeština 1.05 (HKU\S-1-5-21-1768121611-4049446793-1409843139-1000\...\Zoo Tycoon Čeština 1.05) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B14549C-8936-4A2A-8CA2-02DBE5C23AAA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-13] (Adobe Systems Incorporated)
Task: {1BA92814-9465-4BE7-BDE5-390051DC97CB} - System32\Tasks\{A6881C33-7F32-43F8-8563-F02A6CBDB28C} => pcalua.exe -a "C:\Games\RC simulator\fms2alpha81.exe" -d "C:\Games\RC simulator"
Task: {3F34AE39-3424-4DD9-98EA-CC98CFEF650F} - System32\Tasks\{40E596EE-D811-4763-B285-546B852E9B0E} => pcalua.exe -a D:\SETUP.EXE -d D:\
Task: {47AEAAAB-14C5-4336-A7BC-1EAEC08BE862} - System32\Tasks\{68579852-CA78-480E-9D0C-333FCAE0EE7E} => pcalua.exe -a C:\Games\CtP\cctp1_2_us.exe -d C:\Games\CtP
Task: {F12533EC-7D4C-4F9D-97DB-DDE92598B851} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\WatTask => C:\Windows Activation Technologies\wat.exe [2006-04-21] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Smidla\AppData\Local\Microsoft\Windows\GameExplorer\{C047511B-F0C2-4F65-87C8-3BF82A6A1968}\SupportTasks\0\Podpora.lnk -> hxxp://techsupport.ea.com/
Shortcut: C:\Users\Smidla\AppData\Local\Microsoft\Windows\GameExplorer\{7192F535-F48E-497A-9EA8-A7597E6D12FC}\SupportTasks\0\Podpora.lnk -> hxxp://techsupport.ea.com/

ShortcutWithArgument: C:\Users\Smidla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://safesurfs.net/?ssid=1470097422&a=1003081&src=sh&uuid=f310588f-f8d7-45a1-b115-4a6f19f1884f"
ShortcutWithArgument: C:\Users\Smidla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://safesurfs.net/?ssid=1470097422&a=1003081&src=sh&uuid=f310588f-f8d7-45a1-b115-4a6f19f1884f"
ShortcutWithArgument: C:\Users\Smidla\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://safesurfs.net/?ssid=1470097422&a=1003081&src=sh&uuid=f310588f-f8d7-45a1-b115-4a6f19f1884f"

==================== Loaded Modules (Whitelisted) ==============

2014-12-12 02:51 - 2016-03-22 04:25 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2010-01-30 03:40 - 2010-01-30 03:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2016-04-14 20:03 - 2016-04-05 10:04 - 00369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-04-14 20:03 - 2016-04-05 10:03 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-04-14 20:03 - 2016-04-05 10:04 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-04-14 20:03 - 2016-04-05 10:04 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-04-14 20:03 - 2016-04-05 10:04 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-04-14 20:03 - 2016-04-05 10:04 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-04-14 20:03 - 2016-04-05 10:04 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-04-14 20:03 - 2016-04-05 10:04 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-04-14 20:03 - 2016-04-05 10:03 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-04-14 20:03 - 2016-04-05 10:03 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2016-04-14 20:03 - 2016-04-05 10:11 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-1768121611-4049446793-1409843139-1000\Software\Classes\.exe: => <===== ATTENTION
HKU\S-1-5-21-1768121611-4049446793-1409843139-1000\Software\Classes\.bat: => <===== ATTENTION
HKU\S-1-5-21-1768121611-4049446793-1409843139-1000\Software\Classes\.reg: => <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1768121611-4049446793-1409843139-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Smidla\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B6CAE7D2-7264-48BD-B971-D266C2DBA268}] => (Allow) LPort=80
FirewallRules: [{BEEA31D4-0776-4A0F-923D-AFFBF3D55D14}] => (Allow) LPort=443
FirewallRules: [{8DDB04D6-C405-4310-8D74-00BBA31EA1D1}] => (Allow) LPort=20010
FirewallRules: [{CF1AE111-F775-42DA-90E2-B328B9AFC4B1}] => (Allow) LPort=3478
FirewallRules: [{72A00804-AB94-4B2D-BC16-8D9713E18229}] => (Allow) LPort=7850
FirewallRules: [{4778074F-62E6-4A85-A629-12B65563DFB5}] => (Allow) LPort=7852
FirewallRules: [{14E40F49-4D03-4EEC-BB8E-C1B5AD73A3A3}] => (Allow) LPort=7853
FirewallRules: [{9EA0D587-52E2-4780-983F-A656FF4C77D5}] => (Allow) LPort=27022
FirewallRules: [{BD2EBF0E-787E-4BC0-86F1-49A8B46F955F}] => (Allow) LPort=6881
FirewallRules: [{C2DF2E4D-4C6B-4689-A59A-5B4FEC8150EC}] => (Allow) LPort=33333
FirewallRules: [{53CDA518-0D4F-4D68-A4D4-7A3E52EDEE39}] => (Allow) LPort=20443
FirewallRules: [{F50C3FA8-6EB4-4B87-B236-B760F155A3F5}] => (Allow) LPort=8090
FirewallRules: [{A80D90E3-7EAD-4410-AE9F-B6B8D0EC0EA9}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{12CF195C-510D-432A-844C-A711EDBB4317}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7DEA3477-AAA4-43CE-8858-29041086A845}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A48FBD80-6A68-44F3-8D2E-D03DEA33CD42}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{736FF2B1-065E-4FBE-9A6F-FF2BB08C4A6C}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{7CBB34AA-DA1B-4C78-A8C8-27FA60FAB136}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{25365B56-C412-4E08-B152-A0C8DC2A83A0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{5F40F5FA-FBB5-4A6B-855B-17C23E9568FA}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{0E56EBB6-ED73-4BB8-BB9D-CFCF47CFCE23}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{B1FA0A07-9713-41FD-921E-846729893201}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{BD769D86-55E8-49BC-9B12-F3823FB98CF5}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{FD76E3E6-07DD-4FD1-BD9B-31ECB5846009}] => (Allow) C:\Program Files (x86)\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Civilization4.exe
FirewallRules: [{6CC066B6-8991-499D-B8FF-3667B1934183}] => (Allow) C:\Program Files (x86)\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Civilization4.exe
FirewallRules: [{11EC8BB0-459D-4996-B5AD-152858D355AB}] => (Allow) C:\Program Files (x86)\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe
FirewallRules: [{0FF7CEDF-9217-497A-BBA3-A0F215BC5105}] => (Allow) C:\Program Files (x86)\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe
FirewallRules: [{ABFD3DA8-AD48-4B3A-A4F2-0389D962CDD9}] => (Allow) C:\Program Files (x86)\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe
FirewallRules: [{E67DEF9A-43BD-44E8-B098-2BC70FF380E3}] => (Allow) C:\Program Files (x86)\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe
FirewallRules: [{3A0B478F-2943-4A42-83BC-22E28A1E2558}] => (Allow) C:\Program Files (x86)\2K Games\Firaxis Games\Sid Meier's Civilization IV Colonization\Colonization.exe
FirewallRules: [{DB07C489-1ED5-47C7-8B88-47BA96E2EC8D}] => (Allow) C:\Program Files (x86)\2K Games\Firaxis Games\Sid Meier's Civilization IV Colonization\Colonization.exe
FirewallRules: [{33AEEFA2-033D-4A4F-8D29-48DB7D1F15BC}] => (Allow) C:\Program Files (x86)\Farming Simulator 2015\FarmingSimulator2015.exe
FirewallRules: [{DB9733BA-A4F7-4998-864B-7991CFBE3927}] => (Allow) C:\Program Files (x86)\Farming Simulator 2015\FarmingSimulator2015.exe
FirewallRules: [{878296A8-F076-4159-9351-076276DE15A3}] => (Allow) C:\Program Files (x86)\Farming Simulator 2015\x86\FarmingSimulator2015Game.exe
FirewallRules: [{D7D37095-F8C7-48F6-88A3-65F4046ECB57}] => (Allow) C:\Program Files (x86)\Farming Simulator 2015\x86\FarmingSimulator2015Game.exe
FirewallRules: [{8C16C28C-7354-45CD-9684-AC916436B414}] => (Allow) C:\Program Files (x86)\Farming Simulator 2015\x64\FarmingSimulator2015Game.exe
FirewallRules: [{BADF7E45-D7C4-4B81-A35B-8A8CCAD35651}] => (Allow) C:\Program Files (x86)\Farming Simulator 2015\x64\FarmingSimulator2015Game.exe
FirewallRules: [{AE64BDB7-2915-4259-936B-588F02C23228}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{95532AB7-4734-4DDF-BC67-7015A5C8200A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{F17DC28A-5413-4D5B-8A96-C5A753ECD8BC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B1BE8929-D9AD-4E27-AD79-B1361CF3B36E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{33A1D176-381D-4078-8B3C-534DD6AF2269}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{071A33BA-D268-4F37-974D-0B7A0B02C728}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{C5A82B94-7BD6-4F38-A508-D0E1BEE2664B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{4BAC0D4C-07DE-491B-AF2F-324E7B1237C8}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{B884AB6C-E57A-4696-8DE2-27E2CD8D3C88}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{0974FBE9-EC6C-4E47-8D3A-31CEF35EB63A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{B2459683-2011-405D-8CD5-F1A21F7B5042}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{D04586FB-CE48-4A6C-8878-30D2455D54F5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{88D8247A-044C-4B30-B13D-1C579E357CAC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8ACFF7A0-D70B-4742-8753-943CF6BA6B45}] => (Allow) C:\Program Files (x86)\Microsoft Games\Zoo Tycoon 2\zt.exe
FirewallRules: [{9CD1E6B5-C4F4-4F17-A446-2D2FB0EE6A14}] => (Allow) C:\Program Files (x86)\Microsoft Games\Zoo Tycoon 2\zt.exe
FirewallRules: [{4899E577-2975-4113-89EB-5074A6016701}] => (Allow) C:\Program Files (x86)\SrpnFiles\SrpnFiles.exe
FirewallRules: [{0CAA8074-5034-472C-ACE4-7BC3B43E0FFC}] => (Allow) C:\Program Files (x86)\SrpnFiles\SrpnFiles.exe
FirewallRules: [{C7A7A3A8-74C5-4D21-9C2D-EC6DE42FFE4E}] => (Allow) C:\Program Files (x86)\SrpnFiles\downloader.exe
FirewallRules: [{FD6E64A6-5518-4777-8F32-BC505D3FBDB2}] => (Allow) C:\Program Files (x86)\SrpnFiles\downloader.exe
FirewallRules: [{888B79A8-9BB4-4881-87FC-3216531746C4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6CFD00CC-6AA7-4279-B1E8-1CA85BE031D0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{684A46A9-D6AB-40B4-807F-C7145C05939C}] => (Allow) C:\Program Files (x86)\Spyware Terminator\SpywareTerminator.exe
FirewallRules: [{BB4286FB-6525-4B33-9D91-F99A83BCDB65}] => (Allow) C:\Program Files (x86)\Spyware Terminator\SpywareTerminator.exe
FirewallRules: [{FC5BFAE5-1EE3-4244-9264-1521F83F1037}] => (Allow) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
FirewallRules: [{4A88374D-3E24-4367-8052-190F6F79E8C8}] => (Allow) C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe

==================== Restore Points =========================

01-08-2016 23:04:24 Instalace balíčku ovladače zařízení: Ross-Tech Řadiče USB (Universal Serial Bus)
02-08-2016 10:37:19 Windows Update
04-08-2016 00:00:18 Odstraněno Na scéně(TM)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/03/2016 10:56:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/02/2016 10:59:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: plugin-container.exe, verze: 47.0.0.5999, časové razítko: 0x5753660e
Název chybujícího modulu: mozglue.dll, verze: 47.0.0.5999, časové razítko: 0x57535438
Kód výjimky: 0x80000003
Posun chyby: 0x0000f3ad
ID chybujícího procesu: 0x1328
Čas spuštění chybující aplikace: 0xplugin-container.exe0
Cesta k chybující aplikaci: plugin-container.exe1
Cesta k chybujícímu modulu: plugin-container.exe2
ID zprávy: plugin-container.exe3

Error: (08/02/2016 10:37:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: plugin-container.exe, verze: 47.0.0.5999, časové razítko: 0x5753660e
Název chybujícího modulu: mozglue.dll, verze: 47.0.0.5999, časové razítko: 0x57535438
Kód výjimky: 0x80000003
Posun chyby: 0x0000f3ad
ID chybujícího procesu: 0x1128
Čas spuštění chybující aplikace: 0xplugin-container.exe0
Cesta k chybující aplikaci: plugin-container.exe1
Cesta k chybujícímu modulu: plugin-container.exe2
ID zprávy: plugin-container.exe3

Error: (08/02/2016 10:33:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/01/2016 11:47:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: IHR3040n.exe, verze: 1.0.0.1, časové razítko: 0x3e978d52
Název chybujícího modulu: kernel32.dll, verze: 6.1.7601.23418, časové razítko: 0x5708a7e3
Kód výjimky: 0xc0000005
Posun chyby: 0x00037fe6
ID chybujícího procesu: 0x1074
Čas spuštění chybující aplikace: 0xIHR3040n.exe0
Cesta k chybující aplikaci: IHR3040n.exe1
Cesta k chybujícímu modulu: IHR3040n.exe2
ID zprávy: IHR3040n.exe3

Error: (08/01/2016 11:46:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: IHR3040n.exe, verze: 1.0.0.1, časové razítko: 0x3e978d52
Název chybujícího modulu: kernel32.dll, verze: 6.1.7601.23418, časové razítko: 0x5708a7e3
Kód výjimky: 0xc0000005
Posun chyby: 0x00037fe6
ID chybujícího procesu: 0x8bc
Čas spuštění chybující aplikace: 0xIHR3040n.exe0
Cesta k chybující aplikaci: IHR3040n.exe1
Cesta k chybujícímu modulu: IHR3040n.exe2
ID zprávy: IHR3040n.exe3

Error: (08/01/2016 11:03:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/31/2016 08:24:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: IHR3040n.exe, verze: 1.0.0.1, časové razítko: 0x3e978d52
Název chybujícího modulu: kernel32.dll, verze: 6.1.7601.23418, časové razítko: 0x5708a7e3
Kód výjimky: 0xc0000005
Posun chyby: 0x00037fe6
ID chybujícího procesu: 0x77c
Čas spuštění chybující aplikace: 0xIHR3040n.exe0
Cesta k chybující aplikaci: IHR3040n.exe1
Cesta k chybujícímu modulu: IHR3040n.exe2
ID zprávy: IHR3040n.exe3

Error: (07/31/2016 03:20:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/30/2016 10:30:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (08/04/2016 12:14:08 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba AMW Service je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (08/02/2016 12:49:44 PM) (Source: Disk) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\Harddisk1\DR8.

Error: (08/02/2016 12:49:43 PM) (Source: Disk) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\Harddisk1\DR8.

Error: (08/02/2016 12:49:43 PM) (Source: Disk) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\Harddisk1\DR8.

Error: (08/02/2016 12:49:42 PM) (Source: Disk) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\Harddisk1\DR8.

Error: (08/02/2016 12:25:38 PM) (Source: Disk) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\Harddisk1\DR6.

Error: (08/02/2016 12:25:37 PM) (Source: Disk) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\Harddisk1\DR6.

Error: (08/02/2016 12:25:37 PM) (Source: Disk) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\Harddisk1\DR6.

Error: (08/02/2016 10:43:33 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80070643): Definition Update for Windows Defender - KB915597 (Definition 1.225.2931.0).

Error: (07/31/2016 07:48:58 PM) (Source: Disk) (EventID: 11) (User: )
Description: Ovladač zjistil chybu řadiče na \Device\Harddisk5\DR6.


CodeIntegrity:
===================================
Date: 2016-08-04 01:22:12.003
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-08-04 01:13:17.678
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-08-04 01:02:54.191
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-08-04 00:41:53.167
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-08-04 00:31:58.261
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-08-04 00:13:07.421
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-08-03 23:44:44.725
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-08-03 22:54:35.350
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-08-03 00:41:04.414
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-08-02 23:30:05.444
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Pentium(R) Dual-Core CPU E6300 @ 2.80GHz
Percentage of memory in use: 50%
Total physical RAM: 4094.49 MB
Available physical RAM: 2016.09 MB
Total Virtual: 8187.17 MB
Available Virtual: 6292.48 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:596.17 GB) (Free:103.51 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive f: (ZOO_TYCN) (CDROM) (Total:0.56 GB) (Free:0 GB) CDFS
Drive k: (DOLLHOUSE2) (CDROM) (Total:0.53 GB) (Free:0 GB) CDFS
Drive l: (Sims3) (CDROM) (Total:5.6 GB) (Free:0 GB) UDF
Drive m: (KINGSTON) (Removable) (Total:1.89 GB) (Free:0.52 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: F2E00478)
Partition 1: (Active) - (Size=596.2 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (Size: 1.9 GB) (Disk ID: C25DF7D6)
Partition 1: (Active) - (Size=1.9 GB) - (Type=0E)

==================== End of Addition.txt ============================

[Rudy]

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

[Smidla]

# AdwCleaner v5.201 - Log vytvořen 04/08/2016 v 23:00:56
# Aktualizováno 30/06/2016 by ToolsLib
# Databáze : 2016-08-04.3 [Server]
# Operační system : Windows 7 Ultimate Service Pack 1 (X64)
# Uživatelské jméno : Smidla - SMIDLA-PC
# Spuštěno z : C:\Users\Smidla\Desktop\adwcleaner_5.201.exe
# Nastavení : Čištění
# Podpora : https://toolslib.net/forum

***** [ Služby ] *****

[-] Služba Smazáno : sp_rsdrv2

***** [ Složky ] *****

[-] Složka Smazáno : C:\ProgramData\Microsoft\Windows\Start Menu\SrpnFiles
[-] Složka Smazáno : C:\Users\Smidla\AppData\Local\{698D0BA5-6E4B-44BD-9F9A-AA32F2E98D9A}
[-] Složka Smazáno : C:\Users\Smidla\AppData\Roaming\SpringFiles

***** [ Soubory ] *****

[-] Soubor Smazáno : C:\Users\Public\Desktop\SrpnFiles.lnk
[-] Soubor Smazáno : C:\Windows\Reimage.ini

***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Zástupci ] *****

[-] Zástupce Vyléčeno : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flying Model Simulator\Visit FMS official website.lnk
[-] Zástupce Vyléčeno : C:\Users\Smidla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[-] Zástupce Vyléčeno : C:\Users\Smidla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
[-] Zástupce Vyléčeno : C:\Users\Smidla\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

***** [ Naplánované úlohy ] *****


***** [ Registry ] *****

[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
[-] Klíč Smazáno : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
[-] Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
[-] Klíč Smazáno : HKCU\Software\Reimage
[-] Klíč Smazáno : HKCU\Software\VIS
[-] Klíč Smazáno : HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
[-] Klíč Smazáno : HKCU\Software\SrpnFiles
[-] Klíč Smazáno : HKLM\SOFTWARE\SrpnFiles
[-] Klíč Smazáno : [x64] HKLM\SOFTWARE\Reimage
[-] Hodnota Smazáno : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{4899E577-2975-4113-89EB-5074A6016701}]
[-] Hodnota Smazáno : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{0CAA8074-5034-472C-ACE4-7BC3B43E0FFC}]
[-] Hodnota Smazáno : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{C7A7A3A8-74C5-4D21-9C2D-EC6DE42FFE4E}]
[-] Hodnota Smazáno : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{FD6E64A6-5518-4777-8F32-BC505D3FBDB2}]

***** [ Prohlížeče ] *****


*************************

:: "Tracing" klíče smazány
:: Nastavení Winsock vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [3378 bytů] - [04/08/2016 23:00:56]
C:\AdwCleaner\AdwCleaner[S1].txt - [4143 bytů] - [04/08/2016 22:56:13]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3524 bytů] ##########

[Rudy]

Dejte nový log RSIT.

[Smidla]

Logfile of random's system information tool 1.10 (written by random/random)
Run by Smidla at 2016-08-05 23:48:02
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 106 GB (17%) free of 610 GB
Total RAM: 4094 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:48:09, on 5.8.2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18377)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
C:\Program Files (x86)\Spyware Terminator\SpywareTerminator.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\trend micro\Smidla.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://stoppblock.net/wpad.dat?1f09da67 ... 0113644287
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll
O2 - BHO: Spyware Terminator 2015 Internet Guard - {82A76710-4F98-4957-92BE-99648A4E2475} - C:\PROGRA~2\SPYWAR~1\STINTE~1.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://help.eset.com (HKLM)
O15 - ESC Trusted Zone: http://help.eset.com (HKLM)
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Spyware Terminator 2015 Realtime Shield Service (ST2012_Svc) - Crawler Group, LLC - C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9794 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Program Files\ESET\ESET Smart Security\ekrn.exe"
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE 0x2c0
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"taskhost.exe"
"C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe"
"C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe"
"C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe"
"C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe"
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1"
"C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" /ELEVATED
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide
"C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe" serviceapp
\??\C:\Windows\system32\conhost.exe "1784232902507809990-15022808771471438577926221539-6116324768563300991089275300
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-a24f3413-9879-4e23-bbfe-ec41c03e836a -SystemEventPortName:HostProcess-f86dd70f-b422-4fdb-8846-ce2f24466e75 -IoCancelEventPortName:HostProcess-07bcc0ce-08d5-477c-9cae-3da0d790cc82 -NonStateChangingEventPortName:HostProcess-1b636e71-be00-4bbf-b813-f0062fc0ff61 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:f80955fe-d2f3-4323-b9b4-285bf3b95b56 -DeviceGroupId:WpdFsGroup
C:\Windows\system32\sppsvc.exe
"C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe"
"C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\Version9\TeamViewer9_Logfile.log
"C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\Version9\TeamViewer9_Logfile.log
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Spyware Terminator\SpywareTerminator.exe" /SCHEDULESCAN /ELEVATED
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
"C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe" -auto
"C:\Windows\system32\SearchFilterHost.exe" 0 512 516 524 65536 520
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Users\Smidla\Desktop\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\Smidla\AppData\Roaming\Mozilla\Firefox\Profiles\xvb3i9rg.default-1429010367015

prefs.js - "browser.startup.homepage" - "about:home"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 22.0.0.209 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.91.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.91.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 22.0.0.209 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 6722448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82A76710-4F98-4957-92BE-99648A4E2475}]
Spyware Terminator 2015 Internet Guard - C:\PROGRA~2\SPYWAR~1\STINTE~2.DLL [2015-07-27 2013520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 688528]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-22 462400]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82A76710-4F98-4957-92BE-99648A4E2475}]
Spyware Terminator 2015 Internet Guard - C:\PROGRA~2\SPYWAR~1\STINTE~1.DLL [2015-07-27 1255248]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-22 173120]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AutoKMS"=C:\Windows\AutoKMS.exe [2014-12-20 615936]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2016-04-05 2397752]
"ShadowPlay"=C:\Windows\system32\nvspcap64.dll [2016-04-05 1767432]
"SpywareTerminatorShield"=C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [2016-04-09 5321448]
"SpywareTerminatorUpdater"=C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [2016-04-09 5560040]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2015-02-26 5583120]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"=C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-04-01 596504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 6722448]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux5"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux1"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"wave9"=wdmaud.drv
"midi9"=wdmaud.drv
"mixer9"=wdmaud.drv
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2016-08-05 23:48:02 ----D---- C:\rsit
2016-08-05 23:48:02 ----D---- C:\Program Files\trend micro
2016-08-04 22:56:02 ----D---- C:\AdwCleaner
2016-08-04 01:23:51 ----D---- C:\FRST
2016-08-04 00:44:41 ----D---- C:\Users\Smidla\AppData\Roaming\Spyware Terminator
2016-08-04 00:44:41 ----D---- C:\ProgramData\Spyware Terminator
2016-08-04 00:44:35 ----D---- C:\Program Files (x86)\Spyware Terminator
2016-08-04 00:14:03 ----D---- C:\Program Files\Plumbytes Software
2016-08-04 00:02:40 ----D---- C:\Program Files (x86)\Mozilla Firefox
2016-08-03 23:46:49 ----D---- C:\Program Files (x86)\CCleaner
2016-08-02 01:16:53 ----D---- C:\Program Files (x86)\Autocom
2016-08-02 00:36:04 ----D---- C:\ProgramData\Autocom
2016-08-02 00:35:41 ----D---- C:\Users\Smidla\AppData\Roaming\Autocom
2016-08-02 00:03:31 ----D---- C:\ProgramData\Delphi
2016-08-02 00:03:26 ----D---- C:\ProgramData\Common Diagnostics
2016-08-02 00:03:14 ----D---- C:\Users\Smidla\AppData\Roaming\Delphi
2016-08-01 23:49:09 ----D---- C:\VCDS
2016-08-01 23:33:14 ----D---- C:\VIS
2016-08-01 23:04:55 ----D---- C:\Program Files\DIFX
2016-07-31 20:08:06 ----D---- C:\Auto-diagnostika
2016-07-26 00:54:26 ----D---- C:\Windows\EOONotify
2016-07-14 17:28:04 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2016-07-14 17:28:04 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2016-07-14 17:28:04 ----A---- C:\Windows\SYSWOW64\inseng.dll
2016-07-14 17:28:04 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2016-07-14 17:28:04 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2016-07-14 17:28:04 ----A---- C:\Windows\system32\iernonce.dll
2016-07-14 17:28:04 ----A---- C:\Windows\system32\ieetwproxystub.dll
2016-07-14 17:28:04 ----A---- C:\Windows\system32\ieetwcollector.exe
2016-07-14 17:28:03 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2016-07-14 17:28:03 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2016-07-14 17:28:03 ----A---- C:\Windows\SYSWOW64\occache.dll
2016-07-14 17:28:03 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2016-07-14 17:28:03 ----A---- C:\Windows\system32\inseng.dll
2016-07-14 17:28:03 ----A---- C:\Windows\system32\ie4uinit.exe
2016-07-14 17:28:02 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2016-07-14 17:28:01 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2016-07-14 17:28:01 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2016-07-14 17:28:01 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2016-07-14 17:28:01 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-07-14 17:27:59 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2016-07-14 17:27:59 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2016-07-14 17:27:59 ----A---- C:\Windows\system32\occache.dll
2016-07-14 17:27:59 ----A---- C:\Windows\system32\iedkcs32.dll
2016-07-14 17:27:58 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2016-07-14 17:27:58 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2016-07-14 17:27:58 ----A---- C:\Windows\SYSWOW64\jscript.dll
2016-07-14 17:27:58 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2016-07-14 17:27:58 ----A---- C:\Windows\system32\urlmon.dll
2016-07-14 17:27:58 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2016-07-14 17:27:57 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2016-07-14 17:27:57 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2016-07-14 17:27:56 ----A---- C:\Windows\SYSWOW64\ieui.dll
2016-07-14 17:27:56 ----A---- C:\Windows\system32\msfeeds.dll
2016-07-14 17:27:56 ----A---- C:\Windows\system32\dxtrans.dll
2016-07-14 17:27:55 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2016-07-14 17:27:54 ----A---- C:\Windows\system32\iesetup.dll
2016-07-14 17:27:54 ----A---- C:\Windows\system32\ieapfltr.dll
2016-07-14 17:27:53 ----A---- C:\Windows\system32\iertutil.dll
2016-07-14 17:27:52 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2016-07-14 17:27:52 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2016-07-14 17:27:52 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2016-07-14 17:27:52 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2016-07-14 17:27:52 ----A---- C:\Windows\system32\vbscript.dll
2016-07-14 17:27:51 ----A---- C:\Windows\SYSWOW64\wininet.dll
2016-07-14 17:27:51 ----A---- C:\Windows\SYSWOW64\msrating.dll
2016-07-14 17:27:49 ----A---- C:\Windows\system32\dxtmsft.dll
2016-07-14 17:27:48 ----A---- C:\Windows\system32\ieui.dll
2016-07-14 17:27:48 ----A---- C:\Windows\system32\ieframe.dll
2016-07-14 17:27:45 ----A---- C:\Windows\system32\mshtmlmedia.dll
2016-07-14 17:27:45 ----A---- C:\Windows\system32\mshtmled.dll
2016-07-14 17:27:44 ----A---- C:\Windows\system32\ieUnatt.exe
2016-07-14 17:27:43 ----A---- C:\Windows\system32\webcheck.dll
2016-07-14 17:27:43 ----A---- C:\Windows\system32\jscript.dll
2016-07-14 17:27:42 ----A---- C:\Windows\system32\jscript9diag.dll
2016-07-14 17:27:41 ----A---- C:\Windows\system32\jscript9.dll
2016-07-14 17:27:40 ----A---- C:\Windows\system32\wininet.dll
2016-07-14 17:27:39 ----A---- C:\Windows\system32\jsproxy.dll
2016-07-14 17:27:36 ----A---- C:\Windows\system32\msrating.dll
2016-07-14 17:27:36 ----A---- C:\Windows\system32\MshtmlDac.dll
2016-07-14 17:27:33 ----A---- C:\Windows\system32\mshtml.dll
2016-07-14 17:26:37 ----A---- C:\Windows\system32\localspl.dll
2016-07-14 17:26:36 ----A---- C:\Windows\SYSWOW64\win32spl.dll
2016-07-14 17:26:36 ----A---- C:\Windows\SYSWOW64\ntprint.exe
2016-07-14 17:26:36 ----A---- C:\Windows\SYSWOW64\ntprint.dll
2016-07-14 17:26:36 ----A---- C:\Windows\system32\wpnpinst.exe
2016-07-14 17:26:36 ----A---- C:\Windows\system32\win32spl.dll
2016-07-14 17:26:36 ----A---- C:\Windows\system32\ntprint.exe
2016-07-14 17:26:36 ----A---- C:\Windows\system32\ntprint.dll
2016-07-14 17:26:36 ----A---- C:\Windows\system32\inetppui.dll
2016-07-14 17:26:36 ----A---- C:\Windows\system32\inetpp.dll
2016-07-14 17:26:29 ----A---- C:\Windows\system32\invagent.dll
2016-07-14 17:26:29 ----A---- C:\Windows\system32\generaltel.dll
2016-07-14 17:26:29 ----A---- C:\Windows\system32\devinv.dll
2016-07-14 17:26:29 ----A---- C:\Windows\system32\centel.dll
2016-07-14 17:26:29 ----A---- C:\Windows\system32\appraiser.dll
2016-07-14 17:26:29 ----A---- C:\Windows\system32\aepic.dll
2016-07-14 17:26:29 ----A---- C:\Windows\system32\aeinv.dll
2016-07-14 17:26:28 ----A---- C:\Windows\system32\CompatTelRunner.exe
2016-07-14 17:26:28 ----A---- C:\Windows\system32\acmigration.dll
2016-07-14 17:26:26 ----A---- C:\Windows\system32\win32k.sys
2016-07-13 14:58:30 ----A---- C:\Windows\SYSWOW64\FlashPlayerInstaller.exe

======List of files/folders modified in the last 1 month======

2016-08-05 23:48:03 ----D---- C:\Windows\Temp
2016-08-05 23:48:02 ----RD---- C:\Program Files
2016-08-05 23:46:09 ----SHD---- C:\System Volume Information
2016-08-05 23:42:21 ----D---- C:\Windows\system32\config
2016-08-05 23:40:13 ----D---- C:\ProgramData\NVIDIA
2016-08-04 23:03:12 ----D---- C:\Windows\system32\drivers
2016-08-04 23:00:57 ----D---- C:\Windows
2016-08-04 22:54:18 ----D---- C:\Windows\Prefetch
2016-08-04 22:52:57 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2016-08-04 01:22:54 ----D---- C:\Install
2016-08-04 00:44:41 ----HD---- C:\ProgramData
2016-08-04 00:44:35 ----RD---- C:\Program Files (x86)
2016-08-04 00:43:52 ----D---- C:\Windows\system32\Tasks
2016-08-04 00:00:38 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2016-08-04 00:00:38 ----D---- C:\ProgramData\Vivendi Universal Games
2016-08-04 00:00:38 ----A---- C:\Windows\KA.ini
2016-08-03 23:59:27 ----D---- C:\Windows\SysWOW64
2016-08-03 23:59:27 ----D---- C:\Windows\System32
2016-08-03 23:50:49 ----D---- C:\Windows\debug
2016-08-03 23:46:05 ----D---- C:\Windows\inf
2016-08-03 23:46:05 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-08-02 12:54:39 ----D---- C:\Filmy
2016-08-02 12:42:44 ----D---- C:\Games
2016-08-02 03:11:29 ----D---- C:\Windows\system32\catroot
2016-08-02 01:17:01 ----D---- C:\Windows\system32\DriverStore
2016-08-02 00:14:08 ----D---- C:\Windows\system32\NDF
2016-08-01 23:54:25 ----D---- C:\Users\Smidla\AppData\Roaming\vlc
2016-07-31 19:50:57 ----D---- C:\Program Files (x86)\Common Files
2016-07-30 10:43:37 ----D---- C:\Windows\winsxs
2016-07-26 14:24:24 ----N---- C:\Windows\system32\MpSigStub.exe
2016-07-26 00:54:12 ----SD---- C:\Windows\SYSWOW64\GWX
2016-07-26 00:54:10 ----SD---- C:\Windows\system32\GWX
2016-07-18 19:52:02 ----RSD---- C:\Windows\assembly
2016-07-18 19:50:46 ----A---- C:\Windows\disney.ini
2016-07-18 19:50:18 ----SHD---- C:\Windows\Installer
2016-07-16 14:53:02 ----D---- C:\Windows\rescache
2016-07-16 12:28:19 ----D---- C:\Windows\Microsoft.NET
2016-07-16 12:04:44 ----D---- C:\Program Files\Internet Explorer
2016-07-16 12:04:43 ----D---- C:\Windows\SYSWOW64\en-US
2016-07-16 12:04:43 ----D---- C:\Windows\SYSWOW64\cs-CZ
2016-07-16 12:04:42 ----D---- C:\Windows\system32\en-US
2016-07-16 12:04:42 ----D---- C:\Windows\system32\cs-CZ
2016-07-16 12:04:41 ----D---- C:\Program Files (x86)\Internet Explorer
2016-07-16 12:04:40 ----D---- C:\Windows\system32\appraiser
2016-07-16 12:04:40 ----D---- C:\Program Files\Windows Journal
2016-07-16 12:04:39 ----D---- C:\Windows\AppPatch
2016-07-15 02:05:16 ----D---- C:\Windows\system32\MRT
2016-07-15 02:01:09 ----A---- C:\Windows\system32\MRT.exe
2016-07-14 17:24:44 ----D---- C:\Windows\system32\catroot2
2016-07-13 14:58:49 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2016-07-13 14:58:38 ----D---- C:\Windows\system32\Macromed
2016-07-13 14:58:33 ----D---- C:\Windows\SYSWOW64\Macromed

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2016-04-14 84800]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2014-01-07 213848]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2014-01-07 516096]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2016-04-14 264552]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2016-04-14 186784]
R1 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2016-04-14 198096]
R1 EpfwLWF;ESET Personal Firewall; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2016-04-14 53384]
R2 ekbdflt;ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [2016-04-14 142976]
R2 sp_rsdrv2;Spyware Terminator Driver Filter; C:\Windows\system32\DRIVERS\stflt.sys [2011-08-24 51496]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus; C:\Windows\system32\DRIVERS\dtlitescsibus.sys [2015-04-06 30352]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2016-03-24 205456]
R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2016-04-05 28216]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2016-03-21 56384]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2014-12-31 82816]
R3 RTL8167;Ovladač Realtek 8167 NT; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 FTDIBUS;USB Serial Converter Driver; C:\Windows\system32\drivers\ftdibus.sys [2016-03-16 108352]
S3 FTSER2K;USB Serial Port Driver; C:\Windows\system32\drivers\ftser2k.sys [2016-03-16 95168]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2014-01-07 166400]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2015-06-11 20992]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys [2010-11-21 34816]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam64.sys [2012-05-17 14464]
S3 WinUsb;WinUsb; C:\Windows\system32\drivers\WinUsb.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2014-01-07 27136]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2014-01-07 27136]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2016-03-03 2520928]
R2 GfExperienceService;NVIDIA GeForce Experience Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2016-04-05 1164856]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-07-20 935208]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2016-04-05 1881144]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2016-04-05 2522680]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2016-03-22 1264064]
R2 ST2012_Svc;Spyware Terminator 2015 Realtime Shield Service; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [2016-04-09 3269864]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2016-03-22 426040]
R2 TeamViewer9;TeamViewer 9; C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2015-04-09 5261584]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [2015-02-26 1272592]
R3 NvStreamNetworkSvc;NVIDIA Streamer Network Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2016-04-05 3634232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2015-11-05 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2015-11-05 125112]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2016-01-29 327296]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-13 270016]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2014-01-07 27136]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2015-11-05 51376]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2016-06-10 114688]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2016-07-26 146888]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2014-01-07 27136]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2016-03-31 835664]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2014-01-07 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2014-01-07 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]

-----------------EOF-----------------

[Smidla]

Spyvare terminator nasel 4 problemy a odstranil je. Jednalo se o tracking cookies. Odstraneni probehlo az po dokonceni scanu a postnuti logu.

[Rudy]

Cookies prakticky nejsou nebezpečné. Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:

:reg
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-

:commands
[Purity]
[Emptytemp]
[Emptyflash]

a klikněte na >MoveIt!<. Po skenu restartujte PC a dejte nový log RSIT.

[Smidla]

All processes killed
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Smidla
->Temp folder emptied: 62589175 bytes
->Temporary Internet Files folder emptied: 30262640 bytes
->Java cache emptied: 2472 bytes
->FireFox cache emptied: 118316884 bytes
->Flash cache emptied: 1095 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 613396 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33298 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 101139 bytes

Total Files Cleaned = 202,00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Smidla
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb


OTM by OldTimer - Version 3.1.21.0 log created on 08062016_124111

Files moved on Reboot...
C:\Users\Smidla\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Smidla\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File C:\Windows\temp\TMP00000001C5122777F3923DFC not found!
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

Registry entries deleted on Reboot...

[Smidla]

Logfile of random's system information tool 1.10 (written by random/random)
Run by Smidla at 2016-08-06 12:48:03
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 106 GB (17%) free of 610 GB
Total RAM: 4094 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:48:07, on 6.8.2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18377)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files\trend micro\Smidla.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://stoppblock.net/wpad.dat?1f09da67 ... 0113644287
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll
O2 - BHO: Spyware Terminator 2015 Internet Guard - {82A76710-4F98-4957-92BE-99648A4E2475} - C:\PROGRA~2\SPYWAR~1\STINTE~1.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://help.eset.com (HKLM)
O15 - ESC Trusted Zone: http://help.eset.com (HKLM)
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Spyware Terminator 2015 Realtime Shield Service (ST2012_Svc) - Crawler Group, LLC - C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9490 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Program Files\ESET\ESET Smart Security\ekrn.exe"
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE 0x2c0
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe"
"C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"taskhost.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe"
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1"
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe" serviceapp
\??\C:\Windows\system32\conhost.exe "1637049602-18341773487116384-11602915071460230719531242316-320674062-1547926436
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-ec43ec93-6401-4267-bc66-7a655f95ddd2 -SystemEventPortName:HostProcess-a386841d-1022-4df9-9036-9fa97330dfba -IoCancelEventPortName:HostProcess-f50ae8b3-635c-4523-81ad-217db2da3c4b -NonStateChangingEventPortName:HostProcess-bd8d41ee-74d1-4716-83b1-445e7f13f94a -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:dfbd34ad-d2ad-4f62-a4d7-d277064a606b -DeviceGroupId:WpdFsGroup
"C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe"
"C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\Version9\TeamViewer9_Logfile.log
"C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\Version9\TeamViewer9_Logfile.log
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-1768121611-4049446793-1409843139-10001_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-1768121611-4049446793-1409843139-10001 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"
"C:\Windows\system32\SearchFilterHost.exe" 0 512 516 524 65536 520
"C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe"
"C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" /ELEVATED
"C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\sppsvc.exe
"C:\Users\Smidla\Desktop\RSITx64.exe"
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\Smidla\AppData\Roaming\Mozilla\Firefox\Profiles\xvb3i9rg.default-1429010367015

prefs.js - "browser.startup.homepage" - "about:home"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 22.0.0.209 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.91.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.91.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 22.0.0.209 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 6722448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82A76710-4F98-4957-92BE-99648A4E2475}]
Spyware Terminator 2015 Internet Guard - C:\PROGRA~2\SPYWAR~1\STINTE~2.DLL [2015-07-27 2013520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 688528]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-22 462400]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82A76710-4F98-4957-92BE-99648A4E2475}]
Spyware Terminator 2015 Internet Guard - C:\PROGRA~2\SPYWAR~1\STINTE~1.DLL [2015-07-27 1255248]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-22 173120]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AutoKMS"=C:\Windows\AutoKMS.exe [2014-12-20 615936]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2016-04-05 2397752]
"ShadowPlay"=C:\Windows\system32\nvspcap64.dll [2016-04-05 1767432]
"SpywareTerminatorShield"=C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [2016-04-09 5321448]
"SpywareTerminatorUpdater"=C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [2016-04-09 5560040]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2015-02-26 5583120]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"=C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 6722448]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux5"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux1"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"wave9"=wdmaud.drv
"midi9"=wdmaud.drv
"mixer9"=wdmaud.drv
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2016-08-06 12:41:11 ----D---- C:\_OTM
2016-08-05 23:48:02 ----D---- C:\rsit
2016-08-05 23:48:02 ----D---- C:\Program Files\trend micro
2016-08-04 22:56:02 ----D---- C:\AdwCleaner
2016-08-04 01:23:51 ----D---- C:\FRST
2016-08-04 00:44:41 ----D---- C:\Users\Smidla\AppData\Roaming\Spyware Terminator
2016-08-04 00:44:41 ----D---- C:\ProgramData\Spyware Terminator
2016-08-04 00:44:35 ----D---- C:\Program Files (x86)\Spyware Terminator
2016-08-04 00:14:03 ----D---- C:\Program Files\Plumbytes Software
2016-08-04 00:02:40 ----D---- C:\Program Files (x86)\Mozilla Firefox
2016-08-03 23:46:49 ----D---- C:\Program Files (x86)\CCleaner
2016-08-02 01:16:53 ----D---- C:\Program Files (x86)\Autocom
2016-08-02 00:36:04 ----D---- C:\ProgramData\Autocom
2016-08-02 00:35:41 ----D---- C:\Users\Smidla\AppData\Roaming\Autocom
2016-08-02 00:03:31 ----D---- C:\ProgramData\Delphi
2016-08-02 00:03:26 ----D---- C:\ProgramData\Common Diagnostics
2016-08-02 00:03:14 ----D---- C:\Users\Smidla\AppData\Roaming\Delphi
2016-08-01 23:49:09 ----D---- C:\VCDS
2016-08-01 23:33:14 ----D---- C:\VIS
2016-08-01 23:04:55 ----D---- C:\Program Files\DIFX
2016-07-31 20:08:06 ----D---- C:\Auto-diagnostika
2016-07-26 00:54:26 ----D---- C:\Windows\EOONotify
2016-07-14 17:28:04 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2016-07-14 17:28:04 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2016-07-14 17:28:04 ----A---- C:\Windows\SYSWOW64\inseng.dll
2016-07-14 17:28:04 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2016-07-14 17:28:04 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2016-07-14 17:28:04 ----A---- C:\Windows\system32\iernonce.dll
2016-07-14 17:28:04 ----A---- C:\Windows\system32\ieetwproxystub.dll
2016-07-14 17:28:04 ----A---- C:\Windows\system32\ieetwcollector.exe
2016-07-14 17:28:03 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2016-07-14 17:28:03 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2016-07-14 17:28:03 ----A---- C:\Windows\SYSWOW64\occache.dll
2016-07-14 17:28:03 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2016-07-14 17:28:03 ----A---- C:\Windows\system32\inseng.dll
2016-07-14 17:28:03 ----A---- C:\Windows\system32\ie4uinit.exe
2016-07-14 17:28:02 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2016-07-14 17:28:01 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2016-07-14 17:28:01 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2016-07-14 17:28:01 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2016-07-14 17:28:01 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-07-14 17:27:59 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2016-07-14 17:27:59 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2016-07-14 17:27:59 ----A---- C:\Windows\system32\occache.dll
2016-07-14 17:27:59 ----A---- C:\Windows\system32\iedkcs32.dll
2016-07-14 17:27:58 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2016-07-14 17:27:58 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2016-07-14 17:27:58 ----A---- C:\Windows\SYSWOW64\jscript.dll
2016-07-14 17:27:58 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2016-07-14 17:27:58 ----A---- C:\Windows\system32\urlmon.dll
2016-07-14 17:27:58 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2016-07-14 17:27:57 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2016-07-14 17:27:57 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2016-07-14 17:27:56 ----A---- C:\Windows\SYSWOW64\ieui.dll
2016-07-14 17:27:56 ----A---- C:\Windows\system32\msfeeds.dll
2016-07-14 17:27:56 ----A---- C:\Windows\system32\dxtrans.dll
2016-07-14 17:27:55 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2016-07-14 17:27:54 ----A---- C:\Windows\system32\iesetup.dll
2016-07-14 17:27:54 ----A---- C:\Windows\system32\ieapfltr.dll
2016-07-14 17:27:53 ----A---- C:\Windows\system32\iertutil.dll
2016-07-14 17:27:52 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2016-07-14 17:27:52 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2016-07-14 17:27:52 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2016-07-14 17:27:52 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2016-07-14 17:27:52 ----A---- C:\Windows\system32\vbscript.dll
2016-07-14 17:27:51 ----A---- C:\Windows\SYSWOW64\wininet.dll
2016-07-14 17:27:51 ----A---- C:\Windows\SYSWOW64\msrating.dll
2016-07-14 17:27:49 ----A---- C:\Windows\system32\dxtmsft.dll
2016-07-14 17:27:48 ----A---- C:\Windows\system32\ieui.dll
2016-07-14 17:27:48 ----A---- C:\Windows\system32\ieframe.dll
2016-07-14 17:27:45 ----A---- C:\Windows\system32\mshtmlmedia.dll
2016-07-14 17:27:45 ----A---- C:\Windows\system32\mshtmled.dll
2016-07-14 17:27:44 ----A---- C:\Windows\system32\ieUnatt.exe
2016-07-14 17:27:43 ----A---- C:\Windows\system32\webcheck.dll
2016-07-14 17:27:43 ----A---- C:\Windows\system32\jscript.dll
2016-07-14 17:27:42 ----A---- C:\Windows\system32\jscript9diag.dll
2016-07-14 17:27:41 ----A---- C:\Windows\system32\jscript9.dll
2016-07-14 17:27:40 ----A---- C:\Windows\system32\wininet.dll
2016-07-14 17:27:39 ----A---- C:\Windows\system32\jsproxy.dll
2016-07-14 17:27:36 ----A---- C:\Windows\system32\msrating.dll
2016-07-14 17:27:36 ----A---- C:\Windows\system32\MshtmlDac.dll
2016-07-14 17:27:33 ----A---- C:\Windows\system32\mshtml.dll
2016-07-14 17:26:37 ----A---- C:\Windows\system32\localspl.dll
2016-07-14 17:26:36 ----A---- C:\Windows\SYSWOW64\win32spl.dll
2016-07-14 17:26:36 ----A---- C:\Windows\SYSWOW64\ntprint.exe
2016-07-14 17:26:36 ----A---- C:\Windows\SYSWOW64\ntprint.dll
2016-07-14 17:26:36 ----A---- C:\Windows\system32\wpnpinst.exe
2016-07-14 17:26:36 ----A---- C:\Windows\system32\win32spl.dll
2016-07-14 17:26:36 ----A---- C:\Windows\system32\ntprint.exe
2016-07-14 17:26:36 ----A---- C:\Windows\system32\ntprint.dll
2016-07-14 17:26:36 ----A---- C:\Windows\system32\inetppui.dll
2016-07-14 17:26:36 ----A---- C:\Windows\system32\inetpp.dll
2016-07-14 17:26:29 ----A---- C:\Windows\system32\invagent.dll
2016-07-14 17:26:29 ----A---- C:\Windows\system32\generaltel.dll
2016-07-14 17:26:29 ----A---- C:\Windows\system32\devinv.dll
2016-07-14 17:26:29 ----A---- C:\Windows\system32\centel.dll
2016-07-14 17:26:29 ----A---- C:\Windows\system32\appraiser.dll
2016-07-14 17:26:29 ----A---- C:\Windows\system32\aepic.dll
2016-07-14 17:26:29 ----A---- C:\Windows\system32\aeinv.dll
2016-07-14 17:26:28 ----A---- C:\Windows\system32\CompatTelRunner.exe
2016-07-14 17:26:28 ----A---- C:\Windows\system32\acmigration.dll
2016-07-14 17:26:26 ----A---- C:\Windows\system32\win32k.sys
2016-07-13 14:58:30 ----A---- C:\Windows\SYSWOW64\FlashPlayerInstaller.exe

======List of files/folders modified in the last 1 month======

2016-08-06 12:48:05 ----D---- C:\Windows\Temp
2016-08-06 12:43:16 ----D---- C:\ProgramData\NVIDIA
2016-08-06 12:42:37 ----D---- C:\Windows\system32\config
2016-08-06 12:42:00 ----D---- C:\Windows\SysWOW64
2016-08-06 12:42:00 ----D---- C:\Windows
2016-08-05 23:48:02 ----RD---- C:\Program Files
2016-08-05 23:46:09 ----SHD---- C:\System Volume Information
2016-08-04 23:03:12 ----D---- C:\Windows\system32\drivers
2016-08-04 22:54:18 ----D---- C:\Windows\Prefetch
2016-08-04 22:52:57 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2016-08-04 01:22:54 ----D---- C:\Install
2016-08-04 00:44:41 ----HD---- C:\ProgramData
2016-08-04 00:44:35 ----RD---- C:\Program Files (x86)
2016-08-04 00:43:52 ----D---- C:\Windows\system32\Tasks
2016-08-04 00:00:38 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2016-08-04 00:00:38 ----D---- C:\ProgramData\Vivendi Universal Games
2016-08-04 00:00:38 ----A---- C:\Windows\KA.ini
2016-08-03 23:59:27 ----D---- C:\Windows\System32
2016-08-03 23:50:49 ----D---- C:\Windows\debug
2016-08-03 23:46:05 ----D---- C:\Windows\inf
2016-08-03 23:46:05 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-08-02 12:54:39 ----D---- C:\Filmy
2016-08-02 12:42:44 ----D---- C:\Games
2016-08-02 03:11:29 ----D---- C:\Windows\system32\catroot
2016-08-02 01:17:01 ----D---- C:\Windows\system32\DriverStore
2016-08-02 00:14:08 ----D---- C:\Windows\system32\NDF
2016-08-01 23:54:25 ----D---- C:\Users\Smidla\AppData\Roaming\vlc
2016-07-31 19:50:57 ----D---- C:\Program Files (x86)\Common Files
2016-07-30 10:43:37 ----D---- C:\Windows\winsxs
2016-07-26 14:24:24 ----N---- C:\Windows\system32\MpSigStub.exe
2016-07-26 00:54:12 ----SD---- C:\Windows\SYSWOW64\GWX
2016-07-26 00:54:10 ----SD---- C:\Windows\system32\GWX
2016-07-18 19:52:02 ----RSD---- C:\Windows\assembly
2016-07-18 19:50:46 ----A---- C:\Windows\disney.ini
2016-07-18 19:50:18 ----SHD---- C:\Windows\Installer
2016-07-16 14:53:02 ----D---- C:\Windows\rescache
2016-07-16 12:28:19 ----D---- C:\Windows\Microsoft.NET
2016-07-16 12:04:44 ----D---- C:\Program Files\Internet Explorer
2016-07-16 12:04:43 ----D---- C:\Windows\SYSWOW64\en-US
2016-07-16 12:04:43 ----D---- C:\Windows\SYSWOW64\cs-CZ
2016-07-16 12:04:42 ----D---- C:\Windows\system32\en-US
2016-07-16 12:04:42 ----D---- C:\Windows\system32\cs-CZ
2016-07-16 12:04:41 ----D---- C:\Program Files (x86)\Internet Explorer
2016-07-16 12:04:40 ----D---- C:\Windows\system32\appraiser
2016-07-16 12:04:40 ----D---- C:\Program Files\Windows Journal
2016-07-16 12:04:39 ----D---- C:\Windows\AppPatch
2016-07-15 02:05:16 ----D---- C:\Windows\system32\MRT
2016-07-15 02:01:09 ----A---- C:\Windows\system32\MRT.exe
2016-07-14 17:24:44 ----D---- C:\Windows\system32\catroot2
2016-07-13 14:58:49 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2016-07-13 14:58:38 ----D---- C:\Windows\system32\Macromed
2016-07-13 14:58:33 ----D---- C:\Windows\SYSWOW64\Macromed

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2016-04-14 84800]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2014-01-07 213848]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2014-01-07 516096]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2016-04-14 264552]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2016-04-14 186784]
R1 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2016-04-14 198096]
R1 EpfwLWF;ESET Personal Firewall; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2016-04-14 53384]
R2 ekbdflt;ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [2016-04-14 142976]
R2 sp_rsdrv2;Spyware Terminator Driver Filter; C:\Windows\system32\DRIVERS\stflt.sys [2011-08-24 51496]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus; C:\Windows\system32\DRIVERS\dtlitescsibus.sys [2015-04-06 30352]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2016-03-24 205456]
R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2016-04-05 28216]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2016-03-21 56384]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2014-12-31 82816]
R3 RTL8167;Ovladač Realtek 8167 NT; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 FTDIBUS;USB Serial Converter Driver; C:\Windows\system32\drivers\ftdibus.sys [2016-03-16 108352]
S3 FTSER2K;USB Serial Port Driver; C:\Windows\system32\drivers\ftser2k.sys [2016-03-16 95168]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2014-01-07 166400]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2015-06-11 20992]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys [2010-11-21 34816]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam64.sys [2012-05-17 14464]
S3 WinUsb;WinUsb; C:\Windows\system32\drivers\WinUsb.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2014-01-07 27136]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2014-01-07 27136]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2016-03-03 2520928]
R2 GfExperienceService;NVIDIA GeForce Experience Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2016-04-05 1164856]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-07-20 935208]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2016-04-05 1881144]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2016-04-05 2522680]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2016-03-22 1264064]
R2 ST2012_Svc;Spyware Terminator 2015 Realtime Shield Service; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [2016-04-09 3269864]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2016-03-22 426040]
R2 TeamViewer9;TeamViewer 9; C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2015-04-09 5261584]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [2015-02-26 1272592]
R3 NvStreamNetworkSvc;NVIDIA Streamer Network Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2016-04-05 3634232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2015-11-05 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2015-11-05 125112]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2016-01-29 327296]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-13 270016]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2014-01-07 27136]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2015-11-05 51376]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2016-06-10 114688]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2016-07-26 146888]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2014-01-07 27136]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2016-03-31 835664]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2014-01-07 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2014-01-07 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]

-----------------EOF-----------------

[Rudy]

Smazáno. Nastala nějaká změna?

[Smidla]

Bohuzel nikoliv. Pri pokusu o vyhledavani googlem okamzite hazi stranku safefinder.com a pri vyhledavani seznamem to po nejake chvili odhodi na reklamni stranky, sazeni, porno, reklamu.
Dokonce i pri beznem klikani na odkazy, napriklad zde na tomto foru pri stahovani utilit to nekdy presmeruje na balast reklamni stranky, sazeni, porno, reklamu.
Pri psani tohoto prispevku me to odhodilo na stranku PCKeeper. Jinak se pocitac chova naprosto normalne, problem je pouze pri pouzivani prohlizece. Reinstal nepomohl, problem se v Iternet Exploreru nevyskytuje.

[Rudy]

Udělejte ještě následující skeny:

1. Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: http://thisisudax.org/downloads/JRT.exe
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.

[Smidla]

Zoek se nejak zasekl, nechal jsem to pustene do rana, ale nepohnulo se to z mista. Jdu to pustit znovu.

[Smidla]

Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Smidla on po 08.08.2016 at 21:16:39,43.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Smidla\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2016-08-07-201955.log 3697 bytes

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Smidla\AppData\Roaming\Mozilla\Firefox\Profiles\xvb3i9rg.default-1429010367015\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Added to C:\Users\Smidla\AppData\Roaming\Mozilla\Firefox\Profiles\xvb3i9rg.default-1429010367015\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Smidla\AppData\Roaming\Mozilla\Firefox\Profiles\xvb3i9rg.default-1429010367015
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Smidla\AppData\Roaming\Mozilla\Firefox\Profiles\xvb3i9rg.default-1429010367015
62D98B286C805E193568037B70D936D2 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll - Shockwave Flash


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTer ... ORM=IESR02

==== Reset Google Chrome ======================

Nothing found to reset

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Smidla\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Smidla\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Smidla\AppData\Local\Mozilla\Firefox\Profiles\xvb3i9rg.default-1429010367015\cache2 emptied successfully
C:\Users\Smidla\AppData\Roaming\Mozilla\Firefox\Profiles\xvb3i9rg.default-1429010367015\storage\default\https+++www.porndig.com\cache emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=65 folders=20 14841818 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Smidla\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Smidla\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on po 08.08.2016 at 21:37:43,45 ======================