VIRY.CZ

Dobrý den,

prosím o kontrolu logu po (snad úspěšném) odebrání malware podstrkujícího intextové reklamy v prohlížeči.

Bohužel, po odebrání zůstaly poškozeny některé knihovny. Klidně bych celý systém reinstaloval, ale nejde mi ani spustit instalační exe soubor.

Díky za pomoc

Logfile of random's system information tool 1.09 (written by random/random)
Run by vlczak at 2013-09-27 14:51:08
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 42 GB (28%) free of 151 GB
Total RAM: 8053 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:51:21, on 27.9.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16686)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Users\vlczak\AppData\Local\Viber\Viber.exe
C:\Program Files (x86)\SugarSync\SugarSync.exe
C:\Users\vlczak\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\vlczak.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Viber] "C:\Users\vlczak\AppData\Local\Viber\Viber.exe" StartMinimized
O4 - HKCU\..\Run: [SugarSync] "C:\Program Files (x86)\SugarSync\SugarSync.exe" -startInTray -usedelay=true
O4 - HKCU\..\Run: [Fii] "C:\Program Files (x86)\Fii\Fii.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\vlczak\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-21-1092485543-279616468-1922850246-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1092485543-279616468-1922850246-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll, C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll
O21 - SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\SysWOW64\SSCbFsMntNtf3.dll
O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\SysWOW64\SSCbFsMntNtf3.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FlexNet Licensing Service - Flexera Software LLC - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LenovoSmartConnectService - Lenovo - C:\Program Files (x86)\Lenovo\Lenovo Smart Update\LenovoSmartConnectService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Unknown owner - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: ASUS Virtual MFP Service (UsbService) - Unknown owner - C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

--
End of file - 9805 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\WLANExt.exe 23952400
\??\C:\Windows\system32\conhost.exe "-11510957321488726503-1849193303-1983392052-1695736631881381918-403856390-1973875154
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
"C:\Program Files (x86)\Lenovo\Lenovo Smart Update\LenovoSmartConnectService.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"
"C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe"
"C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe"
"C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe"
"C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL mmsys.cpl
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Microsoft Security Client\NisSrv.exe"
"taskhost.exe"
taskeng.exe {E4B3BCDD-17B2-45EB-B209-EFBC3E70094B}
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe"
"C:\Program Files (x86)\Lenovo\Energy Management\utility.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Users\vlczak\AppData\Local\Viber\Viber.exe" StartMinimized
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"C:\Program Files (x86)\SugarSync\SugarSync.exe" -startInTray -usedelay=true
"C:\Program Files (x86)\Fii\Fii.exe"
"C:\Users\vlczak\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\sysWOW64\wbem\wmiprvse.exe -Embedding
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" serviceapp
\??\C:\Windows\system32\conhost.exe "1146775832-1508227743-112032221247226377-1042794801-107992680315712147231030449309
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="5384.0.1762667633\280912681" --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,9,19 --reduce-gpu-sandbox --gpu-vendor-id=0x8086 --gpu-device-id=0x0166 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=9.17.10.2932 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group2 pct:remainder use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/Prerender/PrerenderEnabled/PrerenderLocalPredictor/Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-1-Percent/group_78/UMA-Uniformity-Trial-10-Percent/group_06/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-50-Percent/default/" --extension-process --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="5384.1.1491380409\1705627278" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group2 pct:remainder use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/Prerender/PrerenderEnabled/PrerenderLocalPredictor/Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-1-Percent/group_78/UMA-Uniformity-Trial-10-Percent/group_06/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-50-Percent/default/" --extension-process --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="5384.2.756398717\118637699" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group2 pct:remainder use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/Prerender/PrerenderEnabled/PrerenderLocalPredictor/Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-1-Percent/group_78/UMA-Uniformity-Trial-10-Percent/group_06/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-50-Percent/default/" --extension-process --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="5384.3.912831807\1364127223" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group2 pct:remainder use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/Prerender/PrerenderEnabled/PrerenderLocalPredictor/Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-1-Percent/group_78/UMA-Uniformity-Trial-10-Percent/group_06/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-50-Percent/default/" --extension-process --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="5384.4.1000652666\967928404" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group2 pct:remainder use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/Prerender/PrerenderEnabled/PrerenderLocalPredictor/Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-1-Percent/group_78/UMA-Uniformity-Trial-10-Percent/group_06/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-50-Percent/default/" --extension-process --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="5384.5.678068691\2002439740" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group2 pct:remainder use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/Prerender/PrerenderEnabled/PrerenderLocalPredictor/Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-1-Percent/group_78/UMA-Uniformity-Trial-10-Percent/group_06/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-50-Percent/default/" --extension-process --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="5384.6.633773402\1605634161" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group2 pct:remainder use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/Prerender/PrerenderEnabled/PrerenderLocalPredictor/Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-1-Percent/group_78/UMA-Uniformity-Trial-10-Percent/group_06/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-50-Percent/default/" --extension-process --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="5384.7.769065501\1132663471" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group2 pct:remainder use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/Prerender/PrerenderEnabled/PrerenderLocalPredictor/Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-1-Percent/group_78/UMA-Uniformity-Trial-10-Percent/group_06/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-50-Percent/default/" --renderer-print-preview --instant-process --enable-threaded-compositing --disable-html-notifications --channel="5384.8.991569010\1473649227" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group2 pct:remainder use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/NewMenuStyle/Compact2/OmniboxStopTimer/UseStopTimer/Prerender/PrerenderEnabled/PrerenderLocalPredictor/Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-1-Percent/group_78/UMA-Uniformity-Trial-10-Percent/group_06/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-50-Percent/default/" --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="5384.9.882410247\640871968" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group2 pct:remainder use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/NewMenuStyle/Compact2/OmniboxStopTimer/UseStopTimer/Prerender/PrerenderEnabled/PrerenderLocalPredictor/Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-1-Percent/group_78/UMA-Uniformity-Trial-10-Percent/group_06/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-50-Percent/default/" --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="5384.10.235348916\83794566" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group2 pct:remainder use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/NewMenuStyle/Compact2/OmniboxStopTimer/UseStopTimer/Prerender/PrerenderEnabled/PrerenderLocalPredictor/Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-1-Percent/group_78/UMA-Uniformity-Trial-10-Percent/group_06/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-50-Percent/default/" --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="5384.12.1384806679\134810227" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group2 pct:remainder use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/NewMenuStyle/Compact2/OmniboxStopTimer/UseStopTimer/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictor/Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-1-Percent/group_78/UMA-Uniformity-Trial-10-Percent/group_06/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-50-Percent/default/" --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="5384.16.1423778620\583476006" /prefetch:673131151
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\wbem\WmiApSrv.exe
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
"C:\Users\vlczak\Desktop\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1092485543-279616468-1922850246-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1092485543-279616468-1922850246-1000UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.google.cz"
prefs.js - "extensions.enabledItems" - "toolbar@alexa.com:1.5.0, cs@dictionaries.addons.mozilla.org:1.0.2, firebug@software.joehewitt.com:1.6.2, {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.16, {3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}:0.8.6.1, jqs@sun.com:1.0, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1, noia2_option@kk.noia:3.76, {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.10.2, service@touchpdf.com:1.15, seo@profesional:1.1.1, {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.3, {eecba28f-b68b-4b3a-b501-6ce12e6b8696}:0.7.3, wavetoolbar@webaim.org:1.1.5, {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9, {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.2.2, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13, {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.8.800.168 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.25.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\SysWOW64\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.8.800.168 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll

C:\Program Files (x86)\Mozilla Firefox\plugins\
nppdf32.dll
npwachk.dll

C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\extensions\
cookiemgr@jayapal.com
cs@dictionaries.addons.mozilla.org
extension@spiderpic.com
firesheep@codebutler.com
jklir@volny.cz
noia2_option@kk.noia
piclens@cooliris.com
service@touchpdf.com
sxipper@sxip.com
{20a82645-c095-46ed-80e3-08825760534b}
{2c7bf5d2-2002-4912-95b2-7c2ee8a9ce7c}
{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}
{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
{6AC85730-7D0F-4de0-B3FA-21142DD85326}
{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
{c45c406e-ab73-11d8-be73-000a95be3b12}
{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
{e3f6c2cc-d8db-498c-af6c-499fb211db97}
{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
{ea4637dc-e014-4c17-9c2c-879322d23268}

C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\searchplugins\
alexa.xml
goosh.xml
pixmac-celebrity-search.xml
pixmac-search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-07-18 463272]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-07-18 171944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Energy Management"=C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [2013-07-03 8069024]
"EnergyUtility"=C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [2013-07-03 6201248]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-11-10 2847016]
"SynLenovoGestureMgr"=C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [2011-11-10 408872]
"Nvtmru"=C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [2013-07-27 1028896]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2012-12-14 172144]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2012-12-14 399984]
"Persistence"=C:\Windows\system32\igfxpers.exe [2012-12-14 441968]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2013-06-20 1356240]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Viber"=C:\Users\vlczak\AppData\Local\Viber\Viber.exe [2013-05-08 906240]
"SugarSync"=C:\Program Files (x86)\SugarSync\SugarSync.exe [2013-06-26 12419424]
"Fii"=C:\Program Files (x86)\Fii\Fii.exe [2013-08-09 100864]
"Google Update"=C:\Users\vlczak\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-13 116648]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-01-08 3674320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smart Update]
C:\Program Files (x86)\Lenovo\Lenovo Smart Update\SmartUpdate.exe [2012-04-06 3244080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-03-12 253816]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2012-02-27 291608]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\Windows\system32\nvinitx.dll, C:\PROGRA~1\NVIDIA~2\NVSTRE~1\rxinput.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2012-12-14 442880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\system32\SSCbFsMntNtf3.dll [2013-01-30 192256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Virtual Storage Mount Notification - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\system32\SSCbFsMntNtf3.dll [2013-01-30 192256]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.txt - open - C:\Windows\NOTEPAD.EXE %1

======List of files/folders created in the last 1 month======

2013-09-27 14:51:08 ----D---- C:\rsit
2013-09-27 14:51:08 ----D---- C:\Program Files\trend micro
2013-09-27 14:44:16 ----D---- C:\AdwCleaner
2013-09-27 14:43:06 ----D---- C:\ProgramData\Weskysoft
2013-09-27 14:36:55 ----A---- C:\Windows\system32\drivers\dtsoftbus01.sys
2013-09-27 14:36:49 ----D---- C:\Program Files (x86)\DAEMON Tools Lite
2013-09-27 14:25:01 ----D---- C:\Program Files (x86)\DLLSuite
2013-09-27 14:03:32 ----D---- C:\Windows\erdnt
2013-09-27 14:03:17 ----SD---- C:\32788R22FWJFW
2013-09-27 08:34:38 ----D---- C:\Users\vlczak\AppData\Roaming\Malwarebytes
2013-09-27 08:34:29 ----D---- C:\ProgramData\Malwarebytes
2013-09-27 08:17:57 ----A---- C:\Windows\SYSWOW64\MRT.exe
2013-09-26 21:38:06 ----A---- C:\autoexec.bat
2013-09-26 21:37:16 ----D---- C:\Program Files\Enigma Software Group
2013-09-26 21:35:42 ----D---- C:\Windows\037F8C0EE8E1408FABB4FC4ABF947E1B.TMP
2013-09-26 10:05:26 ----D---- C:\Program Files (x86)\MySQL
2013-09-25 20:59:12 ----A---- C:\Windows\ODBC.INI
2013-09-25 20:37:30 ----A---- C:\Windows\ODBCINST.INI
2013-09-25 20:37:29 ----D---- C:\Program Files\MySQL
2013-09-25 20:33:14 ----D---- C:\Program Files (x86)\psqlODBC
2013-09-25 20:26:25 ----D---- C:\ProgramData\FLEXnet
2013-09-25 20:25:19 ----D---- C:\Program Files (x86)\Tableau
2013-09-12 15:50:51 ----A---- C:\Windows\SYSWOW64\ieui.dll
2013-09-12 15:50:50 ----A---- C:\Windows\system32\ieui.dll
2013-09-12 15:50:47 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2013-09-12 15:50:47 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2013-09-12 15:50:47 ----A---- C:\Windows\system32\iesetup.dll
2013-09-12 15:50:47 ----A---- C:\Windows\system32\iernonce.dll
2013-09-12 15:50:46 ----A---- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe
2013-09-12 15:50:46 ----A---- C:\Windows\SYSWOW64\iesysprep.dll
2013-09-12 15:50:46 ----A---- C:\Windows\system32\ie4uinit.exe
2013-09-12 15:50:45 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2013-09-12 15:50:45 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-12 15:50:45 ----A---- C:\Windows\system32\iesysprep.dll
2013-09-12 15:50:44 ----A---- C:\Windows\system32\iertutil.dll
2013-09-12 15:50:41 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2013-09-12 15:50:41 ----A---- C:\Windows\system32\msfeeds.dll
2013-09-12 15:50:40 ----A---- C:\Windows\SYSWOW64\jscript.dll
2013-09-12 15:50:40 ----A---- C:\Windows\system32\jscript.dll
2013-09-12 15:50:38 ----A---- C:\Windows\system32\jscript9.dll
2013-09-12 15:50:37 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2013-09-12 15:50:35 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2013-09-12 15:50:34 ----A---- C:\Windows\system32\urlmon.dll
2013-09-12 15:50:32 ----A---- C:\Windows\system32\jsproxy.dll
2013-09-12 15:50:31 ----A---- C:\Windows\SYSWOW64\wininet.dll
2013-09-12 15:50:31 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2013-09-12 15:50:29 ----A---- C:\Windows\system32\wininet.dll
2013-09-12 15:50:27 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2013-09-12 15:50:25 ----A---- C:\Windows\system32\ieframe.dll
2013-09-12 15:50:20 ----A---- C:\Windows\system32\mshtml.dll
2013-09-12 15:50:14 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2013-09-12 15:43:38 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2013-09-12 15:43:37 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2013-09-12 15:43:37 ----A---- C:\Windows\system32\ntoskrnl.exe
2013-09-12 15:43:37 ----A---- C:\Windows\system32\ntdll.dll
2013-09-12 15:43:36 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2013-09-12 15:43:36 ----A---- C:\Windows\system32\KernelBase.dll
2013-09-12 15:43:35 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2013-09-12 15:43:35 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2013-09-12 15:43:35 ----A---- C:\Windows\system32\wow64.dll
2013-09-12 15:43:35 ----A---- C:\Windows\system32\smss.exe
2013-09-12 15:43:35 ----A---- C:\Windows\system32\kernel32.dll
2013-09-12 15:43:34 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2013-09-12 15:43:34 ----A---- C:\Windows\system32\wow64win.dll
2013-09-12 15:43:34 ----A---- C:\Windows\system32\wow64cpu.dll
2013-09-12 15:43:34 ----A---- C:\Windows\system32\winsrv.dll
2013-09-12 15:43:34 ----A---- C:\Windows\system32\ntvdm64.dll
2013-09-12 15:43:34 ----A---- C:\Windows\system32\csrsrv.dll
2013-09-12 15:43:34 ----A---- C:\Windows\system32\conhost.exe
2013-09-12 15:43:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 15:43:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 15:43:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-12 15:43:33 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-12 15:43:33 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 15:43:33 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-12 15:43:33 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 15:43:33 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 15:43:33 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 15:43:33 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 15:43:33 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-12 15:43:33 ----A---- C:\Windows\SYSWOW64\wow32.dll
2013-09-12 15:43:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 15:43:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-12 15:43:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 15:43:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 15:43:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 15:43:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 15:43:32 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 15:43:32 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-12 15:43:32 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 15:43:32 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 15:43:32 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 15:43:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 15:43:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 15:43:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 15:43:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 15:43:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-12 15:43:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 15:43:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 15:43:31 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 15:43:31 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 15:43:31 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 15:43:31 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 15:43:31 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-12 15:43:31 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 15:43:31 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 15:43:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-12 15:43:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 15:43:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 15:43:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 15:43:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 15:43:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 15:43:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 15:43:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 15:43:30 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 15:43:30 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 15:43:30 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 15:43:30 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 15:43:30 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 15:43:30 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 15:43:30 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 15:43:29 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-12 15:43:29 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 15:43:29 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-12 15:43:29 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 15:43:29 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-12 15:43:29 ----A---- C:\Windows\SYSWOW64\setup16.exe
2013-09-12 15:43:28 ----A---- C:\Windows\SYSWOW64\user.exe
2013-09-12 15:43:28 ----A---- C:\Windows\SYSWOW64\instnm.exe
2013-09-12 15:43:28 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2013-09-12 15:43:28 ----A---- C:\Windows\system32\apisetschema.dll
2013-09-12 15:43:25 ----A---- C:\Windows\system32\shell32.dll
2013-09-12 15:43:24 ----A---- C:\Windows\SYSWOW64\shell32.dll
2013-09-12 15:43:23 ----A---- C:\Windows\SYSWOW64\shdocvw.dll
2013-09-12 15:43:23 ----A---- C:\Windows\system32\shdocvw.dll
2013-09-12 15:43:21 ----A---- C:\Windows\system32\drivers\ataport.sys
2013-09-12 15:43:20 ----A---- C:\Windows\system32\win32k.sys
2013-09-12 14:48:07 ----A---- C:\Windows\mp3tageditor.INI
2013-09-12 14:12:53 ----D---- C:\Program Files (x86)\Reezaa MP3 Tag Editor
2013-09-10 17:32:24 ----D---- C:\Program Files (x86)\Citrix
2013-09-09 14:54:00 ----D---- C:\Program Files (x86)\Xenu
2013-09-09 11:20:41 ----D---- C:\Program Files (x86)\Mozilla Firefox

======List of files/folders modified in the last 1 month======

2013-09-27 14:51:21 ----D---- C:\Windows\Prefetch
2013-09-27 14:51:08 ----RD---- C:\Program Files
2013-09-27 14:50:44 ----D---- C:\Windows\Temp
2013-09-27 14:47:40 ----D---- C:\Users\vlczak\AppData\Roaming\ViberPC
2013-09-27 14:46:10 ----D---- C:\Windows\System32
2013-09-27 14:43:06 ----HD---- C:\ProgramData
2013-09-27 14:43:06 ----D---- C:\Windows
2013-09-27 14:40:49 ----D---- C:\Windows\inf
2013-09-27 14:40:49 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-09-27 14:38:42 ----D---- C:\Users\vlczak\AppData\Roaming\DAEMON Tools Lite
2013-09-27 14:37:42 ----D---- C:\Windows\system32\drivers
2013-09-27 14:37:42 ----D---- C:\Windows\system32\catroot
2013-09-27 14:37:41 ----D---- C:\Windows\system32\DriverStore
2013-09-27 14:37:36 ----SHD---- C:\System Volume Information
2013-09-27 14:36:49 ----RD---- C:\Program Files (x86)
2013-09-27 14:03:00 ----D---- C:\Users\vlczak\AppData\Roaming\Skype
2013-09-27 13:53:16 ----SHD---- C:\Windows\Installer
2013-09-27 13:53:15 ----SHD---- C:\Config.Msi
2013-09-27 11:32:14 ----D---- C:\Program Files\WinSCP
2013-09-27 09:18:52 ----D---- C:\Windows\SYSWOW64\drivers
2013-09-27 08:20:04 ----D---- C:\Windows\debug
2013-09-27 08:17:57 ----D---- C:\Windows\SysWOW64
2013-09-27 08:06:33 ----D---- C:\Windows\system32\Tasks
2013-09-26 21:52:50 ----D---- C:\Users\vlczak\AppData\Roaming\Winamp
2013-09-26 21:52:50 ----D---- C:\Users\vlczak\AppData\Roaming\TS3Client
2013-09-26 21:36:06 ----D---- C:\Windows\Panther
2013-09-26 21:36:05 ----D---- C:\Windows\Logs
2013-09-26 21:35:40 ----D---- C:\Program Files (x86)\Common Files
2013-09-26 21:06:07 ----D---- C:\Windows\system32\config
2013-09-19 21:00:55 ----D---- C:\Windows\system32\catroot2
2013-09-19 08:20:24 ----D---- C:\Users\vlczak\AppData\Roaming\Mozilla
2013-09-16 21:33:52 ----D---- C:\Program Files (x86)\Universal Adb Driver
2013-09-14 13:50:25 ----D---- C:\Windows\rescache
2013-09-14 10:02:48 ----D---- C:\Windows\Microsoft.NET
2013-09-12 22:02:46 ----RSD---- C:\Windows\assembly
2013-09-12 18:33:03 ----D---- C:\Windows\winsxs
2013-09-12 18:32:14 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-12 18:31:30 ----D---- C:\Program Files\Internet Explorer
2013-09-12 18:31:30 ----D---- C:\Program Files (x86)\Internet Explorer
2013-09-12 18:31:29 ----D---- C:\Windows\SYSWOW64\cs-CZ
2013-09-12 18:31:29 ----D---- C:\Windows\system32\cs-CZ
2013-09-12 18:31:29 ----D---- C:\Windows\AppPatch
2013-09-12 15:50:12 ----D---- C:\Windows\system32\MRT
2013-09-12 15:46:36 ----D---- C:\ProgramData\Microsoft Help
2013-09-11 11:10:13 ----D---- C:\Users\vlczak\AppData\Roaming\WinRAR
2013-09-11 08:39:39 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2013-09-09 10:57:25 ----SD---- C:\Users\vlczak\AppData\Roaming\Microsoft
2013-09-03 21:12:43 ----D---- C:\xampp
2013-09-01 17:08:54 ----A---- C:\Windows\system32\MRT.exe
2013-08-31 14:18:36 ----D---- C:\Windows\system32\NDF

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel RAID Controller; C:\Windows\system32\drivers\iaStor.sys [2012-05-30 569152]
R0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2012-02-27 16152]
R0 LHDmgr;LHDmgr; C:\Windows\System32\DRIVERS\LhdX64.sys [2013-07-03 39008]
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2013-06-18 247216]
R0 nvpciflt;nvpciflt; C:\Windows\system32\DRIVERS\nvpciflt.sys [2013-06-21 30496]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-09-27 283200]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2013-06-18 139616]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver; C:\Windows\system32\DRIVERS\AcpiVpc.sys [2013-07-03 30816]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2012-12-14 5353888]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]
R3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hub.sys [2012-02-27 356120]
R3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2012-02-27 788760]
R3 LAD;Lenovo AOAC Driver; C:\Windows\system32\DRIVERS\LAD.sys [2012-01-13 8192]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2012-07-17 62784]
R3 NETwNs64;___ Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows 7 64 Bit; C:\Windows\system32\DRIVERS\NETwNs64.sys [2011-12-01 11417088]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2013-05-14 39712]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 565352]
R3 SSCBFS3;SugarSync CallBack File System driver v3; C:\Windows\system32\DRIVERS\sscbfs3.sys [2013-01-30 347904]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2011-11-10 401456]
R3 tap0901;TAP-Win32 Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2011-07-01 31232]
R3 vuhub;Virtual Usb Hub; C:\Windows\system32\DRIVERS\vuhub.sys [2007-12-17 47616]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 WinUsb;Android USB Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-11 65640]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2011-12-08 618256]
R2 LenovoSmartConnectService;LenovoSmartConnectService; C:\Program Files (x86)\Lenovo\Lenovo Smart Update\LenovoSmartConnectService.exe [2012-02-20 66608]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-06-20 23808]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-07-27 14984480]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-06-21 884512]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-07-27 1889568]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2011-12-08 148752]
R2 TeamViewer8;TeamViewer 8; C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-07-08 4153184]
R2 UsbService;ASUS Virtual MFP Service; C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe [2010-02-11 326144]
R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2011-12-08 594704]
R3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-06-20 366600]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-03 116648]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-06-21 162408]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-11 257416]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2012-12-14 277616]
S3 FlexNet Licensing Service;FlexNet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2013-09-25 1064752]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-03 116648]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe []
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-12-08 273168]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 OpenVPNService;OpenVPN Service; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [2011-07-01 14848]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-07-05 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

Zdravim

Tam toho jeste je

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane
Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill iExplore.exe:
http://download.bleepingcomputer.com/gr ... xplore.exe

Rkill uSeRiNiT.exe:
http://download.bleepingcomputer.com/gr ... eRiNiT.exe

Rkill WiNlOgOn.exe:
http://download.bleepingcomputer.com/gr ... NlOgOn.exe
Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
Na plose vznikne log Rkill.txt ten mi sem vlozte
Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Díky za pomoc.

Rkill proběhl:

Rkill 2.6.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/27/2013 04:36:49 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Users\vlczak\AppData\Local\Viber\Viber.exe (PID: 3816) [UP-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

1 out of 1 HOSTS entries shown.
Please review HOSTS file for further entries.

Program finished at: 09/27/2013 04:37:03 PM
Execution time: 0 hours(s), 0 minute(s), and 13 seconds(s)

Po spuštění CF (jako správce) proběhlo rozbalování souborů (asi 15 vteřin) a pak mi vyskočila hláška, která ukončila chod programu:
"Do not run ComboFix in Compatibility Mode. Doing so may damage the machine."
Obrázek

Spustte tedy CF jen dvojklikem, pripadne jej zkuste spustit v nouzovem rezimu

Dvojklik nepomohl, ani nouzový režim s dvojklikem ani jako správce. Stále stejná hláška

Nemate tam nastavene spousteni v rezimu kompatibility

Kdepak

Googlím, zkouším, ale stále to samé

Stahnete FRST 64-bit version z teto stranky http://www.bleepingcomputer.com/downloa ... scan-tool/ a ulozte na plochu, ale nespoustejte

Stahnete si FRSTLauncher http://vyosek.ic.cz/pro_usery/FRSTLauncher.exe

Po spuštění FRSTLauncheru dojde inicializaci FRST

Po spuštění FRST odsouhlasíme licenční podmínky kliknutím na [Ano].
Dooznačíme položku Addition.txt - viz obrázek.
Klikneme na tlačítko [Scan], čímž spustíme skenování.
Počkáme na dokončení skenování FRST a vytvoření doplňkových informací naší nástavbou.
Otevře se nám textový soubor FRST.txt, což je požadovaný log a jehož obsah vložíme do svého tématu na fóru.
Po uzavření logu se FRSTLauncher ukončí a na Ploše nám zbyde utilita FRST a dva logy - FRST.txt a Addition.txt - nic z toho zatím nemažeme!

Log FRST.txt vložíme do tématu, log Addition.txt můžete zabalit do archivu (RAR,ZIP...) a dát přílohy svého příspěvku.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-09-2013
Ran by vlczak (administrator) on VLCZAK-PC on 27-09-2013 19:26:55
Running from C:\Users\vlczak\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Update\LenovoSmartConnectService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
() C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(SugarSync, Inc.) C:\Program Files (x86)\SugarSync\SugarSync.exe
(Zdenek Horak) C:\Program Files (x86)\Fii\Fii.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\vlczak\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8069024 2013-07-03] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6201248 2013-07-03] (Lenovo(beijing) Limited)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2847016 2011-11-10] (Synaptics Incorporated)
HKLM\...\Run: [SynLenovoGestureMgr] - C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [408872 2011-11-10] (Synaptics)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-07-27] (NVIDIA Corporation)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-06-20] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Viber] - C:\Users\vlczak\AppData\Local\Viber\Viber.exe [906240 2013-05-08] ()
HKCU\...\Run: [SugarSync] - C:\Program Files (x86)\SugarSync\SugarSync.exe [12419424 2013-06-26] (SugarSync, Inc.)
HKCU\...\Run: [Fii] - C:\Program Files (x86)\Fii\Fii.exe [100864 2013-08-09] (Zdenek Horak)
HKCU\...\Run: [Google Update] - C:\Users\vlczak\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-07-13] (Google Inc.)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll, C:\PROGRA~1\NVIDIA~2\NVSTRE~1\rxinput.dll [653600 2013-07-27] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll, C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll [593696 2013-07-27] (NVIDIA Corporation)
SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\system32\SSCbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\SysWOW64\SSCbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.cz
FF NetworkProxy: "backup.ftp", "80.255.0.235"
FF NetworkProxy: "backup.ftp_port", 3128
FF NetworkProxy: "backup.socks", "80.255.0.235"
FF NetworkProxy: "backup.socks_port", 3128
FF NetworkProxy: "backup.ssl", "80.255.0.235"
FF NetworkProxy: "backup.ssl_port", 3128
FF NetworkProxy: "ftp", "212.144.254.122"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "212.144.254.122"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "212.144.254.122"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "212.144.254.122"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\vlczak\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\vlczak\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\vlczak\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\vlczak\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\vlczak\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\vlczak\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @zoom.us/ZoomVideoPlugin - C:\Users\vlczak\AppData\Roaming\Zoom\bin\npzoomplugin.dll (Zoom Video Communications, Inc.)
FF SearchPlugin: C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\searchplugins\alexa.xml
FF SearchPlugin: C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\searchplugins\goosh.xml
FF SearchPlugin: C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\searchplugins\pixmac-celebrity-search.xml
FF SearchPlugin: C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\searchplugins\pixmac-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: No Name - C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\Extensions\cookiemgr@jayapal.com
FF Extension: Český slovník pro kontrolu pravopisu - C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\Extensions\cs@dictionaries.addons.mozilla.org
FF Extension: SpiderPic Firefox Extension - C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\Extensions\extension@spiderpic.com
FF Extension: Firesheep - C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\Extensions\firesheep@codebutler.com
FF Extension: Rank Checker - C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\Extensions\jklir@volny.cz
FF Extension: Noia 2.0 eXtreme OPT - C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\Extensions\noia2_option@kk.noia
FF Extension: Cooliris - C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\Extensions\piclens@cooliris.com
FF Extension: pdfit - C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\Extensions\service@touchpdf.com
FF Extension: Sxipper - C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\Extensions\sxipper@sxip.com
FF Extension: Microsoft .NET Framework Assistant - C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: SEO Link Analysis - C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\Extensions\{2c7bf5d2-2002-4912-95b2-7c2ee8a9ce7c}
FF Extension: Html Validator - C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\Extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}
FF Extension: AddThis - C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\Extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
FF Extension: ColorZilla - C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
FF Extension: Просмотр HTTP заголовков - C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
FF Extension: Noia 2.0 (eXtreme) - C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\Extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
FF Extension: Web Developer - C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF Extension: SearchStatus - C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\Extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
FF Extension: Page Speed - C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\Extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
FF Extension: User Agent Switcher - C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
FF Extension: HttpRequester - C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\Extensions\{ea4637dc-e014-4c17-9c2c-879322d23268}
FF Extension: firebug - C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\Extensions\firebug@software.joehewitt.com.xpi
FF Extension: highlight-elements_selenium-ide - C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\Extensions\highlight-elements_selenium-ide@Samit.Badle.xpi
FF Extension: NoiaFoxoption - C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\Extensions\NoiaFoxoption@davidvincent.tld.xpi
FF Extension: seo - C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\Extensions\seo@profesional.xpi
FF Extension: SQLiteManager - C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\Extensions\SQLiteManager@mrinalkant.blogspot.com.xpi
FF Extension: togglepersona - C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\Extensions\togglepersona@davidvincent.tld.xpi
FF Extension: wavetoolbar - C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\Extensions\wavetoolbar@webaim.org.xpi
FF Extension: No Name - C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\Extensions\{7b90e860-5d61-11e0-80e3-0800200c9a66}.xpi
FF Extension: No Name - C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\Extensions\{cf15270e-cf08-4def-b4ea-6a5ac23f3bca}.xpi
FF Extension: No Name - C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\Extensions\{db0832f2-613f-4afb-8b6a-155fe76eb32e}.xpi
FF Extension: No Name - C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF Extension: No Name - C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\Extensions\{eecba28f-b68b-4b3a-b501-6ce12e6b8696}.xpi
FF Extension: No Name - C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\Extensions\{F5DDF39C-9293-4d5e-9AA8-E04E6DD5E9B4}.xpi

Chrome:
=======
CHR HomePage: hxxp://www.google.cz/
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll No File
CHR Extension: (SEO Profesional Toolbar) - C:\Users\vlczak\AppData\Local\Google\Chrome\User Data\Default\Extensions\adecfhccdknoobplgempjhbojlbpahhn\1.3.0_0
CHR Extension: (Dev HTTP Client) - C:\Users\vlczak\AppData\Local\Google\Chrome\User Data\Default\Extensions\aejoelaoggembcahagimdiliamlcdmfm\0.6.9.12_0
CHR Extension: (SEOquake) - C:\Users\vlczak\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc\1.0.17.1_0
CHR Extension: (Google Docs) - C:\Users\vlczak\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\vlczak\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (MindMeister) - C:\Users\vlczak\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdehgigffdnkjpaindemkaniebfaepjm\2.1.1_0
CHR Extension: (Teambox Notifier) - C:\Users\vlczak\AppData\Local\Google\Chrome\User Data\Default\Extensions\blfkecebibijeelilkopkpjciolpllka\1.1.3_0
CHR Extension: (YouTube) - C:\Users\vlczak\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Solitaire) - C:\Users\vlczak\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpebaehgfgkcmmjjknibibbjacnplim\1.4.4_0
CHR Extension: (Alexa Traffic Rank) - C:\Users\vlczak\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel\3.1_0
CHR Extension: (Google Search) - C:\Users\vlczak\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Tampermonkey) - C:\Users\vlczak\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\3.4.3568.10_0
CHR Extension: (Edit This Cookie) - C:\Users\vlczak\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg\1.2.1_0
CHR Extension: (XML Tree) - C:\Users\vlczak\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbammbheopgpmaagmckhpjbfgdfkpadb\1.9.2.1_0
CHR Extension: (PDFescape Free PDF Editor) - C:\Users\vlczak\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdefoklganepljiopdnglodohlgfikkl\0.21_0
CHR Extension: (MagicScroll eBook Reader) - C:\Users\vlczak\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgnmgfdoiplfmhgghbmlphanpfmjble\3.0_0
CHR Extension: (PageRank Status) - C:\Users\vlczak\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdkkfheckcdppiaiabobmennhijkknn\8.4.0.0_0
CHR Extension: (Rank Checker) - C:\Users\vlczak\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnhleeodcddckbbnpedmkkcpbhffpolb\1.9.0_0
CHR Extension: (Tag Assistant (by Google)) - C:\Users\vlczak\AppData\Local\Google\Chrome\User Data\Default\Extensions\kejbdjndbnbjgmefkgdddjlbokphdefk\0.9.37_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\vlczak\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Docs PDF/PowerPoint Viewer (by Google)) - C:\Users\vlczak\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn\3.10_0
CHR Extension: (Pivotal Tracker Mod) - C:\Users\vlczak\AppData\Local\Google\Chrome\User Data\Default\Extensions\obbaadmlojgojbjjfhcahfjncnmpbefk\1.0.1_0
CHR Extension: (Gmail) - C:\Users\vlczak\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR Extension: (Majestic SEO Backlink Analyzer) - C:\Users\vlczak\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnmjaflneibolacpepklokkjnakmikmg\1.0_0

==================== Services (Whitelisted) =================

R2 LenovoSmartConnectService; C:\Program Files (x86)\Lenovo\Lenovo Smart Update\LenovoSmartConnectService.exe [66608 2012-02-20] (Lenovo)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-06-20] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-06-20] (Microsoft Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14984480 2013-07-27] (NVIDIA Corporation)
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [14848 2011-07-01] ()
R2 UsbService; C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe [326144 2010-02-11] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

R3 LAD; C:\Windows\System32\DRIVERS\LAD.sys [8192 2012-01-13] (TODO: <Company name>)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39712 2013-05-14] (NVIDIA Corporation)
R3 SSCBFS3; C:\Windows\System32\DRIVERS\sscbfs3.sys [347904 2013-01-30] (EldoS Corporation)
R3 vuhub; C:\Windows\System32\DRIVERS\vuhub.sys [47616 2007-12-17] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-09-27 19:26 - 2013-09-27 19:26 - 00000000 ____D C:\FRST
2013-09-27 19:26 - 2013-09-27 17:12 - 00014527 _____ C:\Users\vlczak\Desktop\LM.bat
2013-09-27 19:25 - 2013-09-27 19:25 - 01953854 _____ (Farbar) C:\Users\vlczak\Desktop\FRST64.exe
2013-09-27 19:25 - 2013-09-27 19:25 - 00268550 _____ (forum.viry.cz) C:\Users\vlczak\Desktop\FRSTLauncher.exe
2013-09-27 19:16 - 2013-09-27 19:16 - 00179968 _____ (Kaspersky Lab) C:\Users\vlczak\Desktop\kss12.0.1.117mlg_en_ru_fr_de.exe
2013-09-27 18:59 - 2013-09-27 19:00 - 27771840 _____ (SUPERAntiSpyware) C:\Users\vlczak\Desktop\SUPERAntiSpyware.exe
2013-09-27 18:46 - 2013-09-27 18:46 - 00003536 ____N C:\bootsqm.dat
2013-09-27 18:44 - 2013-09-27 18:44 - 00000000 __SHD C:\found.001
2013-09-27 14:51 - 2013-09-27 14:51 - 00000000 ____D C:\rsit
2013-09-27 14:51 - 2013-09-27 14:51 - 00000000 ____D C:\Program Files\trend micro
2013-09-27 14:50 - 2013-09-27 14:50 - 00935175 _____ C:\Users\vlczak\Desktop\RSITx64.exe
2013-09-27 14:49 - 2013-09-27 15:53 - 131918888 _____ C:\Users\vlczak\Desktop\avast_free_antivirus_setup.exe
2013-09-27 14:44 - 2013-09-27 14:46 - 00000000 ____D C:\AdwCleaner
2013-09-27 14:43 - 2013-09-27 14:43 - 00000031 _____ C:\Windows\¨@‚
2013-09-27 14:43 - 2013-09-27 14:43 - 00000000 ____D C:\ProgramData\Weskysoft
2013-09-27 14:42 - 2013-09-27 14:43 - 01042066 _____ C:\Users\vlczak\Desktop\adwcleaner.exe
2013-09-27 14:25 - 2013-09-27 14:25 - 00000000 ____D C:\Program Files (x86)\DLLSuite
2013-09-27 14:11 - 2013-09-27 18:47 - 00004172 _____ C:\Users\vlczak\Desktop\Rkill.txt
2013-09-27 14:11 - 2013-09-27 14:11 - 00000000 ____D C:\Users\vlczak\Desktop\rkill
2013-09-27 14:10 - 2013-09-27 14:10 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\vlczak\Desktop\rkill.com
2013-09-27 14:03 - 2013-09-27 18:48 - 00000000 ___SD C:\32788R22FWJFW
2013-09-27 14:03 - 2013-09-27 14:03 - 00000000 ____D C:\Windows\erdnt
2013-09-27 14:02 - 2013-09-27 14:02 - 05129766 ____R (Swearware) C:\Users\vlczak\Desktop\ComboFix.exe
2013-09-27 08:34 - 2013-09-27 08:34 - 00000000 ____D C:\Users\vlczak\AppData\Roaming\Malwarebytes
2013-09-27 08:34 - 2013-09-27 08:34 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-27 08:18 - 2013-09-27 08:19 - 21743240 _____ (Microsoft Corporation) C:\Users\vlczak\Desktop\Windows-KB890830-x64-V5.4.exe
2013-09-27 08:17 - 2010-04-06 10:52 - 31971272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
2013-09-26 22:37 - 2013-09-27 18:46 - 00001008 _____ C:\Windows\setupact.log
2013-09-26 22:37 - 2013-09-26 22:37 - 00000000 _____ C:\Windows\setuperr.log
2013-09-26 21:38 - 2013-09-26 21:38 - 00000000 _____ C:\autoexec.bat
2013-09-26 21:37 - 2013-09-26 21:37 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-09-26 21:35 - 2013-09-27 08:06 - 00000000 ____D C:\Windows\037F8C0EE8E1408FABB4FC4ABF947E1B.TMP
2013-09-26 10:05 - 2013-09-26 10:05 - 00000000 ____D C:\Program Files (x86)\MySQL
2013-09-25 20:59 - 2013-09-26 09:54 - 00000156 _____ C:\Windows\ODBC.INI
2013-09-25 20:37 - 2013-09-26 10:05 - 00000493 _____ C:\Windows\ODBCINST.INI
2013-09-25 20:37 - 2013-09-25 20:37 - 00000000 ____D C:\Program Files\MySQL
2013-09-25 20:33 - 2013-09-25 20:33 - 00000000 ____D C:\Program Files (x86)\psqlODBC
2013-09-25 20:26 - 2013-09-25 20:26 - 00000000 ____D C:\Users\vlczak\Documents\My Tableau Repository
2013-09-25 20:26 - 2013-09-25 20:26 - 00000000 ____D C:\ProgramData\FLEXnet
2013-09-25 20:25 - 2013-09-25 20:25 - 00000000 ____D C:\Program Files (x86)\Tableau
2013-09-24 12:59 - 2013-09-24 12:59 - 00003941 _____ C:\Users\vlczak\AppData\Local\recently-used.xbel
2013-09-24 10:10 - 2013-09-24 10:10 - 00000000 ____D C:\Users\vlczak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uTorrent
2013-09-23 14:33 - 2013-09-23 14:34 - 03301129 _____ C:\Users\vlczak\Desktop\moravcovah1-130923071050-phpapp02.pptx
2013-09-19 15:13 - 2013-09-19 15:35 - 00119966 _____ C:\Users\vlczak\Desktop\p5-com-download-da2673af-948f-433b-94da-9f659c19c2a7.csv
2013-09-19 14:54 - 2013-09-19 14:54 - 00123884 _____ C:\Users\vlczak\Desktop\stock-footage-download-06b25483-41b9-46ab-8faa-6bf89fc297e1.csv
2013-09-13 14:42 - 2013-09-13 14:51 - 00050601 _____ C:\Users\vlczak\Desktop\P5 SEO dashboard.xlsx
2013-09-12 16:31 - 2013-09-13 10:17 - 00024186 _____ C:\Users\vlczak\Desktop\CCN.xlsx
2013-09-12 15:50 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 15:50 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 15:50 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-12 15:50 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 15:50 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 15:50 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 15:50 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 15:50 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-12 15:50 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 15:50 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-12 15:50 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 15:50 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-12 15:50 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-12 15:50 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-12 15:50 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-12 15:50 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-12 15:50 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-12 15:50 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-12 15:50 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-12 15:50 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-12 15:50 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-12 15:50 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-12 15:50 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-12 15:50 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-12 15:50 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-12 15:50 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-12 15:50 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-12 15:50 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 15:50 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-12 15:50 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-12 15:50 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-12 15:43 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-12 15:43 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-12 15:43 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-12 15:43 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-12 15:43 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-12 15:43 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-12 15:43 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-12 15:43 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-12 15:43 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-12 15:43 - 2013-08-02 04:13 - 01161216 _____ C:\Windows\system32\kernel32.dll
2013-09-12 15:43 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-12 15:43 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-12 15:43 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-12 15:43 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-12 15:43 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-12 15:43 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 15:43 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 15:43 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 15:43 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 15:43 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 15:43 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 15:43 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 15:43 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 15:43 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 15:43 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 15:43 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 15:43 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 15:43 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 15:43 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 15:43 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-12 15:43 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-12 15:43 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 15:43 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-12 15:43 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 15:43 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 15:43 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 15:43 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 15:43 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 15:43 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 15:43 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 15:43 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-12 15:43 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-12 15:43 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-12 15:43 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-12 15:43 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-12 15:43 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-12 15:43 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-12 15:43 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-12 15:43 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-12 15:43 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 15:43 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 15:43 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 15:43 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 15:43 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 15:43 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 15:43 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 15:43 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 15:43 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 15:43 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 15:43 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 15:43 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 15:43 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-12 15:43 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 15:43 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 15:43 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-12 15:43 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 15:43 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 15:43 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 15:43 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 15:43 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 15:43 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 15:43 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-12 15:43 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-12 15:43 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-12 15:43 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-12 15:43 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-12 15:43 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-12 15:43 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-12 15:43 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-12 15:43 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 15:43 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 15:43 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-12 15:43 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-12 15:43 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-12 15:43 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-12 15:43 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-12 14:48 - 2013-09-16 11:57 - 00000529 _____ C:\Windows\mp3tageditor.INI
2013-09-12 14:12 - 2013-09-12 14:32 - 00000000 ____D C:\Program Files (x86)\Reezaa MP3 Tag Editor
2013-09-10 17:32 - 2013-09-10 17:32 - 00000000 ____D C:\Program Files (x86)\Citrix
2013-09-10 17:31 - 2013-09-10 17:31 - 00000000 ____D C:\Users\vlczak\AppData\Local\Citrix
2013-09-10 13:03 - 2013-09-10 13:05 - 00000000 ____D C:\Users\vlczak\Desktop\Reality DB_files
2013-09-09 14:54 - 2013-09-09 14:54 - 00000000 ____D C:\Program Files (x86)\Xenu
2013-09-09 11:22 - 2013-09-09 11:22 - 00000000 ____D C:\Users\vlczak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google AdWords Editor
2013-09-09 11:20 - 2013-09-27 08:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-01 13:58 - 2013-09-01 13:58 - 08229864 _____ C:\Users\vlczak\Desktop\geoip.csv
2013-08-28 14:47 - 2013-08-28 14:47 - 02663631 _____ C:\Users\vlczak\Desktop\Global Pages.pptx
2013-08-28 14:47 - 2013-08-28 14:47 - 00030525 _____ C:\Users\vlczak\Desktop\Global Pages setup.xlsx

==================== One Month Modified Files and Folders =======

2013-09-27 19:26 - 2013-09-27 19:26 - 00000000 ____D C:\FRST
2013-09-27 19:25 - 2013-09-27 19:25 - 01953854 _____ (Farbar) C:\Users\vlczak\Desktop\FRST64.exe
2013-09-27 19:25 - 2013-09-27 19:25 - 00268550 _____ (forum.viry.cz) C:\Users\vlczak\Desktop\FRSTLauncher.exe
2013-09-27 19:16 - 2013-09-27 19:16 - 00179968 _____ (Kaspersky Lab) C:\Users\vlczak\Desktop\kss12.0.1.117mlg_en_ru_fr_de.exe
2013-09-27 19:08 - 2013-07-03 22:34 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-27 19:04 - 2013-07-18 14:59 - 00000966 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1092485543-279616468-1922850246-1000UA.job
2013-09-27 19:00 - 2013-09-27 18:59 - 27771840 _____ (SUPERAntiSpyware) C:\Users\vlczak\Desktop\SUPERAntiSpyware.exe
2013-09-27 18:54 - 2013-07-03 22:24 - 01429344 _____ C:\Windows\WindowsUpdate.log
2013-09-27 18:54 - 2011-04-12 10:34 - 00666656 _____ C:\Windows\system32\perfh005.dat
2013-09-27 18:54 - 2011-04-12 10:34 - 00140320 _____ C:\Windows\system32\perfc005.dat
2013-09-27 18:54 - 2009-07-14 07:13 - 01577410 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-27 18:53 - 2009-07-14 06:45 - 00022560 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-27 18:53 - 2009-07-14 06:45 - 00022560 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-27 18:48 - 2013-09-27 14:03 - 00000000 ___SD C:\32788R22FWJFW
2013-09-27 18:47 - 2013-09-27 14:11 - 00004172 _____ C:\Users\vlczak\Desktop\Rkill.txt
2013-09-27 18:46 - 2013-09-27 18:46 - 00003536 ____N C:\bootsqm.dat
2013-09-27 18:46 - 2013-09-26 22:37 - 00001008 _____ C:\Windows\setupact.log
2013-09-27 18:46 - 2013-07-04 09:02 - 00000000 ____D C:\Users\vlczak\AppData\Roaming\ViberPC
2013-09-27 18:46 - 2013-07-04 09:02 - 00000000 ____D C:\Users\vlczak\AppData\Local\Viber
2013-09-27 18:46 - 2013-07-03 22:34 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-27 18:46 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-27 18:44 - 2013-09-27 18:44 - 00000000 __SHD C:\found.001
2013-09-27 18:39 - 2013-08-02 09:41 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-27 17:12 - 2013-09-27 19:26 - 00014527 _____ C:\Users\vlczak\Desktop\LM.bat
2013-09-27 15:53 - 2013-09-27 14:49 - 131918888 _____ C:\Users\vlczak\Desktop\avast_free_antivirus_setup.exe
2013-09-27 15:04 - 2013-07-18 14:59 - 00000914 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1092485543-279616468-1922850246-1000Core.job
2013-09-27 14:51 - 2013-09-27 14:51 - 00000000 ____D C:\rsit
2013-09-27 14:51 - 2013-09-27 14:51 - 00000000 ____D C:\Program Files\trend micro
2013-09-27 14:50 - 2013-09-27 14:50 - 00935175 _____ C:\Users\vlczak\Desktop\RSITx64.exe
2013-09-27 14:46 - 2013-09-27 14:44 - 00000000 ____D C:\AdwCleaner
2013-09-27 14:43 - 2013-09-27 14:43 - 00000031 _____ C:\Windows\¨@‚
2013-09-27 14:43 - 2013-09-27 14:43 - 00000000 ____D C:\ProgramData\Weskysoft
2013-09-27 14:43 - 2013-09-27 14:42 - 01042066 _____ C:\Users\vlczak\Desktop\adwcleaner.exe
2013-09-27 14:38 - 2013-07-03 23:00 - 00000000 ____D C:\Users\vlczak\AppData\Roaming\DAEMON Tools Lite
2013-09-27 14:25 - 2013-09-27 14:25 - 00000000 ____D C:\Program Files (x86)\DLLSuite
2013-09-27 14:11 - 2013-09-27 14:11 - 00000000 ____D C:\Users\vlczak\Desktop\rkill
2013-09-27 14:10 - 2013-09-27 14:10 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\vlczak\Desktop\rkill.com
2013-09-27 14:03 - 2013-09-27 14:03 - 00000000 ____D C:\Windows\erdnt
2013-09-27 14:03 - 2013-07-04 09:09 - 00000000 ____D C:\Users\vlczak\AppData\Roaming\Skype
2013-09-27 14:02 - 2013-09-27 14:02 - 05129766 ____R (Swearware) C:\Users\vlczak\Desktop\ComboFix.exe
2013-09-27 13:42 - 2013-07-31 21:35 - 00000600 _____ C:\Users\vlczak\AppData\Roaming\winscp.rnd
2013-09-27 11:32 - 2013-07-31 19:06 - 00000000 ____D C:\Program Files\WinSCP
2013-09-27 08:34 - 2013-09-27 08:34 - 00000000 ____D C:\Users\vlczak\AppData\Roaming\Malwarebytes
2013-09-27 08:34 - 2013-09-27 08:34 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-27 08:19 - 2013-09-27 08:18 - 21743240 _____ (Microsoft Corporation) C:\Users\vlczak\Desktop\Windows-KB890830-x64-V5.4.exe
2013-09-27 08:13 - 2013-09-09 11:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-27 08:06 - 2013-09-26 21:35 - 00000000 ____D C:\Windows\037F8C0EE8E1408FABB4FC4ABF947E1B.TMP
2013-09-26 22:37 - 2013-09-26 22:37 - 00000000 _____ C:\Windows\setuperr.log
2013-09-26 21:52 - 2013-08-08 08:32 - 00000000 ____D C:\Users\vlczak\AppData\Roaming\TS3Client
2013-09-26 21:52 - 2013-07-04 10:21 - 00000000 ____D C:\Users\vlczak\AppData\Roaming\Winamp
2013-09-26 21:38 - 2013-09-26 21:38 - 00000000 _____ C:\autoexec.bat
2013-09-26 21:37 - 2013-09-26 21:37 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-09-26 21:36 - 2013-07-03 23:20 - 00000000 ____D C:\Windows\Panther
2013-09-26 10:05 - 2013-09-26 10:05 - 00000000 ____D C:\Program Files (x86)\MySQL
2013-09-26 10:05 - 2013-09-25 20:37 - 00000493 _____ C:\Windows\ODBCINST.INI
2013-09-26 09:54 - 2013-09-25 20:59 - 00000156 _____ C:\Windows\ODBC.INI
2013-09-26 08:53 - 2013-07-03 23:54 - 00000000 ____D C:\Users\vlczak\AppData\Local\Digsby
2013-09-25 20:37 - 2013-09-25 20:37 - 00000000 ____D C:\Program Files\MySQL
2013-09-25 20:33 - 2013-09-25 20:33 - 00000000 ____D C:\Program Files (x86)\psqlODBC
2013-09-25 20:26 - 2013-09-25 20:26 - 00000000 ____D C:\Users\vlczak\Documents\My Tableau Repository
2013-09-25 20:26 - 2013-09-25 20:26 - 00000000 ____D C:\ProgramData\FLEXnet
2013-09-25 20:25 - 2013-09-25 20:25 - 00000000 ____D C:\Program Files (x86)\Tableau
2013-09-24 20:48 - 2013-07-24 14:40 - 00000600 _____ C:\Users\vlczak\AppData\Local\PUTTY.RND
2013-09-24 12:59 - 2013-09-24 12:59 - 00003941 _____ C:\Users\vlczak\AppData\Local\recently-used.xbel
2013-09-24 12:59 - 2013-07-16 18:39 - 00000000 ____D C:\Users\vlczak\.gimp-2.8
2013-09-24 10:10 - 2013-09-24 10:10 - 00000000 ____D C:\Users\vlczak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uTorrent
2013-09-23 14:34 - 2013-09-23 14:33 - 03301129 _____ C:\Users\vlczak\Desktop\moravcovah1-130923071050-phpapp02.pptx
2013-09-19 15:35 - 2013-09-19 15:13 - 00119966 _____ C:\Users\vlczak\Desktop\p5-com-download-da2673af-948f-433b-94da-9f659c19c2a7.csv
2013-09-19 14:54 - 2013-09-19 14:54 - 00123884 _____ C:\Users\vlczak\Desktop\stock-footage-download-06b25483-41b9-46ab-8faa-6bf89fc297e1.csv
2013-09-19 08:20 - 2013-07-03 23:20 - 00000000 ____D C:\Users\vlczak\AppData\Roaming\Mozilla
2013-09-17 08:35 - 2013-07-18 14:10 - 00000000 ____D C:\Users\vlczak\.android
2013-09-16 21:33 - 2013-07-18 14:22 - 00000000 ____D C:\Program Files (x86)\Universal Adb Driver
2013-09-16 19:35 - 2013-08-26 14:28 - 00000000 ____D C:\Users\vlczak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wugs Nexus Root Tookit
2013-09-16 11:57 - 2013-09-12 14:48 - 00000529 _____ C:\Windows\mp3tageditor.INI
2013-09-14 13:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-09-13 14:51 - 2013-09-13 14:42 - 00050601 _____ C:\Users\vlczak\Desktop\P5 SEO dashboard.xlsx
2013-09-13 10:17 - 2013-09-12 16:31 - 00024186 _____ C:\Users\vlczak\Desktop\CCN.xlsx
2013-09-12 18:33 - 2013-07-03 22:25 - 00000000 ___RD C:\Users\vlczak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-12 18:33 - 2013-07-03 22:25 - 00000000 ___RD C:\Users\vlczak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-12 18:32 - 2013-07-03 23:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-12 18:32 - 2009-07-14 06:45 - 00355040 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-12 15:50 - 2013-07-16 08:24 - 00000000 ____D C:\Windows\system32\MRT
2013-09-12 15:46 - 2013-07-03 23:03 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-12 14:32 - 2013-09-12 14:12 - 00000000 ____D C:\Program Files (x86)\Reezaa MP3 Tag Editor
2013-09-11 11:10 - 2013-07-04 10:47 - 00000000 ____D C:\Users\vlczak\AppData\Roaming\WinRAR
2013-09-11 08:39 - 2013-08-02 09:41 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-11 08:39 - 2013-08-02 09:41 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-11 08:39 - 2013-08-02 09:41 - 00003852 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-10 18:29 - 2013-07-04 09:43 - 00000000 ____D C:\Users\vlczak\AppData\Local\SugarSync
2013-09-10 17:32 - 2013-09-10 17:32 - 00000000 ____D C:\Program Files (x86)\Citrix
2013-09-10 17:31 - 2013-09-10 17:31 - 00000000 ____D C:\Users\vlczak\AppData\Local\Citrix
2013-09-10 13:05 - 2013-09-10 13:03 - 00000000 ____D C:\Users\vlczak\Desktop\Reality DB_files
2013-09-09 14:54 - 2013-09-09 14:54 - 00000000 ____D C:\Program Files (x86)\Xenu
2013-09-09 11:22 - 2013-09-09 11:22 - 00000000 ____D C:\Users\vlczak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google AdWords Editor
2013-09-03 21:12 - 2012-08-24 14:10 - 00000000 ____D C:\xampp
2013-09-01 17:08 - 2013-07-05 14:43 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-01 13:58 - 2013-09-01 13:58 - 08229864 _____ C:\Users\vlczak\Desktop\geoip.csv
2013-08-31 14:18 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-28 14:47 - 2013-08-28 14:47 - 02663631 _____ C:\Users\vlczak\Desktop\Global Pages.pptx
2013-08-28 14:47 - 2013-08-28 14:47 - 00030525 _____ C:\Users\vlczak\Desktop\Global Pages setup.xlsx

Some content of TEMP:
====================
C:\Users\vlczak\AppData\Local\Temp\bitool.dll
C:\Users\vlczak\AppData\Local\Temp\Quarantine.exe
C:\Users\vlczak\AppData\Local\Temp\SHSetup.exe
C:\Users\vlczak\AppData\Local\Temp\temp~.DLL
C:\Users\vlczak\AppData\Local\Temp\temp~.EXE

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-09-21 10:01

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:147.03 GB) (Free:40.97 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: () (Fixed) (Total:506.41 GB) (Free:82.24 GB) NTFS
Drive e: (LENOVO) (Fixed) (Total:25.47 GB) (Free:21.9 GB) NTFS
Drive s: (SugarSync Drive) (Fixed) (Total:7.38 GB) (Free:2.22 GB) FAT32

Available physical RAM: 4868.88 MB
Total physical RAM: 8053.2 MB
Percentage of memory in use: 39%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 8 GB) (Disk ID: A8361830)
Partition 1: (Not Active) - (Size=8 GB) - (Type=84)
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: A8361834)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=147 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=19 GB) - (Type=12)
Partition 4: (Not Active) - (Size=532 GB) - (Type=OF Extended)

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1092485543-279616468-1922850246-1000Core.job => C:\Users\vlczak\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1092485543-279616468-1922850246-1000UA.job => C:\Users\vlczak\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================

==================== Security Center ==================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smart Update
C:\Program Files (x86)\Lenovo\Lenovo Smart Update\SmartUpdate.exe -autorun [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x0
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================

Tvorba fixlistu pro FRST

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

Start
HKCU\...\Run: [Viber] - C:\Users\vlczak\AppData\Local\Viber\Viber.exe [906240 2013-05-08] ()
HKCU\...\Run: [SugarSync] - C:\Program Files (x86)\SugarSync\SugarSync.exe [12419424 2013-06-26] (SugarSync, Inc.)
HKCU\...\Run: [Fii] - C:\Program Files (x86)\Fii\Fii.exe [100864 2013-08-09] (Zdenek Horak)
HKCU\...\Run: [Google Update] - C:\Users\vlczak\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-07-13] (Google Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

FF NetworkProxy: "backup.ftp", "80.255.0.235"
FF NetworkProxy: "backup.ftp_port", 3128
FF NetworkProxy: "backup.socks", "80.255.0.235"
FF NetworkProxy: "backup.socks_port", 3128
FF NetworkProxy: "backup.ssl", "80.255.0.235"
FF NetworkProxy: "backup.ssl_port", 3128
FF NetworkProxy: "ftp", "212.144.254.122"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "212.144.254.122"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "212.144.254.122"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "212.144.254.122"
FF NetworkProxy: "ssl_port", 3128
FF SearchPlugin: C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\searchplugins\alexa.xml
FF SearchPlugin: C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\searchplugins\goosh.xml
FF SearchPlugin: C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\searchplugins\pixmac-celebrity-search.xml
FF SearchPlugin: C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\searchplugins\pixmac-search.xml
FF Extension: Просмотр HTTP заголовков - C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
FF Extension: SearchStatus - C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\Extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
FF Extension: Page Speed - C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\Extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
FF Extension: wavetoolbar - C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\Extensions\wavetoolbar@webaim.org.xpi
FF Extension: No Name - C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\Extensions\{7b90e860-5d61-11e0-80e3-0800200c9a66}.xpi
FF Extension: No Name - C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\Extensions\{cf15270e-cf08-4def-b4ea-6a5ac23f3bca}.xpi
FF Extension: No Name - C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\Extensions\{db0832f2-613f-4afb-8b6a-155fe76eb32e}.xpi
FF Extension: No Name - C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF Extension: No Name - C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\Extensions\{eecba28f-b68b-4b3a-b501-6ce12e6b8696}.xpi
FF Extension: No Name - C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\Extensions\{F5DDF39C-9293-4d5e-9AA8-E04E6DD5E9B4}.xpi

2013-09-27 19:26 - 2013-09-27 17:12 - 00014527 _____ C:\Users\vlczak\Desktop\LM.bat
2013-09-27 19:16 - 2013-09-27 19:16 - 00179968 _____ (Kaspersky Lab) C:\Users\vlczak\Desktop\kss12.0.1.117mlg_en_ru_fr_de.exe
2013-09-27 18:44 - 2013-09-27 18:44 - 00000000 __SHD C:\found.001
2013-09-27 14:43 - 2013-09-27 14:43 - 00000031 _____ C:\Windows\¨@‚
2013-09-26 21:37 - 2013-09-26 21:37 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-09-26 21:35 - 2013-09-27 08:06 - 00000000 ____D C:\Windows\037F8C0EE8E1408FABB4FC4ABF947E1B.TMP

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1092485543-279616468-1922850246-1000Core.job => C:\Users\vlczak\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1092485543-279616468-1922850246-1000UA.job => C:\Users\vlczak\AppData\Local\Google\Update\GoogleUpdate.exe

REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smart Update" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched" /f

Hosts:
CMD: shutdown /r /f /t 2
End

Ulozte vytvoreny TXT jako fixlist.txt
Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

Kliknete na Fix
Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-09-2013
Ran by vlczak at 2013-09-28 09:36:16 Run:1
Running from C:\Users\vlczak\Desktop
Boot Mode: Safe Mode (with Networking)
==============================================

Content of fixlist:
*****************
Start
HKCU\...\Run: [Viber] - C:\Users\vlczak\AppData\Local\Viber\Viber.exe [906240 2013-05-08] ()
HKCU\...\Run: [SugarSync] - C:\Program Files (x86)\SugarSync\SugarSync.exe [12419424 2013-06-26] (SugarSync, Inc.)
HKCU\...\Run: [Fii] - C:\Program Files (x86)\Fii\Fii.exe [100864 2013-08-09] (Zdenek Horak)
HKCU\...\Run: [Google Update] - C:\Users\vlczak\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-07-13] (Google Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

FF NetworkProxy: "backup.ftp", "80.255.0.235"
FF NetworkProxy: "backup.ftp_port", 3128
FF NetworkProxy: "backup.socks", "80.255.0.235"
FF NetworkProxy: "backup.socks_port", 3128
FF NetworkProxy: "backup.ssl", "80.255.0.235"
FF NetworkProxy: "backup.ssl_port", 3128
FF NetworkProxy: "ftp", "212.144.254.122"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "212.144.254.122"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "212.144.254.122"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "212.144.254.122"
FF NetworkProxy: "ssl_port", 3128
FF SearchPlugin: C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\searchplugins\alexa.xml
FF SearchPlugin: C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\searchplugins\goosh.xml
FF SearchPlugin: C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\searchplugins\pixmac-celebrity-search.xml
FF SearchPlugin: C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\searchplugins\pixmac-search.xml
FF Extension: Просмотр HTTP заголовков - C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
FF Extension: SearchStatus - C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\Extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
FF Extension: Page Speed - C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\Extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
FF Extension: wavetoolbar - C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\Extensions\wavetoolbar@webaim.org.xpi
FF Extension: No Name - C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\Extensions\{7b90e860-5d61-11e0-80e3-0800200c9a66}.xpi
FF Extension: No Name - C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\Extensions\{cf15270e-cf08-4def-b4ea-6a5ac23f3bca}.xpi
FF Extension: No Name - C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\Extensions\{db0832f2-613f-4afb-8b6a-155fe76eb32e}.xpi
FF Extension: No Name - C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF Extension: No Name - C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\Extensions\{eecba28f-b68b-4b3a-b501-6ce12e6b8696}.xpi
FF Extension: No Name - C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\Extensions\{F5DDF39C-9293-4d5e-9AA8-E04E6DD5E9B4}.xpi

2013-09-27 19:26 - 2013-09-27 17:12 - 00014527 _____ C:\Users\vlczak\Desktop\LM.bat
2013-09-27 19:16 - 2013-09-27 19:16 - 00179968 _____ (Kaspersky Lab) C:\Users\vlczak\Desktop\kss12.0.1.117mlg_en_ru_fr_de.exe
2013-09-27 18:44 - 2013-09-27 18:44 - 00000000 __SHD C:\found.001
2013-09-27 14:43 - 2013-09-27 14:43 - 00000031 _____ C:\Windows\¨@‚
2013-09-26 21:37 - 2013-09-26 21:37 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-09-26 21:35 - 2013-09-27 08:06 - 00000000 ____D C:\Windows\037F8C0EE8E1408FABB4FC4ABF947E1B.TMP

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1092485543-279616468-1922850246-1000Core.job => C:\Users\vlczak\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1092485543-279616468-1922850246-1000UA.job => C:\Users\vlczak\AppData\Local\Google\Update\GoogleUpdate.exe

REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smart Update" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched" /f

Hosts:
CMD: shutdown /r /f /t 2
End
*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Viber => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\SugarSync => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Fii => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => Value deleted successfully.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\searchplugins\alexa.xml => Moved successfully.
C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\searchplugins\goosh.xml => Moved successfully.
C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\searchplugins\pixmac-celebrity-search.xml => Moved successfully.
C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\searchplugins\pixmac-search.xml => Moved successfully.
C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} => Moved successfully.
C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\Extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a} => Moved successfully.
C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\Extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97} => Moved successfully.
C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\Extensions\wavetoolbar@webaim.org.xpi => Moved successfully.
C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\Extensions\{7b90e860-5d61-11e0-80e3-0800200c9a66}.xpi => Moved successfully.
C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\Extensions\{cf15270e-cf08-4def-b4ea-6a5ac23f3bca}.xpi => Moved successfully.
C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi => Moved successfully.
C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\Extensions\{db0832f2-613f-4afb-8b6a-155fe76eb32e}.xpi => Moved successfully.
C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi => Moved successfully.
C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\Extensions\{eecba28f-b68b-4b3a-b501-6ce12e6b8696}.xpi => Moved successfully.
C:\Users\vlczak\AppData\Roaming\Mozilla\Firefox\Profiles\lrg2vqjr.default\Extensions\{F5DDF39C-9293-4d5e-9AA8-E04E6DD5E9B4}.xpi => Moved successfully.
"C:\Users\vlczak\Desktop\LM.bat" => File/Directory not found.
C:\Users\vlczak\Desktop\kss12.0.1.117mlg_en_ru_fr_de.exe => Moved successfully.
C:\found.001 => Moved successfully.
C:\Windows\¨@‚ => Moved successfully.
C:\Program Files\Enigma Software Group => Moved successfully.
C:\Windows\037F8C0EE8E1408FABB4FC4ABF947E1B.TMP => Moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1092485543-279616468-1922850246-1000Core.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1092485543-279616468-1922850246-1000UA.job => Moved successfully.

========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smart Update" /f =========

Operace byla dokonźena ŁspŘçnŘ.

========= End of Reg: =========

========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched" /f =========

Operace byla dokonźena ŁspŘçnŘ.

========= End of Reg: =========

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

========= shutdown /r /f /t 2 =========

========= End of CMD: =========

==== End of Fixlog ====

Stahnete Service Repair http://kb.eset.com/library/ESET/KB%20Te ... Repair.exe

Ulozte nejlepe na Plochu
Spustte a potvrdte Yes abyste potvrdil reinstalaci sluzeb
Nasledne kliknutim na Yes potvrdte restart PC
Na Plose vznikne slozka CC Support, najdete tam log SvcRepair.txt - mel by byt CC Support\Logs\SvcRepair.txt - vlozte mi jej sem

Stahnete Farbar Service Scanner http://download.bleepingcomputer.com/farbar/FSS.exe

Ulozte nejlepe na Plochu
U vsech polozek udelejte zatrzitko (tim je oznacite pro skenovani)
Kliknete na Scan
Po dokonceni skenu se objevi log FSS.txt ten sem vlozte

Log Opened: 2013-09-28 @ 11:03:18
11:03:18 - -----------------
11:03:18 - | Begin Logging |
11:03:18 - -----------------
11:03:18 - Fix started on a WIN_7 X64 computer
11:03:18 - Prep in progress. Please Wait.
11:03:19 - Prep complete
11:03:19 - Repairing Services Now. Please wait...
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\BFE.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\SubLayer>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Provider>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\BITS.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Performance>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\iphlpsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo\{FA88062C-9A61-4C1E-AC45-7143F8F01AAD}>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap\{8AD2FB26-F91E-44F1-9B24-3C0AE56C9CE0}>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\IPHTTPS>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Interfaces>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\config>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\MpsSvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSOut>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSIn>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\DHCP>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\SharedAccess.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch2>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\WinDefend.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo\0>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\wscsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\wuauserv.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv>

SetACL finished successfully.
11:03:20 - Services Repair Complete.
11:03:24 - Reboot Initiated

Farbar Service Scanner Version: 13-09-2013
Ran by vlczak (administrator) on 28-09-2013 at 11:05:56
Running from "C:\Users\vlczak\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

Tak jeste uklidime

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

VIRY.CZ

Navlinks.com malware

Navlinks.com malware

Re: Navlinks.com malware

Re: Navlinks.com malware

Re: Navlinks.com malware

Re: Navlinks.com malware

Re: Navlinks.com malware

Re: Navlinks.com malware

Re: Navlinks.com malware

Re: Navlinks.com malware

Re: Navlinks.com malware

Re: Navlinks.com malware

Re: Navlinks.com malware

Re: Navlinks.com malware

Re: Navlinks.com malware

Re: Navlinks.com malware