VIRY.CZ

PLS RSIT LOG:Logfile of random's system information tool 1.10 (written by random/random)
Run by User at 2014-08-31 15:33:57
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 598 GB (84%) free of 715 GB
Total RAM: 4091 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:34:11, on 31.8.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17239)
Boot mode: Normal

Running processes:
C:\Users\User\AppData\Local\FirmwareOfficeRecycle\IconInterpreterOpen.exe
C:\Program Files (x86)\Gaming Keyboard\Monitor.EXE
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Gaming Keyboard\OSD.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\User.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:40685
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 216.239.32.20 google.com
O1 - Hosts: 216.239.32.20 google.com www.google.ad
O1 - Hosts: 216.239.32.20 google.com www.google.ae
O1 - Hosts: 216.239.32.20 google.com www.google.com.af
O1 - Hosts: 216.239.32.20 google.com www.google.com.ag
O1 - Hosts: 216.239.32.20 google.com www.google.com.ai
O1 - Hosts: 216.239.32.20 google.com www.google.al
O1 - Hosts: 216.239.32.20 google.com www.google.am
O1 - Hosts: 216.239.32.20 google.com www.google.co.ao
O1 - Hosts: 216.239.32.20 google.com www.google.com.ar
O1 - Hosts: 216.239.32.20 google.com www.google.as
O1 - Hosts: 216.239.32.20 google.com www.google.at
O1 - Hosts: 216.239.32.20 google.com www.google.com.au
O1 - Hosts: 216.239.32.20 google.com www.google.az
O1 - Hosts: 216.239.32.20 google.com www.google.ba
O1 - Hosts: 216.239.32.20 google.com www.google.com.bd
O1 - Hosts: 216.239.32.20 google.com www.google.be
O1 - Hosts: 216.239.32.20 google.com www.google.bf
O1 - Hosts: 216.239.32.20 google.com www.google.bg
O1 - Hosts: 216.239.32.20 google.com www.google.com.bh
O1 - Hosts: 216.239.32.20 google.com www.google.bi
O1 - Hosts: 216.239.32.20 google.com www.google.bj
O1 - Hosts: 216.239.32.20 google.com www.google.com.bn
O1 - Hosts: 216.239.32.20 google.com www.google.com.bo
O1 - Hosts: 216.239.32.20 google.com www.google.com.br
O1 - Hosts: 216.239.32.20 google.com www.google.bs
O1 - Hosts: 216.239.32.20 google.com www.google.bt
O1 - Hosts: 216.239.32.20 google.com www.google.co.bw
O1 - Hosts: 216.239.32.20 google.com www.google.by
O1 - Hosts: 216.239.32.20 google.com www.google.com.bz
O1 - Hosts: 216.239.32.20 google.com www.google.ca
O1 - Hosts: 216.239.32.20 google.com www.google.cd
O1 - Hosts: 216.239.32.20 google.com www.google.cf
O1 - Hosts: 216.239.32.20 google.com www.google.cg
O1 - Hosts: 216.239.32.20 google.com www.google.ch
O1 - Hosts: 216.239.32.20 google.com www.google.ci
O1 - Hosts: 216.239.32.20 google.com www.google.co.ck
O1 - Hosts: 216.239.32.20 google.com www.google.cl
O1 - Hosts: 216.239.32.20 google.com www.google.cm
O1 - Hosts: 216.239.32.20 google.com www.google.cn
O1 - Hosts: 216.239.32.20 google.com www.google.com.co
O1 - Hosts: 216.239.32.20 google.com www.google.co.cr
O1 - Hosts: 216.239.32.20 google.com www.google.com.cu
O1 - Hosts: 216.239.32.20 google.com www.google.cv
O1 - Hosts: 216.239.32.20 google.com www.google.com.cy
O1 - Hosts: 216.239.32.20 google.com www.google.cz
O1 - Hosts: 216.239.32.20 google.com www.google.de
O1 - Hosts: 216.239.32.20 google.com www.google.dj
O1 - Hosts: 216.239.32.20 google.com www.google.dk
O1 - Hosts: 216.239.32.20 google.com www.google.dm
O1 - Hosts: 216.239.32.20 google.com www.google.com.do
O1 - Hosts: 216.239.32.20 google.com www.google.dz
O1 - Hosts: 216.239.32.20 google.com www.google.com.ec
O1 - Hosts: 216.239.32.20 google.com www.google.ee
O1 - Hosts: 216.239.32.20 google.com www.google.com.eg
O1 - Hosts: 216.239.32.20 google.com www.google.es
O1 - Hosts: 216.239.32.20 google.com www.google.com.et
O1 - Hosts: 216.239.32.20 google.com www.google.fi
O1 - Hosts: 216.239.32.20 google.com www.google.com.fj
O1 - Hosts: 216.239.32.20 google.com www.google.fm
O1 - Hosts: 216.239.32.20 google.com www.google.fr
O1 - Hosts: 216.239.32.20 google.com www.google.ga
O1 - Hosts: 216.239.32.20 google.com www.google.ge
O1 - Hosts: 216.239.32.20 google.com www.google.gg
O1 - Hosts: 216.239.32.20 google.com www.google.com.gh
O1 - Hosts: 216.239.32.20 google.com www.google.com.gi
O1 - Hosts: 216.239.32.20 google.com www.google.gl
O1 - Hosts: 216.239.32.20 google.com www.google.gm
O1 - Hosts: 216.239.32.20 google.com www.google.gp
O1 - Hosts: 216.239.32.20 google.com www.google.gr
O1 - Hosts: 216.239.32.20 google.com www.google.com.gt
O1 - Hosts: 216.239.32.20 google.com www.google.gy
O1 - Hosts: 216.239.32.20 google.com www.google.com.hk
O1 - Hosts: 216.239.32.20 google.com www.google.hn
O1 - Hosts: 216.239.32.20 google.com www.google.hr
O1 - Hosts: 216.239.32.20 google.com www.google.ht
O1 - Hosts: 216.239.32.20 google.com www.google.hu
O1 - Hosts: 216.239.32.20 google.com www.google.co.id
O1 - Hosts: 216.239.32.20 google.com www.google.ie
O1 - Hosts: 216.239.32.20 google.com www.google.co.il
O1 - Hosts: 216.239.32.20 google.com www.google.im
O1 - Hosts: 216.239.32.20 google.com www.google.co.in
O1 - Hosts: 216.239.32.20 google.com www.google.iq
O1 - Hosts: 216.239.32.20 google.com www.google.is
O1 - Hosts: 216.239.32.20 google.com www.google.it
O1 - Hosts: 216.239.32.20 google.com www.google.je
O1 - Hosts: 216.239.32.20 google.com www.google.com.jm
O1 - Hosts: 216.239.32.20 google.com www.google.jo
O1 - Hosts: 216.239.32.20 google.com www.google.co.jp
O1 - Hosts: 216.239.32.20 google.com www.google.co.ke
O1 - Hosts: 216.239.32.20 google.com www.google.com.kh
O1 - Hosts: 216.239.32.20 google.com www.google.ki
O1 - Hosts: 216.239.32.20 google.com www.google.kg
O1 - Hosts: 216.239.32.20 google.com www.google.co.kr
O1 - Hosts: 216.239.32.20 google.com www.google.com.kw
O1 - Hosts: 216.239.32.20 google.com www.google.kz
O1 - Hosts: 216.239.32.20 google.com www.google.la
O1 - Hosts: 216.239.32.20 google.com www.google.com.lb
O1 - Hosts: 216.239.32.20 google.com www.google.li
O1 - Hosts: 216.239.32.20 google.com www.google.lk
O1 - Hosts: 216.239.32.20 google.com www.google.co.ls
O2 - BHO: CrossriderApp0048559 - {11111111-1111-1111-1111-110411851159} - C:\Program Files (x86)\Apps Hat\Apps Hat-bho.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: IEExtension.Extension - {d40c654d-7c51-4eb3-95b2-1e23905c2a2d} - mscoree.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: ͬ˛˝Ň»Ľü°˛×°Ö§łÖ - {F72C8153-7140-4FEE-8F69-CA4579D71195} - C:\Program Files (x86)\Tongbu\Addin\tbIEAddin.dll
O2 - BHO: YTAHelperBHO - {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} - (no file)
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [VICTORY Gaming Keyboard] "C:\Program Files (x86)\Gaming Keyboard\Monitor.exe"
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD5B331D-8735-43FC-A8ED-F847E7761D95}: NameServer = 213.46.172.36,213.46.172.37
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: 0fe17f7f7055ca8.exe - Unknown owner - C:\Users\User\AppData\Local\0c8010b42ce9c0896292f9a00871cf6d\0fe17f7f7055ca8.exe (file missing)
O23 - Service: 8466e4bf6f86000.exe - Unknown owner - C:\Users\User\AppData\Local\e5a6946aeccac218acdd006c605848c5\8466e4bf6f86000.exe (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: CronDockWord.exe - Unknown owner - C:\Users\User\AppData\Local\CronDockWord\CronDockWord.exe (file missing)
O23 - Service: DebugPathRoot.exe - Unknown owner - C:\Users\User\AppData\Local\95e7150cfbe0077d019a301ebb47332f\MotionOCRWin32.exe
O23 - Service: e177f95e8bcdff0.exe - Unknown owner - C:\Users\User\AppData\Local\5b37c15f318304c12ff7bd21aaf6bc6b\e177f95e8bcdff0.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: FirmwareOfficeRecycle.exe - Unknown owner - C:\Users\User\AppData\Local\FirmwareOfficeRecycle\FirmwareOfficeRecycle.exe
O23 - Service: globalUpdate Update Service (globalUpdate) (globalUpdate) - globalUpdate - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
O23 - Service: globalUpdate Update Service (globalUpdatem) (globalUpdatem) - globalUpdate - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PirritDesktop - Unknown owner - C:\Users\User\AppData\Local\PirritSuggestor\PirritService.exe (file missing)
O23 - Service: PirritUpdater - Unknown owner - C:\Program Files (x86)\Pirrit\AutoUpdater.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WinRST - Unknown owner - C:\Program Files (x86)\WinRST\WinRST.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 16191 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
C:\Users\User\AppData\Local\95e7150cfbe0077d019a301ebb47332f\MotionOCRWin32.exe
C:\Users\User\AppData\Local\FirmwareOfficeRecycle\FirmwareOfficeRecycle.exe
"C:\Program Files (x86)\Pirrit\AutoUpdater.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\WinRST\WinRST.exe"
"c:\Program Files\Microsoft Security Client\NisSrv.exe"
atieclxx
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
IconInterpreterOpen.exe
"C:\Program Files (x86)\Gaming Keyboard\Monitor.EXE"
"C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\iTunes\iTunesHelper.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\iPod\bin\iPodService.exe"
"C:\Program Files (x86)\Gaming Keyboard\OSD.exe"
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"taskhost.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-56a534bd-1114-4de2-9c08-de9c12ea3c21 -SystemEventPortName:HostProcess-d5b43a74-ed36-4d38-ad43-dd124022e3b0 -IoCancelEventPortName:HostProcess-006129e3-4d6c-46ba-93d7-5051270fc4e2 -NonStateChangingEventPortName:HostProcess-ced9680f-57ac-43a4-be90-76483565d6ec -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:c33f394f-d8a0-49a2-88f0-6807264c0ed5 -DeviceGroupId:WpdFsGroup
"C:\Program Files (x86)\Steam\Steam.exe"
"C:\Program Files (x86)\Steam\bin\steamwebhelper.exe" -cefhost -cachedir "C:\Program Files (x86)\Steam\config\htmlcache" -cookiepath "C:\Program Files (x86)\Steam\config\cookies" -steampid 5692 --blacklist-accelerated-compositing --process-per-tab --enable-direct-write
"C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="3960.0.2033263845\1430495657" --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,16 --disable-accelerated-video-decode --gpu-vendor-id=0x1002 --gpu-device-id=0x68c1 --gpu-driver-vendor="ATI Technologies Inc." --gpu-driver-version=8.712.2.1000 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group9 pct:10i stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Enforce/GoogleNow/Enable/OmniboxBundledExperimentV1/StandardR4/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_02/UMA-Uniformity-Trial-1-Percent/group_45/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --extension-process --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --disable-accelerated-video-decode --channel="3960.2.1743190065\411163397" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group9 pct:10i stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Enforce/GoogleNow/Enable/OmniboxBundledExperimentV1/StandardR4/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_02/UMA-Uniformity-Trial-1-Percent/group_45/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --disable-accelerated-video-decode --channel="3960.5.1688524800\1312424062" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="3960.6.1479982264\217345010" --ppapi-flash-args=enable_hw_video_decode=1 --lang=cs --ignored=" --type=renderer " /prefetch:-632637702
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group9 pct:10i stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Enforce/FlashHardwareVideoDecode/HwVideo/GoogleNow/Enable/OmniboxBundledExperimentV1/StandardR4/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_02/UMA-Uniformity-Trial-1-Percent/group_45/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --disable-accelerated-video-decode --channel="3960.7.464246185\1044245472" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group9 pct:10i stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Enforce/FlashHardwareVideoDecode/HwVideo/GoogleNow/Enable/OmniboxBundledExperimentV1/StandardR4/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_02/UMA-Uniformity-Trial-1-Percent/group_45/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --disable-accelerated-video-decode --channel="3960.11.242232173\15007078" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\User\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll" --lang=cs --channel="3960.12.1396642052\1790176727" /prefetch:-390060480
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group9 pct:10i stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Enforce/FlashHardwareVideoDecode/HwVideo/GoogleNow/Enable/OmniboxBundledExperimentV1/StandardR4/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_02/UMA-Uniformity-Trial-1-Percent/group_45/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --disable-accelerated-video-decode --channel="3960.16.1942553814\1533115564" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group9 pct:10i stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Enforce/FlashHardwareVideoDecode/HwVideo/GoogleNow/Enable/OmniboxBundledExperimentV1/StandardR4/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_02/UMA-Uniformity-Trial-1-Percent/group_45/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --disable-accelerated-video-decode --channel="3960.18.2073480362\259407345" /prefetch:673131151
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe59_ Global\UsGthrCtrlFltPipeMssGthrPipe59 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 512 516 524 65536 520

"C:\Users\User\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\1c4fb8c3-4482-4747-aa6c-6a5ce886c1ec-1.job - C:\Program Files (x86)\Apps Hat\Apps Hat-codedownloader.exe /KErnuMLG /IeOlK=task /tlXRNE='Apps Hat' /WpYGyzbuA=48559 /CMToh='000820' /JKHyOHsPa='0' /jmQSexwWU='appshatmadness' /SNWPdw=A03CCF1D97E44490B6686D758867A071IE /stsoS=b0e46312ef3e3f0d9349c7f1bdf317ee /khHSlIt=1_34_07_01 /lHUAqI=1.34.7.1 /jEnATGADV=1404659937 /gJUkMzTp=http://stats.demogensrv.com /ftUune=http://errors.demogensrv.com /hMcthrAC=http://js.demogensrv.com /KnYThIW=ch /IjULhBEC='Apps Hat' /fsnbs=http://js.clientdemocloud.com /AAbsiszl /TZAWX='{"asw":[8, 8388865, 8192]}' /WUDZEY='http://update.demogensrv.com/ie_code_ag ... pdate.json' /IeOlK='task' /ZwhOem=''
C:\Windows\tasks\1c4fb8c3-4482-4747-aa6c-6a5ce886c1ec-11.job - C:\Program Files (x86)\Apps Hat\1c4fb8c3-4482-4747-aa6c-6a5ce886c1ec-11.exe /fHvrm=RZMHaz6kC1yF82Qxs2oBE/RvrVY2Ybo5XhMJxRb4pUxY3ZBzfOBjACK/w18TSNsHJ6z6h/cQd0VrwPAIDKIU9qWNa0b7exsAfzJqOxZ6SkDvtroTAgkHSNWUidud+O7QKIBnzWMxIlzzl7wwiy9OkO305cR9N2jxYFA1ewro7mGMGGxs6uzN+WQr0TSd8QGelr8w6jAN8qRapufAJPxRvwEq0dTh/oe+J185dO7yule46jIAkQSW/4iP4r3mn6smsUhvH6V/luIMzCEQXwKnSUD2jJt+G6naQiYvpNcxQl+t4V9vtAGl0VmEqQLPJLh4LERJ92IktG96i0rv2098cTD8XtISekhOVe+zs6RVNvuGKYrAT7aYv3HlSVaDQyq1TubLnaTOcaVvvAKtHYwpFxn/3TMxCsyRKLSh5tx1qb3gH3bbMEoplKwRJl43HT87ovTdNKEB8Ro5k9ILdA9ifyjU1LN/3dM8hOwZlW/yAjOCsQkF1krtMD6iq7EFffRrJJG/hdCFbs459n7wIkI8NkONF8wi3/F0mmsn8l2rX9I0hskMEOPTn8IkkJLRygBRazfX3hXt1WcTFIbnTC8k6LnD73VWAkv1E+NnT4VI1X7IFwHB64f0T+CSNR+oxoRRkruWPN51wVKZIBU4AVsQZ0fR7D+Xkvbc4IDun6gdtSmdAP9oHDzqFpJgE8XGc6K7F9837iuGepUqjPPKMChpZ1GQ/jggej8AiTHNkxZYUyRLzJC7pErIiLQOdpNrVsU2lpndGwmDy5fktSdfUKvUeuc2//3/8S56Bt/PtitpAD93PU/Nz1a4wYNBBxROv5efHBaIa+m2C6qXNfwI9S6SlX5GyYit9HK0gkdrLS9wqAoviXYneGHlFc529jnuCTFoNxHxkYcS1fEWJVzjwjK9GtFFgR41Wt5eiu2OIg6yP7Uip0u7nKID6YEKAyYEJ/7c1L/clk0zKTwo0+gZ73JyC4JLOjxfC282gqEljuRhef8uyG0Rah7OfaZKnnKFIQVQjGhUiLi8lRy24vBR3i7W09t8k557urlS/C8kFycuhrlb/rwLTQ9vVqKW9PXJi0bLQDK5SKUiLTh2vjFAX1yN8K1dyH1pbAnVZOlfq0wgEDgfN7xpgr0EXQaNhlhcAH0TTH8I0paFQ8dh5JSw7A1T3HmWNsqUpCjdN0Rzd75DXKlOTb1h0lJuKZHw6sMH5cIu6hXyuPx7CvxLVGGlwIKLVdao5hDYm403xaBUnrnVP3fX/9QxbSClKgXknhcwWQ+QjGiMsYA1TeLqxmzKuzxI5gv/QbA29AGTJYVQdytrTEXNIeW3WtySfFjQQofMI10stC6T1iKPmgHI7Z0I/pd75Brl0pejx9nSfJH4nJzLiGoviyhRgTEIu6gUcadn9FhIbC6Auj9vCZbXp1iyFaJtEl+JgQEZBkkZ2C/lMZUjqrc6wqMk1LCcTTbon6XX6qQmshiDWRYd7I1+fL+g5NxRTbckEVsYUeKjnjbdjJiTq/rulXLJTw52tmr7QNvym4Z2WLj2ycqCsU/zFX5axHdaedgmA//WDpznDhPjVm5x6I+E37ENeilarl1K3eoAnQfxt6FdJ5BgZvY0ipXSJ7fncOs5C8hdCmjMEm9O/v9PLDvwlOzz+K6LY/6oQ87EgCyus9LtOeIcVqgdX3Brj0Y/6yoc1Z0diqg0Ete0yNc6Yjs=
C:\Windows\tasks\1c4fb8c3-4482-4747-aa6c-6a5ce886c1ec-2.job - C:\Program Files (x86)\Apps Hat\1c4fb8c3-4482-4747-aa6c-6a5ce886c1ec-2.exe /YMmAdk /tlXRNE='Apps Hat' /WpYGyzbuA=48559 /CMToh='000820' /JKHyOHsPa='0' /jmQSexwWU='appshatmadness' /SNWPdw=A03CCF1D97E44490B6686D758867A071IE /stsoS=b0e46312ef3e3f0d9349c7f1bdf317ee /khHSlIt=1_34_07_01 /jEnATGADV=1404659937 /gJUkMzTp=http://stats.demogensrv.com /ftUune=http://errors.demogensrv.com /tPTsxJ=11111111-1111-1111-1111-110411851159 /KnYThIW=ch /AAbsiszl /WUDZEY='http://update.demogensrv.com/ie_enable_ ... pdate.json' /IeOlK='task' /ZwhOem=''
C:\Windows\tasks\1c4fb8c3-4482-4747-aa6c-6a5ce886c1ec-4.job - C:\Program Files (x86)\Apps Hat\1c4fb8c3-4482-4747-aa6c-6a5ce886c1ec-4.exe /WcPdmF /tlXRNE='Apps Hat' /FAmTNpDoq='C:\Program Files (x86)\Apps Hat\48559.xpi' /WpYGyzbuA=48559 /CMToh='000820' /JKHyOHsPa='0' /jmQSexwWU='appshatmadness' /SNWPdw=A03CCF1D97E44490B6686D758867A071IE /stsoS=b0e46312ef3e3f0d9349c7f1bdf317ee /khHSlIt=1_34_07_01 /lHUAqI=1.34.7.1 /jEnATGADV=1404659937 /gJUkMzTp=http://stats.demogensrv.com /ftUune=http://errors.demogensrv.com /QyNPVnxx=300 /XYDvX=39ed7c16-185d-4f88-b976-666d4928ba01@fe4550c1-7a4f-4a62-ad1c-45e0afdf81a4.com /csSaPmn=0.94 /wZlfdPUdl=a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559 /ocdMLWR=https://w9u6a2p6.ssl.hwcdn.net/plugin/f ... /48559.rdf /coaxQmy='Apps Hat' /BDyqM='Apps Hat is the cool new Android app store that helps you discover hot new apps, both free and discounted. Get personalised recommendations, price drop alerts, and share your favourite apps with your friends.' /LNvLrmGBG='Nero' /KnYThIW=ch /TZAWX='{"asw":[8, 8388865, 8192]}' /AAbsiszl /jngKTGD /XwGPiFIOB /WUDZEY='http://update.demogensrv.com/ff_agent_u ... pdate.json' /IeOlK='task' /ZwhOem=''
C:\Windows\tasks\1c4fb8c3-4482-4747-aa6c-6a5ce886c1ec-5.job - C:\Program Files (x86)\Apps Hat\1c4fb8c3-4482-4747-aa6c-6a5ce886c1ec-5.exe /tYYjLolaj /tlXRNE='Apps Hat' /WpYGyzbuA=48559 /CMToh='000820' /JKHyOHsPa='0' /jmQSexwWU='appshatmadness' /SNWPdw=A03CCF1D97E44490B6686D758867A071IE /stsoS=b0e46312ef3e3f0d9349c7f1bdf317ee /khHSlIt=1_34_07_01 /jEnATGADV=1404659937 /gJUkMzTp=http://stats.demogensrv.com /ftUune=http://errors.demogensrv.com /nWcMkaj=http://ipgeoapi.com/ /LOxcpm=http://update.demogensrv.com /ypSmK=2 /SEfUEIJq=http://logs.demogensrv.com /WUDZEY='http://update.demogensrv.com/updater_ag ... pdate.json' /IeOlK='task' /ZwhOem=''
C:\Windows\tasks\1c4fb8c3-4482-4747-aa6c-6a5ce886c1ec-5_user.job - C:\Program Files (x86)\Apps Hat\1c4fb8c3-4482-4747-aa6c-6a5ce886c1ec-5.exe /tYYjLolaj /tlXRNE='Apps Hat' /WpYGyzbuA=48559 /CMToh='000820' /JKHyOHsPa='0' /jmQSexwWU='appshatmadness' /SNWPdw=A03CCF1D97E44490B6686D758867A071IE /stsoS=b0e46312ef3e3f0d9349c7f1bdf317ee /khHSlIt=1_34_07_01 /jEnATGADV=1404659937 /gJUkMzTp=http://stats.demogensrv.com /ftUune=http://errors.demogensrv.com /nWcMkaj=http://ipgeoapi.com/ /LOxcpm=http://update.demogensrv.com /ypSmK=2 /SEfUEIJq=http://logs.demogensrv.com /WUDZEY='http://update.demogensrv.com/updater_ag ... pdate.json' /ntRfp /IeOlK='task' /ZwhOem=''
C:\Windows\tasks\1c4fb8c3-4482-4747-aa6c-6a5ce886c1ec-6.job - C:\Program Files (x86)\Apps Hat\Apps Hat-novainstaller.exe /xNlXmmsw /tlXRNE='Apps Hat' /WpYGyzbuA=48559 /CMToh='000820' /JKHyOHsPa='0' /jmQSexwWU='appshatmadness' /SNWPdw=A03CCF1D97E44490B6686D758867A071IE /stsoS=b0e46312ef3e3f0d9349c7f1bdf317ee /khHSlIt=1_34_07_01 /lHUAqI=1.34.7.1 /jEnATGADV=1404659937 /gJUkMzTp=http://stats.demogensrv.com /ftUune=http://errors.demogensrv.com /hMcthrAC=http://js.demogensrv.com /KnYThIW=ch /fxVrX /IjULhBEC=Apps Hat /EYjsYgpml='nova' /fsnbs=http://js.clientdemocloud.com /TZAWX='{"asw":[8, 8388865, 8192]}' /IeOlK=task /WUDZEY='http://update.demogensrv.com/novacode/{ ... pdate.json' /IeOlK='task' /ZwhOem=''
C:\Windows\tasks\1c4fb8c3-4482-4747-aa6c-6a5ce886c1ec-7.job - C:\Program Files (x86)\Apps Hat\Apps Hat-nova.exe /tlXRNE='Apps Hat' /WpYGyzbuA=48559 /CMToh='000820' /JKHyOHsPa='0' /jmQSexwWU='appshatmadness' /SNWPdw=A03CCF1D97E44490B6686D758867A071IE /stsoS=b0e46312ef3e3f0d9349c7f1bdf317ee /khHSlIt=1_34_07_01 /lHUAqI=1.34.7.1 /jEnATGADV=1404659937 /gJUkMzTp=http://stats.demogensrv.com /ftUune=http://errors.demogensrv.com /hMcthrAC=http://js.demogensrv.com /KnYThIW=ch /fxVrX /IjULhBEC=Apps Hat /EYjsYgpml='nova' /fsnbs=http://js.clientdemocloud.com /TZAWX='{"asw":[8, 8388865, 8192]}' /WUDZEY='http://update.demogensrv.com/novarun/{C ... pdate.json' /IeOlK='task' /ZwhOem=''
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\globalUpdateUpdateTaskMachineCore.job - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /c
C:\Windows\tasks\globalUpdateUpdateTaskMachineUA.job - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1570955093-1124358558-1990792310-1000Core.job - C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1570955093-1124358558-1990792310-1000UA.job - C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411851159}]
Apps Hat - C:\Program Files (x86)\Apps Hat\Apps Hat-bho64.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411851159}]
Apps Hat - C:\Program Files (x86)\Apps Hat\Apps Hat-bho.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-11 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d40c654d-7c51-4eb3-95b2-1e23905c2a2d}]
IEExtension.Extension - C:\Windows\system32\mscoree.dll [2010-11-05 444752]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-11 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F72C8153-7140-4FEE-8F69-CA4579D71195}]
ͬ˛˝Ň»Ľü°˛×°Ö§łÖ - C:\Program Files (x86)\Tongbu\Addin\tbIEAddin.dll [2013-04-01 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"=C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [2010-03-10 520760]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-03-10 2052392]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2014-03-11 1271072]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-22 116648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2014-07-31 43816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlueStacks Agent]
C:\Program Files (x86)\BlueStacks\HD-Agent.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-22 116648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\icq]
C:\Users\User\AppData\Roaming\ICQM\icq.exe -CU []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files (x86)\iTunes\iTunesHelper.exe [2014-08-01 152392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ManyCam]
C:\Program Files (x86)\ManyCam\ManyCam.exe [2014-06-09 8795312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RazerGameBooster]
C:\Program Files (x86)\Razer\Razer Game Booster\RazerGameBooster.exe -autorun []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
C:\Program Files (x86)\RocketDock\RocketDock.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartAudio]
C:\Program Files\CONEXANT\SAII\SAIICpl.exe [2009-11-19 307768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartFaceVWatcher]
C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [2009-10-19 238080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files (x86)\Steam\steam.exe [2014-08-28 1939136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TWebCamera]
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2010-02-24 2454840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xwidget]
C:\Program Files (x86)\XWidget\xwidget.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
C:\PROGRA~2\MICROS~2\Office12\ONENOTEM.EXE [2009-02-26 97680]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-03-15 98304]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]
"VICTORY Gaming Keyboard"=C:\Program Files (x86)\Gaming Keyboard\Monitor.exe [2013-04-09 270336]
"DivXMediaServer"=C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [2014-05-28 455512]
"DivXUpdate"=C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2014-01-10 1861968]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-07-11 256896]
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2014-08-01 152392]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-08-31 15:33:57 ----D---- C:\rsit
2014-08-31 15:33:57 ----D---- C:\Program Files\trend micro
2014-08-30 21:47:05 ----D---- C:\ProgramData\Media Center Programs
2014-08-30 21:26:26 ----D---- C:\Program Files (x86)\Tomb Raider - Anniversary
2014-08-30 21:23:57 ----D---- C:\Windows\Downloaded Installations
2014-08-27 22:28:36 ----D---- C:\Program Files (x86)\Aspyr Media, Inc
2014-08-27 19:31:05 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2014-08-27 19:31:05 ----A---- C:\Windows\system32\win32k.sys
2014-08-27 19:31:05 ----A---- C:\Windows\system32\gdi32.dll
2014-08-25 20:53:30 ----D---- C:\Users\User\AppData\Roaming\Mp3tag
2014-08-25 20:53:14 ----D---- C:\Program Files (x86)\Mp3tag
2014-08-25 02:16:22 ----D---- C:\Program Files (x86)\AMP WinOFF
2014-08-21 14:09:50 ----D---- C:\Program Files (x86)\The-Lost-Island
2014-08-20 16:06:31 ----D---- C:\Users\User\AppData\Roaming\Teiron
2014-08-20 15:06:25 ----D---- C:\Program Files (x86)\Tongbu
2014-08-19 19:02:51 ----D---- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-19 19:02:51 ----D---- C:\Program Files\iTunes
2014-08-19 19:02:51 ----D---- C:\Program Files\iPod
2014-08-19 19:02:51 ----D---- C:\Program Files (x86)\iTunes
2014-08-16 21:00:35 ----A---- C:\Windows\SYSWOW64\Block.txt
2014-08-16 20:59:10 ----D---- C:\Windows\SYSWOW64\pack
2014-08-16 18:04:55 ----D---- C:\Program Files (x86)\Attomey ---
2014-08-15 21:16:03 ----D---- C:\Users\User\AppData\Roaming\Tomabo
2014-08-13 19:04:02 ----A---- C:\Windows\SYSWOW64\infocardapi.dll
2014-08-13 19:04:02 ----A---- C:\Windows\system32\infocardapi.dll
2014-08-13 19:04:01 ----A---- C:\Windows\SYSWOW64\icardagt.exe
2014-08-13 19:04:01 ----A---- C:\Windows\system32\icardagt.exe
2014-08-13 19:03:56 ----A---- C:\Windows\SYSWOW64\icardres.dll
2014-08-13 19:03:56 ----A---- C:\Windows\system32\icardres.dll
2014-08-13 19:03:05 ----A---- C:\Windows\SYSWOW64\TsWpfWrp.exe
2014-08-13 19:03:04 ----A---- C:\Windows\system32\TsWpfWrp.exe
2014-08-13 18:29:30 ----A---- C:\Windows\SYSWOW64\shell32.dll
2014-08-13 18:29:30 ----A---- C:\Windows\system32\shell32.dll
2014-08-13 18:29:22 ----A---- C:\Windows\SYSWOW64\KBDYAK.DLL
2014-08-13 18:29:22 ----A---- C:\Windows\SYSWOW64\KBDTAT.DLL
2014-08-13 18:29:22 ----A---- C:\Windows\SYSWOW64\KBDRU1.DLL
2014-08-13 18:29:22 ----A---- C:\Windows\SYSWOW64\KBDRU.DLL
2014-08-13 18:29:22 ----A---- C:\Windows\SYSWOW64\KBDBASH.DLL
2014-08-13 18:29:22 ----A---- C:\Windows\system32\KBDTAT.DLL
2014-08-13 18:29:21 ----A---- C:\Windows\system32\KBDYAK.DLL
2014-08-13 18:29:21 ----A---- C:\Windows\system32\KBDRU1.DLL
2014-08-13 18:29:21 ----A---- C:\Windows\system32\KBDRU.DLL
2014-08-13 18:29:21 ----A---- C:\Windows\system32\KBDBASH.DLL
2014-08-13 18:29:15 ----A---- C:\Windows\SYSWOW64\tzres.dll
2014-08-13 18:29:15 ----A---- C:\Windows\system32\tzres.dll
2014-08-13 18:28:18 ----A---- C:\Windows\SYSWOW64\msi.dll
2014-08-13 18:28:18 ----A---- C:\Windows\system32\msi.dll
2014-08-13 18:28:18 ----A---- C:\Windows\system32\authui.dll
2014-08-13 18:28:17 ----A---- C:\Windows\SYSWOW64\authui.dll
2014-08-13 18:28:16 ----A---- C:\Windows\SYSWOW64\msihnd.dll
2014-08-13 18:28:16 ----A---- C:\Windows\system32\msihnd.dll
2014-08-13 18:28:16 ----A---- C:\Windows\system32\consent.exe
2014-08-13 18:27:06 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2014-08-13 18:26:55 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2014-08-13 18:26:55 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2014-08-13 18:26:54 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2014-08-13 18:26:54 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2014-08-13 18:26:53 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2014-08-13 18:26:53 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-08-13 18:26:53 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2014-08-13 18:26:53 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2014-08-13 18:26:53 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2014-08-13 18:26:53 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-13 18:26:53 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-08-13 18:26:51 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2014-08-13 18:26:51 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2014-08-13 18:26:51 ----A---- C:\Windows\system32\iernonce.dll
2014-08-13 18:26:51 ----A---- C:\Windows\system32\ie4uinit.exe
2014-08-13 18:26:50 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2014-08-13 18:26:50 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2014-08-13 18:26:50 ----A---- C:\Windows\system32\urlmon.dll
2014-08-13 18:26:50 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-08-13 18:26:49 ----A---- C:\Windows\SYSWOW64\ieui.dll
2014-08-13 18:26:49 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2014-08-13 18:26:49 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-08-13 18:26:49 ----A---- C:\Windows\system32\dxtmsft.dll
2014-08-13 18:26:48 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2014-08-13 18:26:48 ----A---- C:\Windows\system32\msfeeds.dll
2014-08-13 18:26:47 ----A---- C:\Windows\system32\iesetup.dll
2014-08-13 18:26:47 ----A---- C:\Windows\system32\iedkcs32.dll
2014-08-13 18:26:46 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2014-08-13 18:26:46 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2014-08-13 18:26:46 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2014-08-13 18:26:46 ----A---- C:\Windows\system32\iertutil.dll
2014-08-13 18:26:45 ----A---- C:\Windows\SYSWOW64\wininet.dll
2014-08-13 18:26:45 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2014-08-13 18:26:45 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2014-08-13 18:26:45 ----A---- C:\Windows\system32\jsproxy.dll
2014-08-13 18:26:44 ----A---- C:\Windows\SYSWOW64\msrating.dll
2014-08-13 18:26:44 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2014-08-13 18:26:42 ----A---- C:\Windows\system32\ieui.dll
2014-08-13 18:26:42 ----A---- C:\Windows\system32\ieframe.dll
2014-08-13 18:26:42 ----A---- C:\Windows\system32\dxtrans.dll
2014-08-13 18:26:41 ----A---- C:\Windows\system32\mshtmlmedia.dll
2014-08-13 18:26:41 ----A---- C:\Windows\system32\mshtmled.dll
2014-08-13 18:26:40 ----A---- C:\Windows\system32\jscript9diag.dll
2014-08-13 18:26:40 ----A---- C:\Windows\system32\jscript9.dll
2014-08-13 18:26:40 ----A---- C:\Windows\system32\ieUnatt.exe
2014-08-13 18:26:39 ----A---- C:\Windows\system32\wininet.dll
2014-08-13 18:26:39 ----A---- C:\Windows\system32\vbscript.dll
2014-08-13 18:26:39 ----A---- C:\Windows\system32\ieapfltr.dll
2014-08-13 18:26:38 ----A---- C:\Windows\system32\msrating.dll
2014-08-13 18:26:38 ----A---- C:\Windows\system32\MshtmlDac.dll
2014-08-13 18:26:37 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-13 18:26:37 ----A---- C:\Windows\system32\mshtml.dll
2014-08-13 18:26:12 ----A---- C:\Windows\system32\rpcrt4.dll
2014-08-13 18:26:11 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2014-08-13 18:25:51 ----A---- C:\Windows\system32\aepdu.dll
2014-08-13 18:25:49 ----A---- C:\Windows\system32\aeinv.dll
2014-08-12 18:33:35 ----D---- C:\Users\User\AppData\Roaming\Dropbox
2014-08-10 17:39:41 ----D---- C:\downloads
2014-08-03 10:55:24 ----A---- C:\Windows\system32\wups2.dll
2014-08-03 10:55:24 ----A---- C:\Windows\system32\wuauclt.exe
2014-08-03 10:55:23 ----A---- C:\Windows\system32\wucltux.dll
2014-08-03 10:55:23 ----A---- C:\Windows\system32\wuaueng.dll
2014-08-03 10:55:04 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2014-08-03 10:55:04 ----A---- C:\Windows\system32\wups.dll
2014-08-03 10:55:04 ----A---- C:\Windows\system32\wudriver.dll
2014-08-03 10:55:03 ----A---- C:\Windows\SYSWOW64\wups.dll
2014-08-03 10:55:03 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2014-08-03 10:55:03 ----A---- C:\Windows\system32\wuapi.dll
2014-08-03 10:54:48 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2014-08-03 10:54:48 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2014-08-03 10:54:48 ----A---- C:\Windows\system32\wuwebv.dll
2014-08-03 10:54:47 ----A---- C:\Windows\system32\wuapp.exe

======List of files/folders modified in the last 1 month======

2014-08-31 15:33:57 ----RD---- C:\Program Files
2014-08-31 15:33:10 ----D---- C:\Windows\Temp
2014-08-31 15:20:49 ----D---- C:\Program Files (x86)\Steam
2014-08-31 12:55:12 ----D---- C:\Windows\system32\config
2014-08-31 12:41:08 ----SHD---- C:\System Volume Information
2014-08-30 22:03:14 ----D---- C:\Windows\system32\Tasks
2014-08-30 21:47:05 ----HD---- C:\ProgramData
2014-08-30 21:46:55 ----RSD---- C:\Windows\assembly
2014-08-30 21:26:26 ----RD---- C:\Program Files (x86)
2014-08-30 21:25:29 ----SHD---- C:\Windows\Installer
2014-08-30 21:25:18 ----D---- C:\Windows\SysWOW64
2014-08-30 21:23:57 ----D---- C:\Windows
2014-08-30 18:49:46 ----D---- C:\Users\User\AppData\Roaming\vlc
2014-08-29 16:29:51 ----D---- C:\Windows\System32
2014-08-29 16:29:51 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-08-29 16:29:48 ----D---- C:\Windows\inf
2014-08-27 22:26:12 ----RD---- C:\Wizzy
2014-08-27 22:18:18 ----D---- C:\Windows\winsxs
2014-08-27 19:27:06 ----D---- C:\Windows\system32\catroot
2014-08-27 19:13:33 ----D---- C:\Windows\system32\wdi
2014-08-26 16:52:46 ----D---- C:\Program Files (x86)\Last-World
2014-08-24 19:47:17 ----D---- C:\Program Files (x86)\QuadCoreM2
2014-08-23 18:07:18 ----D---- C:\Users\User\AppData\Roaming\OBS
2014-08-23 18:05:50 ----D---- C:\Program Files\OBS
2014-08-23 18:05:38 ----D---- C:\Program Files (x86)\OBS
2014-08-21 21:35:44 ----D---- C:\Users\User\AppData\Roaming\DivX
2014-08-21 21:35:07 ----D---- C:\Windows\system32\catroot2
2014-08-21 13:47:29 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-08-20 16:00:07 ----D---- C:\Users\User\AppData\Roaming\ihelper2014
2014-08-19 19:12:43 ----D---- C:\Program Files (x86)\Opera
2014-08-17 01:47:26 ----D---- C:\Program Files (x86)\Google
2014-08-17 01:47:01 ----D---- C:\Windows\Tasks
2014-08-16 15:50:40 ----D---- C:\Windows\Microsoft.NET
2014-08-15 20:27:10 ----D---- C:\Users\User\AppData\Roaming\Skype
2014-08-15 11:46:09 ----D---- C:\Program Files (x86)\Internet Explorer
2014-08-14 15:16:06 ----D---- C:\Windows\system32\drivers
2014-08-13 21:17:05 ----D---- C:\Windows\ehome
2014-08-13 21:17:04 ----RSD---- C:\Windows\Fonts
2014-08-13 21:16:57 ----D---- C:\Windows\SYSWOW64\cs-CZ
2014-08-13 21:16:57 ----D---- C:\Windows\system32\cs-CZ
2014-08-13 21:16:56 ----D---- C:\Windows\SYSWOW64\en-US
2014-08-13 21:16:56 ----D---- C:\Windows\system32\en-US
2014-08-13 21:16:56 ----D---- C:\Windows\PolicyDefinitions
2014-08-13 21:16:56 ----D---- C:\Program Files\Internet Explorer
2014-08-13 19:31:00 ----D---- C:\ProgramData\Microsoft Help
2014-08-13 19:15:58 ----D---- C:\Windows\system32\MRT
2014-08-13 19:12:34 ----A---- C:\Windows\system32\MRT.exe
2014-08-13 19:01:23 ----SD---- C:\Windows\system32\CompatTel
2014-08-12 18:35:13 ----D---- C:\Windows\Prefetch
2014-08-01 22:54:59 ----D---- C:\Users\User\AppData\Roaming\.minecraft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2009-05-05 16440]
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2014-01-25 268512]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS [2007-11-09 26968]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2014-03-11 133928]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atipmdag.sys [2010-03-15 6403072]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-03-15 188928]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT64.sys [2010-01-18 717368]
R3 CnxtHdmiAudService;Conexant UAA HDMI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDMI64.sys [2010-03-05 720952]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 33240]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys [2011-04-20 169584]
R3 ManyCam;ManyCam Virtual Webcam; C:\Windows\system32\DRIVERS\mcvidrv.sys [2014-05-13 42224]
R3 mcaudrv_simple;ManyCam Virtual Microphone; C:\Windows\system32\drivers\mcaudrv_x64.sys [2014-05-13 35440]
R3 PGEffect;Pangu effect driver; C:\Windows\system32\DRIVERS\pgeffect.sys [2009-06-22 35008]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver; C:\Windows\system32\DRIVERS\rtl8192se.sys [2013-03-28 1226344]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-03-10 316464]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 EagleX64;EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys []
S3 Netaapl;Apple Mobile Device Ethernet Service; C:\Windows\system32\DRIVERS\netaapl64.sys [2013-08-06 23040]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 RegFltrX64;RegFltrX64; \??\C:\Users\User\AppData\Local\95e7150cfbe0077d019a301ebb47332f\RegFltrX64.sys []
S3 RgFltX64;RgFltX64; \??\C:\Users\User\AppData\Local\FirmwareOfficeRecycle\RgFltX64.sys []
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2010-02-01 232992]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]
S3 xhunter1;xhunter1; \??\C:\Windows\xhunter1.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-21 65432]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-03-15 202752]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2014-06-12 43336]
R2 DebugPathRoot.exe;DebugPathRoot.exe; C:\Users\User\AppData\Local\95e7150cfbe0077d019a301ebb47332f\MotionOCRWin32.exe [2014-06-03 110592]
R2 FirmwareOfficeRecycle.exe;FirmwareOfficeRecycle.exe; C:\Users\User\AppData\Local\FirmwareOfficeRecycle\FirmwareOfficeRecycle.exe [2014-07-28 98341]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2014-03-11 23808]
R2 PirritUpdater;PirritUpdater; C:\Program Files (x86)\Pirrit\AutoUpdater.exe [2014-02-20 59904]
R2 WinRST;WinRST; C:\Program Files (x86)\WinRST\WinRST.exe [2014-02-26 59904]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2014-08-01 641352]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2014-03-11 347872]
R3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2014-08-28 833728]
S2 0fe17f7f7055ca8.exe;0fe17f7f7055ca8.exe; C:\Users\User\AppData\Local\0c8010b42ce9c0896292f9a00871cf6d\0fe17f7f7055ca8.exe []
S2 8466e4bf6f86000.exe;8466e4bf6f86000.exe; C:\Users\User\AppData\Local\e5a6946aeccac218acdd006c605848c5\8466e4bf6f86000.exe []
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 CronDockWord.exe;CronDockWord.exe; C:\Users\User\AppData\Local\CronDockWord\CronDockWord.exe []
S2 e177f95e8bcdff0.exe;e177f95e8bcdff0.exe; C:\Users\User\AppData\Local\5b37c15f318304c12ff7bd21aaf6bc6b\e177f95e8bcdff0.exe []
S2 globalUpdate;globalUpdate Update Service (globalUpdate); C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-07-06 68608]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-17 116648]
S2 PirritDesktop;PirritDesktop; C:\Users\User\AppData\Local\PirritSuggestor\PirritService.exe []
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-21 262320]
S3 globalUpdatem;globalUpdate Update Service (globalUpdatem); C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-07-06 68608]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-17 116648]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-07-25 111616]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-03-29 1255736]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------
mam v PC keylogger nebo nejaky malware?

Zdravim

Je to prolezle od sklepa na pudu

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

• Ulozte nejlepe na plochu
• Ukoncete vsechny programy
• Kliknete na Scan a nasledne Clean
• Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

• Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
• Do okna vlozte skript nize

• Kód: Vybrat vše

  autoclean;
  emptyclsid;
  iedefaults;
  FFdefaults;
  CHRdefaults;
  emptyalltemp;
  resethosts;
  

• Nasledne kliknete na Run Script
• PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

vůbec mi nejde otevřít ten zoek

Nepokazim nic tím ze dá all users?

Tak tady je ten log z programu zoek:
Zoek.exe v5.0.0.0 Updated 30-08-2014
Tool run by User on ne 31.08.2014 at 17:10:17,22.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\User\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

31.8.2014 17:11:56 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1570955093-1124358558-1990792310-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8E5E2654-AD2D-48BF-AC2D-D17F00898D06} deleted successfully
HKEY_USERS\S-1-5-21-1570955093-1124358558-1990792310-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8E5E2654-AD2D-48BF-AC2D-D17F00898D06} deleted successfully
HKEY_USERS\S-1-5-21-1570955093-1124358558-1990792310-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{8E5E2654-AD2D-48BF-AC2D-D17F00898D06} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RgFltX64 deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RgFltX64 deleted successfully

==== Deleting Files \ Folders ======================

C:\PROGRA~3\EmailNotifier deleted
C:\Users\User\AppData\Roaming\ihelper deleted
C:\Users\User\AppData\LocalLow\boost_interprocess deleted
C:\Users\User\AppData\LocalLow\Apps Hat deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Windows\SysWow64\AI_RecycleBin deleted
"C:\Users\User\AppData\Local\FirmwareOfficeRecycle\FirmwareOfficeRecycle.exe" deleted
"C:\Users\User\AppData\Local\FirmwareOfficeRecycle\IconInterpreterOpen.exe" deleted
"C:\Users\User\AppData\Local\FirmwareOfficeRecycle\msvcp100.dll" deleted
"C:\Users\User\AppData\Local\FirmwareOfficeRecycle\msvcr100.dll" not deleted
"C:\Users\User\AppData\Local\FirmwareOfficeRecycle\QtCore4.dll" deleted
"C:\Users\User\AppData\Local\FirmwareOfficeRecycle\QtNetwork4.dll" deleted
"C:\Users\User\AppData\Local\FirmwareOfficeRecycle" not deleted
"C:\Users\User\AppData\Local\FirmwareOfficeRecycle\desktop" not deleted
"C:\Users\User\AppData\Local\FirmwareOfficeRecycle\service" deleted

==== Chrome Look ======================

AdBlock - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom

==== Chrome Fix ======================

C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.metrolyrics.com_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.metrolyrics.com_0.localstorage-journal deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage deleted successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyServer"="http=127.0.0.1:31219"
"ProxyOverride"="<local>;*origin.com;*ea.com;*akamaihd.net"
"ProxyEnable"=dword:00000001

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlueStacks Agent deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\icq deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RazerGameBooster deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xwidget deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=33 folders=30 11007078 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\User\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\User\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\User\AppData\Local\FirmwareOfficeRecycle\msvcr100.dll" not found
"C:\Users\User\AppData\Local\FirmwareOfficeRecycle" not deleted

==== EOF on ne 31.08.2014 at 17:26:12,04 ======================

tady je ten adwcleaner lof S0:
# AdwCleaner v3.308 - Report created 31/08/2014 at 16:56:23
# Updated 20/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : User - WIZZY-PC
# Running from : C:\Users\User\Desktop\adwcleaner_3.308.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : globalUpdate
[#] Service Deleted : globalUpdatem
[#] Service Deleted : PirritDesktop
[#] Service Deleted : PirritUpdater
[#] Service Deleted : RegFltrX64

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\NCH Software
Folder Deleted : C:\Program Files (x86)\Pirrit
Folder Deleted : C:\Program Files (x86)\WinRST
Folder Deleted : C:\Users\User\AppData\Local\globalUpdate
Folder Deleted : C:\Users\User\AppData\Local\WinRST
Folder Deleted : C:\Users\User\AppData\Local\Temp\hotspot shield
Folder Deleted : C:\Users\User\AppData\Roaming\NCH Software
Folder Deleted : C:\Users\User\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\User\AppData\Roaming\Pirrit
File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

***** [ Scheduled Tasks ] *****

Task Deleted : globalUpdateUpdateTaskMachineCore
Task Deleted : globalUpdateUpdateTaskMachineUA
Task Deleted : 1c4fb8c3-4482-4747-aa6c-6a5ce886c1ec-1
Task Deleted : 1c4fb8c3-4482-4747-aa6c-6a5ce886c1ec-11
Task Deleted : 1c4fb8c3-4482-4747-aa6c-6a5ce886c1ec-2
Task Deleted : 1c4fb8c3-4482-4747-aa6c-6a5ce886c1ec-4
Task Deleted : 1c4fb8c3-4482-4747-aa6c-6a5ce886c1ec-5
Task Deleted : 1c4fb8c3-4482-4747-aa6c-6a5ce886c1ec-5_user
Task Deleted : 1c4fb8c3-4482-4747-aa6c-6a5ce886c1ec-6
Task Deleted : 1c4fb8c3-4482-4747-aa6c-6a5ce886c1ec-7

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLV Player\Uninstall.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0048559.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0048559.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0048559.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0048559.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411851159}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422852259}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455855559}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466856659}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444854459}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411851159}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110411851159}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110411851159}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411851159}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422852259}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455855559}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466856659}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411851159}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\Goobzo
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKLM\SOFTWARE\Email Notifier
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\Goobzo
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\mystarttb
Key Deleted : HKLM\SOFTWARE\Pirrit
Key Deleted : HKLM\SOFTWARE\Upt
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : [x64] HKLM\SOFTWARE\Pirrit
Key Deleted : [x64] HKLM\SOFTWARE\Upt

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17239


-\\ Google Chrome v36.0.1985.143

[ File : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [10323 octets] - [31/08/2014 16:54:16]
AdwCleaner[S0].txt - [10113 octets] - [31/08/2014 16:56:23]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10174 octets] ##########

Poprosim o FRST http://forum.viry.cz/viewtopic.php?f=13&t=133100

log FRST:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-08-2014
Ran by User (administrator) on WIZZY-PC on 31-08-2014 17:53:59
Running from C:\Users\User\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Users\User\AppData\Local\95e7150cfbe0077d019a301ebb47332f\MotionOCRWin32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files (x86)\Gaming Keyboard\Monitor.EXE
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\Gaming Keyboard\OSD.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\User\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [520760 2010-03-10] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [VICTORY Gaming Keyboard] => C:\Program Files (x86)\Gaming Keyboard\Monitor.exe [270336 2013-04-09] ()
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [455512 2014-05-28] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKU\.DEFAULT\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-04-07] (Microsoft Corporation)
HKU\S-1-5-21-1570955093-1124358558-1990792310-1000\...\Run: [Google Update] => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-02-22] (Google Inc.)
HKU\S-1-5-21-1570955093-1124358558-1990792310-1000\...\MountPoints2: {8a44ef58-97d2-11e2-a554-806e6f6e6963} - D:\autorun.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

SearchScopes: HKCU - DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ͬ˛˝Ň»Ľü°˛×°Ö§łÖ -> {F72C8153-7140-4FEE-8F69-CA4579D71195} -> C:\Program Files (x86)\Tongbu\Addin\tbIEAddin.dll (同步网络平台)
Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{AD5B331D-8735-43FC-A8ED-F847E7761D95}: [NameServer] 213.46.172.36,213.46.172.37

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tongbu.com/tongbu,version=0.1 -> C:\Program Files (x86)\Tongbu\Addin\npTongbuAddin.dll (同步网络平台)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\User\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\User\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\User\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\User\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Users\User\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\User\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mapy-cz.xml

Chrome:
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-17]
CHR Extension: (Disk Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-17]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-17]
CHR Extension: (Vyhledávání Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-17]
CHR Extension: (Peněženka Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-17]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 DebugPathRoot.exe; C:\Users\User\AppData\Local\95e7150cfbe0077d019a301ebb47332f\MotionOCRWin32.exe [110592 2014-06-03] () [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S2 0fe17f7f7055ca8.exe; C:\Users\User\AppData\Local\0c8010b42ce9c0896292f9a00871cf6d\0fe17f7f7055ca8.exe [X]
S2 8466e4bf6f86000.exe; C:\Users\User\AppData\Local\e5a6946aeccac218acdd006c605848c5\8466e4bf6f86000.exe [X]
S2 CronDockWord.exe; C:\Users\User\AppData\Local\CronDockWord\CronDockWord.exe [X]
S2 e177f95e8bcdff0.exe; C:\Users\User\AppData\Local\5b37c15f318304c12ff7bd21aaf6bc6b\e177f95e8bcdff0.exe [X]
S2 FirmwareOfficeRecycle.exe; C:\Users\User\AppData\Local\FirmwareOfficeRecycle\FirmwareOfficeRecycle.exe [X]
S2 WinRST; C:\Program Files (x86)\WinRST\WinRST.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 CnxtHdmiAudService; C:\Windows\System32\drivers\CHDMI64.sys [720952 2010-03-05] (Conexant Systems Inc.)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [42224 2014-05-13] (Visicom Media Inc.)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35440 2014-05-13] (Visicom Media Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 RegFltrX64; \??\C:\Users\User\AppData\Local\95e7150cfbe0077d019a301ebb47332f\RegFltrX64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-31 17:53 - 2014-08-31 17:55 - 00013094 _____ () C:\Users\User\Desktop\FRST.txt
2014-08-31 17:52 - 2014-08-31 17:54 - 00000000 ____D () C:\FRST
2014-08-31 17:51 - 2014-08-31 17:51 - 00112640 _____ (forum.viry.cz) C:\Users\User\Desktop\FRSTLauncher.exe
2014-08-31 17:48 - 2014-08-31 17:49 - 02104320 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2014-08-31 17:24 - 2014-08-31 17:24 - 00000000 ____D () C:\Users\User\AppData\Local\FirmwareOfficeRecycle
2014-08-31 17:22 - 2014-08-31 17:10 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-08-31 17:11 - 2014-08-31 17:26 - 00008913 _____ () C:\zoek-results.log
2014-08-31 17:07 - 2014-08-31 17:20 - 00000000 ____D () C:\zoek_backup
2014-08-31 17:06 - 2014-08-31 17:07 - 01288704 _____ () C:\Users\User\Desktop\zoek.exe
2014-08-31 17:06 - 2014-08-31 17:06 - 00000000 ____D () C:\Users\User\Desktop\zoek
2014-08-31 17:05 - 2014-08-31 17:05 - 04245477 _____ () C:\Users\User\Desktop\zoek.rar
2014-08-31 16:55 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-31 16:54 - 2014-08-31 16:56 - 00000000 ____D () C:\AdwCleaner
2014-08-31 16:51 - 2014-08-31 16:51 - 01364531 _____ () C:\Users\User\Desktop\adwcleaner_3.308.exe
2014-08-31 15:33 - 2014-08-31 15:34 - 00000000 ____D () C:\rsit
2014-08-31 15:33 - 2014-08-31 15:34 - 00000000 ____D () C:\Program Files\trend micro
2014-08-30 22:03 - 2014-08-30 22:03 - 00002962 _____ () C:\Windows\System32\Tasks\{9D266CD5-2D13-4A10-B4EF-C87DC7066080}
2014-08-30 21:49 - 2014-08-30 21:49 - 00000000 ____D () C:\Users\User\Documents\Eidos
2014-08-30 21:48 - 2014-08-30 21:48 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-08-30 21:47 - 2014-08-30 21:47 - 00003068 _____ () C:\Windows\System32\Tasks\Tomb Raider - Anniversary
2014-08-30 21:47 - 2014-08-30 21:47 - 00001019 _____ () C:\Users\User\Desktop\TRA.lnk
2014-08-30 21:26 - 2014-08-30 21:50 - 00000000 ____D () C:\Program Files (x86)\Tomb Raider - Anniversary
2014-08-30 21:25 - 2014-08-30 22:03 - 00001949 _____ () C:\Users\User\Desktop\GameShadow.lnk
2014-08-30 21:25 - 2014-08-30 21:25 - 00000000 ____D () C:\Users\User\Documents\GameShadow
2014-08-30 21:25 - 2014-08-30 21:25 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameShadow
2014-08-30 21:23 - 2014-08-30 21:23 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-08-29 13:13 - 2014-08-29 13:14 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\User\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-27 22:39 - 2014-08-27 22:39 - 00002158 _____ () C:\Users\User\Desktop\Spustit Tony Hawk's American Wasteland.lnk
2014-08-27 22:39 - 2014-08-27 22:39 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aspyr Media, Inc
2014-08-27 22:28 - 2014-08-27 22:28 - 00000000 ____D () C:\Program Files (x86)\Aspyr Media, Inc
2014-08-27 22:22 - 2014-08-27 22:27 - 00000000 ____D () C:\Users\User\Desktop\instalačky
2014-08-27 22:22 - 2014-08-27 22:22 - 00000000 ____D () C:\Users\User\Desktop\sk8
2014-08-27 22:21 - 2014-08-29 16:38 - 00000000 ____D () C:\Users\User\Desktop\filmy
2014-08-27 19:58 - 2014-08-27 20:20 - 00000000 ____D () C:\Users\User\Desktop\MattyBraps
2014-08-27 19:31 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-27 19:31 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-27 19:31 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-27 19:25 - 2014-08-27 19:25 - 00004022 _____ () C:\Users\User\AppData\Local\recently-used.xbel
2014-08-25 20:53 - 2014-08-27 20:20 - 00000000 ____D () C:\Users\User\AppData\Roaming\Mp3tag
2014-08-25 20:53 - 2014-08-25 20:53 - 00000983 _____ () C:\Users\Public\Desktop\Mp3tag.lnk
2014-08-25 20:53 - 2014-08-25 20:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2014-08-25 20:53 - 2014-08-25 20:53 - 00000000 ____D () C:\Program Files (x86)\Mp3tag
2014-08-25 19:08 - 2014-08-25 19:08 - 00001070 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-08-25 14:04 - 2014-08-25 14:04 - 00000029 _____ () C:\Users\User\Desktop\Nový textový dokument (3).txt
2014-08-25 02:16 - 2014-08-25 02:16 - 00001013 _____ () C:\Users\Public\Desktop\AMP WinOFF.lnk
2014-08-25 02:16 - 2014-08-25 02:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMP WinOFF
2014-08-25 02:16 - 2014-08-25 02:16 - 00000000 ____D () C:\Program Files (x86)\AMP WinOFF
2014-08-24 15:32 - 2014-08-24 16:41 - 00000177 _____ () C:\Users\User\Desktop\Nový textový dokument (2).txt
2014-08-23 18:05 - 2014-08-23 18:05 - 00000939 _____ () C:\Users\User\Desktop\Open Broadcaster Software.lnk
2014-08-23 16:18 - 2014-08-23 16:18 - 00365330 _____ () C:\Users\User\Desktop\SB by Wizzy.rar
2014-08-22 21:26 - 2014-08-22 21:26 - 00001398 _____ () C:\Users\User\Desktop\Last-World – zástupce.lnk
2014-08-21 16:46 - 2014-08-21 16:46 - 00000004 _____ () C:\Users\User\Desktop\Nový textový dokument.txt
2014-08-21 15:25 - 2014-08-21 15:25 - 00365173 _____ () C:\Users\User\Desktop\SB ByCalleWay.rar
2014-08-21 14:13 - 2014-08-21 14:13 - 00001470 _____ () C:\Users\User\Desktop\TheLostIsland – zástupce.lnk
2014-08-21 14:13 - 2014-08-21 14:13 - 00001378 _____ () C:\Users\User\Desktop\Attomey – zástupce.lnk
2014-08-21 14:09 - 2014-08-26 17:01 - 00000000 ____D () C:\Program Files (x86)\The-Lost-Island
2014-08-21 13:58 - 2014-08-21 14:00 - 1490421380 _____ () C:\Users\User\Downloads\The-Lost-Island.zip
2014-08-20 20:16 - 2014-08-20 20:30 - 00000000 ____D () C:\Users\User\Downloads\Big Time Rush - 24_Seven (Deluxe Edition) (Album)
2014-08-20 20:05 - 2014-08-27 19:39 - 00000000 ____D () C:\Users\User\Desktop\COVERS
2014-08-20 19:54 - 2014-08-26 13:51 - 00000000 ____D () C:\Users\User\Documents\RAR
2014-08-20 19:46 - 2014-08-20 19:56 - 00000000 ____D () C:\Users\User\Downloads\Wiz Khalifa - Blacc Hollywood (Deluxe Edition)
2014-08-20 16:06 - 2014-08-20 16:06 - 00000000 ____D () C:\Users\User\AppData\Roaming\Teiron
2014-08-20 15:46 - 2014-08-20 15:46 - 00001177 _____ () C:\Users\User\Desktop\ihelper – zástupce.lnk
2014-08-20 15:06 - 2014-08-20 15:36 - 00000000 ____D () C:\Users\User\Documents\Tongbu
2014-08-20 15:06 - 2014-08-20 15:10 - 00001899 _____ () C:\Users\Public\Desktop\Tongbu Assistant.lnk
2014-08-20 15:06 - 2014-08-20 15:10 - 00000000 ____D () C:\Program Files (x86)\Tongbu
2014-08-20 15:06 - 2014-08-20 15:06 - 00001242 _____ () C:\Users\Public\Desktop\All Things iPhone.lnk
2014-08-20 15:06 - 2014-08-20 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tongbu Network
2014-08-20 14:59 - 2014-08-20 14:59 - 21692472 _____ () C:\Users\User\Downloads\Tongbu_2.191_1.exe
2014-08-19 21:41 - 2014-08-23 20:44 - 00000000 ____D () C:\Users\User\Downloads\Soulja Boy - King Soulja 3
2014-08-19 19:04 - 2014-08-19 19:04 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-19 19:04 - 2014-08-19 19:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-19 19:02 - 2014-08-19 19:04 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-19 19:02 - 2014-08-19 19:04 - 00000000 ____D () C:\Program Files\iTunes
2014-08-19 19:02 - 2014-08-19 19:04 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-19 19:02 - 2014-08-19 19:02 - 00000000 ____D () C:\Program Files\iPod
2014-08-17 01:47 - 2014-08-31 17:53 - 00000948 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-17 01:47 - 2014-08-31 17:24 - 00000944 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-17 01:47 - 2014-08-17 01:47 - 00003944 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-08-17 01:47 - 2014-08-17 01:47 - 00003692 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-08-17 01:47 - 2014-08-17 01:47 - 00002259 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-17 01:47 - 2014-08-17 01:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-17 01:46 - 2014-08-17 01:46 - 00895120 _____ (Google Inc.) C:\Users\User\Downloads\ChromeSetup.exe
2014-08-16 21:00 - 2014-08-16 21:00 - 00000000 _____ () C:\Windows\SysWOW64\Block.txt
2014-08-16 20:59 - 2014-08-16 21:00 - 00000000 ____D () C:\Windows\SysWOW64\pack
2014-08-16 18:04 - 2014-08-25 12:19 - 00000000 ____D () C:\Program Files (x86)\Attomey ---
2014-08-16 18:04 - 2014-08-16 18:04 - 00003160 _____ () C:\Windows\System32\Tasks\{54E267BE-FE23-4D53-BD02-7E7C9CD92C9E}
2014-08-16 17:04 - 2014-04-18 08:20 - 00000000 ____D () C:\Users\User\Downloads\MultiHack Mt2
2014-08-15 21:16 - 2014-08-15 21:16 - 00000000 ____D () C:\Users\User\AppData\Roaming\Tomabo
2014-08-14 15:16 - 2014-08-14 15:16 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_netaapl64_01009.Wdf
2014-08-13 19:04 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-13 19:04 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-13 19:04 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-13 19:04 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-13 19:03 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-13 19:03 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-13 19:03 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-13 19:03 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-13 18:29 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-13 18:29 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-13 18:29 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-13 18:29 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-13 18:29 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-13 18:29 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-13 18:29 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-13 18:29 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-13 18:29 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-13 18:29 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-13 18:29 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-13 18:29 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-13 18:29 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-13 18:29 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-13 18:29 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-13 18:29 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-13 18:28 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 18:28 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 18:28 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 18:28 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 18:28 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-13 18:28 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-13 18:28 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-13 18:27 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 18:26 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-13 18:26 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-13 18:26 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-13 18:26 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-13 18:26 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-13 18:26 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-13 18:26 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-13 18:26 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-13 18:26 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-13 18:26 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-13 18:26 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-13 18:26 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-13 18:26 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-13 18:26 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-13 18:26 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-13 18:26 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-13 18:26 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-13 18:26 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-13 18:26 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-13 18:26 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-13 18:26 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-13 18:26 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-13 18:26 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-13 18:26 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-13 18:26 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-13 18:26 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-13 18:26 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-13 18:26 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-13 18:26 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-13 18:26 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-13 18:26 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-13 18:26 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-13 18:26 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-13 18:26 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-13 18:26 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-13 18:26 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-13 18:26 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-13 18:26 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-13 18:26 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-13 18:26 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-13 18:26 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-13 18:26 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-13 18:26 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-13 18:26 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-13 18:26 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-13 18:26 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-13 18:26 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-13 18:26 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-13 18:26 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-13 18:26 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-13 18:26 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-13 18:26 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-13 18:26 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-13 18:26 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-13 18:26 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-13 18:26 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-13 18:26 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-13 18:26 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-13 18:25 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-13 18:25 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-12 18:33 - 2014-08-13 10:10 - 00000000 ____D () C:\Users\User\AppData\Roaming\Dropbox
2014-08-12 10:49 - 2014-08-12 10:50 - 00000000 ____D () C:\Users\User\Desktop\Switch-bot
2014-08-03 10:55 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-03 10:55 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-03 10:55 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-03 10:55 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-03 10:55 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-03 10:55 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-03 10:55 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-03 10:55 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-03 10:55 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-03 10:55 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-03 10:54 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-03 10:54 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-03 10:54 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-03 10:54 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-31 17:55 - 2014-08-31 17:53 - 00013094 _____ () C:\Users\User\Desktop\FRST.txt
2014-08-31 17:54 - 2014-08-31 17:52 - 00000000 ____D () C:\FRST
2014-08-31 17:53 - 2014-08-17 01:47 - 00000948 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-31 17:51 - 2014-08-31 17:51 - 00112640 _____ (forum.viry.cz) C:\Users\User\Desktop\FRSTLauncher.exe
2014-08-31 17:49 - 2014-08-31 17:48 - 02104320 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2014-08-31 17:49 - 2013-04-03 21:05 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-31 17:33 - 2009-07-14 06:45 - 00026064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-31 17:33 - 2009-07-14 06:45 - 00026064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-31 17:29 - 2013-03-28 20:11 - 01105387 _____ () C:\Windows\WindowsUpdate.log
2014-08-31 17:26 - 2014-08-31 17:11 - 00008913 _____ () C:\zoek-results.log
2014-08-31 17:24 - 2014-08-31 17:24 - 00000000 ____D () C:\Users\User\AppData\Local\FirmwareOfficeRecycle
2014-08-31 17:24 - 2014-08-17 01:47 - 00000944 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-31 17:23 - 2013-03-29 12:59 - 00362158 _____ () C:\Windows\PFRO.log
2014-08-31 17:23 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-31 17:23 - 2009-07-14 06:51 - 00077631 _____ () C:\Windows\setupact.log
2014-08-31 17:20 - 2014-08-31 17:07 - 00000000 ____D () C:\zoek_backup
2014-08-31 17:10 - 2014-08-31 17:22 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-08-31 17:07 - 2014-08-31 17:06 - 01288704 _____ () C:\Users\User\Desktop\zoek.exe
2014-08-31 17:06 - 2014-08-31 17:06 - 00000000 ____D () C:\Users\User\Desktop\zoek
2014-08-31 17:05 - 2014-08-31 17:05 - 04245477 _____ () C:\Users\User\Desktop\zoek.rar
2014-08-31 16:56 - 2014-08-31 16:54 - 00000000 ____D () C:\AdwCleaner
2014-08-31 16:56 - 2014-07-06 17:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLV Player
2014-08-31 16:51 - 2014-08-31 16:51 - 01364531 _____ () C:\Users\User\Desktop\adwcleaner_3.308.exe
2014-08-31 15:58 - 2014-03-01 14:56 - 00000958 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1570955093-1124358558-1990792310-1000UA.job
2014-08-31 15:58 - 2014-03-01 14:56 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1570955093-1124358558-1990792310-1000Core.job
2014-08-31 15:34 - 2014-08-31 15:33 - 00000000 ____D () C:\rsit
2014-08-31 15:34 - 2014-08-31 15:33 - 00000000 ____D () C:\Program Files\trend micro
2014-08-31 15:20 - 2013-10-23 15:34 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-08-30 22:03 - 2014-08-30 22:03 - 00002962 _____ () C:\Windows\System32\Tasks\{9D266CD5-2D13-4A10-B4EF-C87DC7066080}
2014-08-30 22:03 - 2014-08-30 21:25 - 00001949 _____ () C:\Users\User\Desktop\GameShadow.lnk
2014-08-30 21:50 - 2014-08-30 21:26 - 00000000 ____D () C:\Program Files (x86)\Tomb Raider - Anniversary
2014-08-30 21:49 - 2014-08-30 21:49 - 00000000 ____D () C:\Users\User\Documents\Eidos
2014-08-30 21:48 - 2014-08-30 21:48 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-08-30 21:47 - 2014-08-30 21:47 - 00003068 _____ () C:\Windows\System32\Tasks\Tomb Raider - Anniversary
2014-08-30 21:47 - 2014-08-30 21:47 - 00001019 _____ () C:\Users\User\Desktop\TRA.lnk
2014-08-30 21:47 - 2013-05-04 20:33 - 00180127 _____ () C:\Windows\DirectX.log
2014-08-30 21:47 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-08-30 21:25 - 2014-08-30 21:25 - 00000000 ____D () C:\Users\User\Documents\GameShadow
2014-08-30 21:25 - 2014-08-30 21:25 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameShadow
2014-08-30 21:23 - 2014-08-30 21:23 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-08-30 18:49 - 2014-04-26 08:52 - 00000000 ____D () C:\Users\User\AppData\Roaming\vlc
2014-08-29 16:38 - 2014-08-27 22:21 - 00000000 ____D () C:\Users\User\Desktop\filmy
2014-08-29 16:29 - 2009-07-14 17:18 - 00668890 _____ () C:\Windows\system32\perfh005.dat
2014-08-29 16:29 - 2009-07-14 17:18 - 00141518 _____ () C:\Windows\system32\perfc005.dat
2014-08-29 16:29 - 2009-07-14 07:13 - 01583642 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-29 13:14 - 2014-08-29 13:13 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\User\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-27 22:39 - 2014-08-27 22:39 - 00002158 _____ () C:\Users\User\Desktop\Spustit Tony Hawk's American Wasteland.lnk
2014-08-27 22:39 - 2014-08-27 22:39 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aspyr Media, Inc
2014-08-27 22:28 - 2014-08-27 22:28 - 00000000 ____D () C:\Program Files (x86)\Aspyr Media, Inc
2014-08-27 22:27 - 2014-08-27 22:22 - 00000000 ____D () C:\Users\User\Desktop\instalačky
2014-08-27 22:26 - 2014-02-06 16:45 - 00000000 ___RD () C:\Wizzy
2014-08-27 22:22 - 2014-08-27 22:22 - 00000000 ____D () C:\Users\User\Desktop\sk8
2014-08-27 22:16 - 2009-07-14 06:45 - 00420592 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-27 20:20 - 2014-08-27 19:58 - 00000000 ____D () C:\Users\User\Desktop\MattyBraps
2014-08-27 20:20 - 2014-08-25 20:53 - 00000000 ____D () C:\Users\User\AppData\Roaming\Mp3tag
2014-08-27 19:39 - 2014-08-20 20:05 - 00000000 ____D () C:\Users\User\Desktop\COVERS
2014-08-27 19:31 - 2013-12-20 16:25 - 00000000 ____D () C:\Users\User\.gimp-2.8
2014-08-27 19:25 - 2014-08-27 19:25 - 00004022 _____ () C:\Users\User\AppData\Local\recently-used.xbel
2014-08-27 19:25 - 2013-12-20 16:27 - 00000000 ____D () C:\Users\User\AppData\Local\gtk-2.0
2014-08-26 17:01 - 2014-08-21 14:09 - 00000000 ____D () C:\Program Files (x86)\The-Lost-Island
2014-08-26 16:52 - 2014-02-06 18:32 - 00000000 ____D () C:\Program Files (x86)\Last-World
2014-08-26 13:51 - 2014-08-20 19:54 - 00000000 ____D () C:\Users\User\Documents\RAR
2014-08-25 20:53 - 2014-08-25 20:53 - 00000983 _____ () C:\Users\Public\Desktop\Mp3tag.lnk
2014-08-25 20:53 - 2014-08-25 20:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2014-08-25 20:53 - 2014-08-25 20:53 - 00000000 ____D () C:\Program Files (x86)\Mp3tag
2014-08-25 19:08 - 2014-08-25 19:08 - 00001070 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-08-25 14:04 - 2014-08-25 14:04 - 00000029 _____ () C:\Users\User\Desktop\Nový textový dokument (3).txt
2014-08-25 12:19 - 2014-08-16 18:04 - 00000000 ____D () C:\Program Files (x86)\Attomey ---
2014-08-25 02:16 - 2014-08-25 02:16 - 00001013 _____ () C:\Users\Public\Desktop\AMP WinOFF.lnk
2014-08-25 02:16 - 2014-08-25 02:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMP WinOFF
2014-08-25 02:16 - 2014-08-25 02:16 - 00000000 ____D () C:\Program Files (x86)\AMP WinOFF
2014-08-24 19:47 - 2013-04-16 17:57 - 00000000 ____D () C:\Program Files (x86)\QuadCoreM2
2014-08-24 16:41 - 2014-08-24 15:32 - 00000177 _____ () C:\Users\User\Desktop\Nový textový dokument (2).txt
2014-08-23 20:44 - 2014-08-19 21:41 - 00000000 ____D () C:\Users\User\Downloads\Soulja Boy - King Soulja 3
2014-08-23 19:21 - 2013-11-06 20:38 - 00000000 ____D () C:\Users\User\Documents\ihelper
2014-08-23 18:07 - 2014-02-23 16:33 - 00000000 ____D () C:\Users\User\AppData\Roaming\OBS
2014-08-23 18:05 - 2014-08-23 18:05 - 00000939 _____ () C:\Users\User\Desktop\Open Broadcaster Software.lnk
2014-08-23 18:05 - 2014-02-23 16:32 - 00000000 ____D () C:\Program Files\OBS
2014-08-23 18:05 - 2014-02-23 16:32 - 00000000 ____D () C:\Program Files (x86)\OBS
2014-08-23 16:18 - 2014-08-23 16:18 - 00365330 _____ () C:\Users\User\Desktop\SB by Wizzy.rar
2014-08-23 04:07 - 2014-08-27 19:31 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-27 19:31 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-27 19:31 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 21:26 - 2014-08-22 21:26 - 00001398 _____ () C:\Users\User\Desktop\Last-World – zástupce.lnk
2014-08-22 17:24 - 2009-07-14 07:08 - 00032562 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-22 01:17 - 2014-03-13 20:38 - 00000000 ___RD () C:\Users\User\Desktop\Games
2014-08-21 21:35 - 2014-06-26 15:34 - 00000000 ____D () C:\Users\User\AppData\Roaming\DivX
2014-08-21 16:46 - 2014-08-21 16:46 - 00000004 _____ () C:\Users\User\Desktop\Nový textový dokument.txt
2014-08-21 15:25 - 2014-08-21 15:25 - 00365173 _____ () C:\Users\User\Desktop\SB ByCalleWay.rar
2014-08-21 14:13 - 2014-08-21 14:13 - 00001470 _____ () C:\Users\User\Desktop\TheLostIsland – zástupce.lnk
2014-08-21 14:13 - 2014-08-21 14:13 - 00001378 _____ () C:\Users\User\Desktop\Attomey – zástupce.lnk
2014-08-21 14:00 - 2014-08-21 13:58 - 1490421380 _____ () C:\Users\User\Downloads\The-Lost-Island.zip
2014-08-21 13:47 - 2013-04-03 21:05 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-21 13:47 - 2013-04-03 21:05 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-21 13:47 - 2013-04-03 21:05 - 00003852 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-20 20:30 - 2014-08-20 20:16 - 00000000 ____D () C:\Users\User\Downloads\Big Time Rush - 24_Seven (Deluxe Edition) (Album)
2014-08-20 19:56 - 2014-08-20 19:46 - 00000000 ____D () C:\Users\User\Downloads\Wiz Khalifa - Blacc Hollywood (Deluxe Edition)
2014-08-20 16:06 - 2014-08-20 16:06 - 00000000 ____D () C:\Users\User\AppData\Roaming\Teiron
2014-08-20 16:00 - 2014-03-05 21:07 - 00000000 ____D () C:\Users\User\AppData\Roaming\ihelper2014
2014-08-20 15:46 - 2014-08-20 15:46 - 00001177 _____ () C:\Users\User\Desktop\ihelper – zástupce.lnk
2014-08-20 15:36 - 2014-08-20 15:06 - 00000000 ____D () C:\Users\User\Documents\Tongbu
2014-08-20 15:10 - 2014-08-20 15:06 - 00001899 _____ () C:\Users\Public\Desktop\Tongbu Assistant.lnk
2014-08-20 15:10 - 2014-08-20 15:06 - 00000000 ____D () C:\Program Files (x86)\Tongbu
2014-08-20 15:06 - 2014-08-20 15:06 - 00001242 _____ () C:\Users\Public\Desktop\All Things iPhone.lnk
2014-08-20 15:06 - 2014-08-20 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tongbu Network
2014-08-20 14:59 - 2014-08-20 14:59 - 21692472 _____ () C:\Users\User\Downloads\Tongbu_2.191_1.exe
2014-08-19 19:12 - 2014-07-31 15:55 - 00003828 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1406814931
2014-08-19 19:12 - 2014-07-31 15:55 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-08-19 19:04 - 2014-08-19 19:04 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-19 19:04 - 2014-08-19 19:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-19 19:04 - 2014-08-19 19:02 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-19 19:04 - 2014-08-19 19:02 - 00000000 ____D () C:\Program Files\iTunes
2014-08-19 19:04 - 2014-08-19 19:02 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-19 19:02 - 2014-08-19 19:02 - 00000000 ____D () C:\Program Files\iPod
2014-08-17 01:47 - 2014-08-17 01:47 - 00003944 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-08-17 01:47 - 2014-08-17 01:47 - 00003692 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-08-17 01:47 - 2014-08-17 01:47 - 00002259 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-17 01:47 - 2014-08-17 01:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-17 01:47 - 2013-11-01 15:19 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-17 01:47 - 2013-03-28 21:21 - 00000000 ____D () C:\Users\User\AppData\Local\Google
2014-08-17 01:46 - 2014-08-17 01:46 - 00895120 _____ (Google Inc.) C:\Users\User\Downloads\ChromeSetup.exe
2014-08-16 21:00 - 2014-08-16 21:00 - 00000000 _____ () C:\Windows\SysWOW64\Block.txt
2014-08-16 21:00 - 2014-08-16 20:59 - 00000000 ____D () C:\Windows\SysWOW64\pack
2014-08-16 18:04 - 2014-08-16 18:04 - 00003160 _____ () C:\Windows\System32\Tasks\{54E267BE-FE23-4D53-BD02-7E7C9CD92C9E}
2014-08-15 21:16 - 2014-08-15 21:16 - 00000000 ____D () C:\Users\User\AppData\Roaming\Tomabo
2014-08-15 20:27 - 2013-04-20 19:24 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
2014-08-14 15:16 - 2014-08-14 15:16 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_netaapl64_01009.Wdf
2014-08-13 21:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-13 19:31 - 2013-05-05 19:34 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-13 19:15 - 2014-05-19 16:25 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-13 19:12 - 2014-05-19 16:25 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-13 19:01 - 2014-05-19 17:26 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-13 10:10 - 2014-08-12 18:33 - 00000000 ____D () C:\Users\User\AppData\Roaming\Dropbox
2014-08-12 10:50 - 2014-08-12 10:49 - 00000000 ____D () C:\Users\User\Desktop\Switch-bot
2014-08-11 19:35 - 2014-07-11 19:33 - 00000000 ____D () C:\Users\User\AppData\Local\ManyCam
2014-08-07 04:06 - 2014-08-13 18:25 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 04:01 - 2014-08-13 18:25 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-01 22:54 - 2013-08-05 19:15 - 00000000 ____D () C:\Users\User\AppData\Roaming\.minecraft
2014-08-01 01:41 - 2014-08-13 18:26 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-01 01:16 - 2014-08-13 18:26 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-28 22:36




===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:698.54 GB) (Free:586.32 GB) NTFS
Drive d: (TRA) (CDROM) (Total:2.22 GB) (Free:0 GB) CDFS

Available physical RAM: 2860.38 MB
Total physical RAM: 4090.9 MB
Percentage of memory in use: 30%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 534BB8CF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=698.5 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1570955093-1124358558-1990792310-1000Core.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1570955093-1124358558-1990792310-1000UA.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\ProgramData\Temp:56E2E879

==================== Security Center ==================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\User\Desktop" je 11983 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon
"C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update
"C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor
"C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
"C:\Program Files (x86)\iTunes\iTunesHelper.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ManyCam
"C:\Program Files (x86)\ManyCam\ManyCam.exe" --silent [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartAudio
C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartFaceVWatcher
%ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam
"C:\Program Files (x86)\Steam\steam.exe" -silent [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TWebCamera
"C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^V��ezy obrazovky a spu�t�n� aplikace OneNote 2007.lnk
C:\PROGRA~2\MICROS~2\Office12\ONENOTEM.EXE /tsr [x]


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Chtěl jste po mne FRST já ho sem dal proč neodpovídáte????

Treba proto, ze vsichni jsme tu zdarma a ve svem volnem case a i ja mam rodinu ci praci

Tvorba fixlistu pro FRST

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  Start
  HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
  HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [455512 2014-05-28] (DivX, LLC)
  HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
  HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
  HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
  HKU\.DEFAULT\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-04-07] (Microsoft Corporation)
  HKU\S-1-5-21-1570955093-1124358558-1990792310-1000\...\Run: [Google Update] => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-02-22] (Google Inc.)
  HKU\S-1-5-21-1570955093-1124358558-1990792310-1000\...\MountPoints2: {8a44ef58-97d2-11e2-a554-806e6f6e6963} - D:\autorun.exe
  
  BHO-x32: ͬ˛˝Ň»Ľü°˛×°Ö§łÖ -> {F72C8153-7140-4FEE-8F69-CA4579D71195} -> C:\Program Files (x86)\Tongbu\Addin\tbIEAddin.dll (同步网络平台)
  
  S2 0fe17f7f7055ca8.exe; C:\Users\User\AppData\Local\0c8010b42ce9c0896292f9a00871cf6d\0fe17f7f7055ca8.exe [X]
  S2 8466e4bf6f86000.exe; C:\Users\User\AppData\Local\e5a6946aeccac218acdd006c605848c5\8466e4bf6f86000.exe [X]
  S2 CronDockWord.exe; C:\Users\User\AppData\Local\CronDockWord\CronDockWord.exe [X]
  S2 e177f95e8bcdff0.exe; C:\Users\User\AppData\Local\5b37c15f318304c12ff7bd21aaf6bc6b\e177f95e8bcdff0.exe [X]
  S2 FirmwareOfficeRecycle.exe; C:\Users\User\AppData\Local\FirmwareOfficeRecycle\FirmwareOfficeRecycle.exe [X]
  S2 WinRST; C:\Program Files (x86)\WinRST\WinRST.exe [X]
  
  S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
  S3 RegFltrX64; \??\C:\Users\User\AppData\Local\95e7150cfbe0077d019a301ebb47332f\RegFltrX64.sys [X]
  S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
  
  C:\Users\User\AppData\Local\0c8010b42ce9c0896292f9a00871cf6d
  C:\Users\User\AppData\Local\e5a6946aeccac218acdd006c605848c5
  C:\Users\User\AppData\Local\CronDockWord
  C:\Users\User\AppData\Local\FirmwareOfficeRecycle
  C:\Users\User\AppData\Local\5b37c15f318304c12ff7bd21aaf6bc6b
  C:\Users\User\AppData\Local\95e7150cfbe0077d019a301ebb47332f
  c:\Program Files (x86)\WinRST
  2014-08-31 17:53 - 2014-08-31 17:55 - 00013094 _____ () C:\Users\User\Desktop\FRST.txt
  2014-08-31 17:51 - 2014-08-31 17:51 - 00112640 _____ (forum.viry.cz) C:\Users\User\Desktop\FRSTLauncher.exe
  2014-08-31 17:24 - 2014-08-31 17:24 - 00000000 ____D () C:\Users\User\AppData\Local\FirmwareOfficeRecycle
  2014-08-31 17:22 - 2014-08-31 17:10 - 00024064 _____ () C:\Windows\zoek-delete.exe
  2014-08-31 17:11 - 2014-08-31 17:26 - 00008913 _____ () C:\zoek-results.log
  2014-08-31 17:07 - 2014-08-31 17:20 - 00000000 ____D () C:\zoek_backup
  2014-08-31 17:06 - 2014-08-31 17:07 - 01288704 _____ () C:\Users\User\Desktop\zoek.exe
  2014-08-31 17:06 - 2014-08-31 17:06 - 00000000 ____D () C:\Users\User\Desktop\zoek
  2014-08-31 17:05 - 2014-08-31 17:05 - 04245477 _____ () C:\Users\User\Desktop\zoek.rar
  2014-08-31 16:55 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
  2014-08-31 16:54 - 2014-08-31 16:56 - 00000000 ____D () C:\AdwCleaner
  2014-08-31 16:51 - 2014-08-31 16:51 - 01364531 _____ () C:\Users\User\Desktop\adwcleaner_3.308.exe
  2014-08-31 15:33 - 2014-08-31 15:34 - 00000000 ____D () C:\rsit
  2014-08-31 15:33 - 2014-08-31 15:34 - 00000000 ____D () C:\Program Files\trend micro
  2014-08-30 22:03 - 2014-08-30 22:03 - 00002962 _____ () C:\Windows\System32\Tasks\{9D266CD5-2D13-4A10-B4EF-C87DC7066080}
  2014-08-29 13:13 - 2014-08-29 13:14 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\User\Desktop\mbam-setup-2.0.2.1012.exe
  
  Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
  Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1570955093-1124358558-1990792310-1000Core.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
  Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1570955093-1124358558-1990792310-1000UA.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
  
  AlternateDataStreams: C:\ProgramData\Temp:56E2E879
  
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam" /f
  
  Hosts:
  Reboot:
  End
  

• Ulozte vytvoreny TXT jako fixlist.txt
• Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

• Kliknete na Fix
• Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

v příloze je ten fixlog.txt

Jak se chova PC, je nejaky problem??

Prave, že jeden, který jsem dřív měl chci zkusit ale nwm jestli ma keylogger v PC, aby mne tam neokradli nebot tam jsem bohaty.

Tak jeste uklidime

T-Cleaner http://vyosek.tym.cz/pro_usery/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

PC bylo plne reklamniho SW a keyloggeru - vse odstraneno

A pokud nejsou problemy ci dotazy, je to z me strany vse

Ten T cleaner nejde aktivovat pomocí a + enter co mám dělat ??

Pokracujte dalsimi kroky...