VIRY.CZ

Dobrý den, nedávno jsem instaloval několik věcí (především přehrávače, atd.) a z hlouposti a spěchu jsem nečetl co všechno instaluji. Důsledek je to, že jsem chytil otravný vir. Při startu Google Chrome začíná na stránce "mystartsearch". I když přenastavím spouštění na jinou stránku. Podivné je pro mě to, že tak nečiní vždy. Občas se spustí na tuto stránku třeba až na po čtvrté. Eset ho našel 2x a "vyléčil", Malwarebytes dokonce 4x (2x exe a 2x v registrech) a také ho "vyléčil" po restartu pc se mi tu zase objevil a už si s ním nevím rady, proto prosím o kontrolu logu. Moc děkuji.

Moc se v logech nevyznám, takže RSIT:

Logfile of random's system information tool 1.10 (written by random/random)
Run by Zdeněk Kudrnáč at 2014-11-24 16:32:37
Microsoft Windows 8.1
System drive C: has 1289 GB (68%) free of 1894 GB
Total RAM: 8130 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:32:44, on 24. 11. 2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTray.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Zdeněk Kudrnáč.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = google.cz
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = google.cz
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.cz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = google.cz
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = google.cz
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Zdeněk Kudrnáč\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [Lync] "C:\Program Files\Microsoft Office\Office15\lync.exe" /fromrunkey
O4 - HKCU\..\Run: [Zoner Photo Studio Autoupdate] C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTRAY.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office15\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{59F1010C-5176-4797-B554-EBF38E6251E9}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: ExpressCache - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: FlexNet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Connected Remote Service (HPConnectedRemote) - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - c:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: mental ray Satellite for Autodesk 3ds Max 2014 64-bit (mi-raysat_3dsmax2014_64) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10122 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12570 bytes

======Listing Processes======





wininit.exe

C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
"C:\WINDOWS\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
"C:\Program Files\IDT\WDM\STacSV64.exe"
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\WINDOWS\system32\svchost.exe -k apphost
"C:\Program Files\Bonjour\mDNSResponder.exe"
dashost.exe {f8d11b87-6023-4b3f-803da4dee0c0693c}
"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
"C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe"
"c:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe"
"C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe"
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
"c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"

C:\WINDOWS\System32\WinLogon.exe -SpecialSession
-hiberboot
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\WINDOWS\system32\nvvsvc.exe -session
taskhostex.exe
"C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe"
C:\WINDOWS\Explorer.EXE
"C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\Version9\TeamViewer9_Logfile.log
"C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\Version9\TeamViewer9_Logfile.log
C:\Windows\System32\skydrive.exe -Embedding
"C:\Windows\System32\SettingSyncHost.exe" -Embedding
"C:\Program Files\IDT\WDM\Beats64.exe"
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTray.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://www.mystartsearch.com/?type=sc&t ... XXD014XXDX
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="3356.0.1392924299\1828484298" --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,17,38,46 --gpu-vendor-id=0x10de --gpu-device-id=0x1185 --gpu-driver-vendor=NVIDIA --gpu-driver-version=9.18.13.3788 --ignored=" --type=renderer " /prefetch:822062411
c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="AutoReloadExperiment/Enabled/AutoReloadVisibleOnlyExperiment/Enabled/BrowserBlacklist/Enabled/DomRel-Enable/enable/EmbeddedSearch/Group4 dev:r1 prefetch_results:1 reuse_instant_search_base_page:1 allow_prefetch_non_default_match:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Bootstrap/GCM/Enabled/GoogleNow/Enable/MaterialDesignNTP/Default/NewProfileManagement/NewAvatarMenu/PasswordGeneration/Disabled/Prerender/PrerenderControl/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/cd=3e:LocalPredictor=Enabled:SkipHTTPS=Enabled:SideEffectFreeWhitelist=Enabled:MaxConcurrentPrerenders=5:PrerenderPriorityHalfLifeTimeSeconds=30:PrerenderQueryPrerenderService=Enabled:PrerenderServiceFetchTimeoutMs=5000:PrerenderAlwaysControl=Enabled:MaxLaunchPrerenders=2:LocalPredictorUnencryptedSyncOnly=Enabled/RapporRollout/Enabled/RememberCertificateErrorDecisions/Default/SRTPromptFieldTrial/On/SafeBrowsingIncidentReportingService/Enabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/group_01/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-1-Percent/group_65/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_09/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/WebRTC-ApplicationUDPSendSocketSize/Default/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="3356.15.1891456752\552195145" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="AutoReloadExperiment/Enabled/AutoReloadVisibleOnlyExperiment/Enabled/BrowserBlacklist/Enabled/DomRel-Enable/enable/EmbeddedSearch/Group4 dev:r1 prefetch_results:1 reuse_instant_search_base_page:1 allow_prefetch_non_default_match:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Bootstrap/GCM/Enabled/GoogleNow/Enable/MaterialDesignNTP/Default/NewProfileManagement/NewAvatarMenu/PasswordGeneration/Disabled/Prerender/PrerenderControl/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/cd=3e:LocalPredictor=Enabled:SkipHTTPS=Enabled:SideEffectFreeWhitelist=Enabled:MaxConcurrentPrerenders=5:PrerenderPriorityHalfLifeTimeSeconds=30:PrerenderQueryPrerenderService=Enabled:PrerenderServiceFetchTimeoutMs=5000:PrerenderAlwaysControl=Enabled:MaxLaunchPrerenders=2:LocalPredictorUnencryptedSyncOnly=Enabled/RapporRollout/Enabled/RememberCertificateErrorDecisions/Default/SRTPromptFieldTrial/On/SafeBrowsingIncidentReportingService/Enabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/group_01/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-1-Percent/group_65/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_09/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/WebRTC-ApplicationUDPSendSocketSize/Default/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="3356.16.1225385526\2093614842" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="AutoReloadExperiment/Enabled/AutoReloadVisibleOnlyExperiment/Enabled/BrowserBlacklist/Enabled/DomRel-Enable/enable/EmbeddedSearch/Group4 dev:r1 prefetch_results:1 reuse_instant_search_base_page:1 allow_prefetch_non_default_match:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Bootstrap/GCM/Enabled/GoogleNow/Enable/MaterialDesignNTP/Default/NewProfileManagement/NewAvatarMenu/PasswordGeneration/Disabled/Prerender/PrerenderControl/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/cd=3e:LocalPredictor=Enabled:SkipHTTPS=Enabled:SideEffectFreeWhitelist=Enabled:MaxConcurrentPrerenders=5:PrerenderPriorityHalfLifeTimeSeconds=30:PrerenderQueryPrerenderService=Enabled:PrerenderServiceFetchTimeoutMs=5000:PrerenderAlwaysControl=Enabled:MaxLaunchPrerenders=2:LocalPredictorUnencryptedSyncOnly=Enabled/RapporRollout/Enabled/RememberCertificateErrorDecisions/Default/SRTPromptFieldTrial/On/SafeBrowsingIncidentReportingService/Enabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/group_01/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-1-Percent/group_65/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_09/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/WebRTC-ApplicationUDPSendSocketSize/Default/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="3356.17.955948045\824982780" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="AutoReloadExperiment/Enabled/AutoReloadVisibleOnlyExperiment/Enabled/BrowserBlacklist/Enabled/DomRel-Enable/enable/EmbeddedSearch/Group4 dev:r1 prefetch_results:1 reuse_instant_search_base_page:1 allow_prefetch_non_default_match:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Bootstrap/GCM/Enabled/GoogleNow/Enable/MaterialDesignNTP/Default/NewProfileManagement/NewAvatarMenu/PasswordGeneration/Disabled/Prerender/PrerenderControl/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/cd=3e:LocalPredictor=Enabled:SkipHTTPS=Enabled:SideEffectFreeWhitelist=Enabled:MaxConcurrentPrerenders=5:PrerenderPriorityHalfLifeTimeSeconds=30:PrerenderQueryPrerenderService=Enabled:PrerenderServiceFetchTimeoutMs=5000:PrerenderAlwaysControl=Enabled:MaxLaunchPrerenders=2:LocalPredictorUnencryptedSyncOnly=Enabled/RapporRollout/Enabled/RememberCertificateErrorDecisions/Default/SRTPromptFieldTrial/On/SafeBrowsingIncidentReportingService/Enabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/group_01/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-1-Percent/group_65/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_09/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/WebRTC-ApplicationUDPSendSocketSize/Default/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="3356.20.175471681\1789360731" /prefetch:673131151
"C:\Users\Zdeněk Kudrnáč\Downloads\RSITx64.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="AutoReloadExperiment/Enabled/AutoReloadVisibleOnlyExperiment/Enabled/BrowserBlacklist/Enabled/DomRel-Enable/enable/EmbeddedSearch/Group4 dev:r1 prefetch_results:1 reuse_instant_search_base_page:1 allow_prefetch_non_default_match:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Bootstrap/GCM/Enabled/GoogleNow/Enable/MaterialDesignNTP/Default/NewProfileManagement/NewAvatarMenu/PasswordGeneration/Disabled/Prerender/PrerenderControl/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/cd=3e:LocalPredictor=Enabled:SkipHTTPS=Enabled:SideEffectFreeWhitelist=Enabled:MaxConcurrentPrerenders=5:PrerenderPriorityHalfLifeTimeSeconds=30:PrerenderQueryPrerenderService=Enabled:PrerenderServiceFetchTimeoutMs=5000:PrerenderAlwaysControl=Enabled:MaxLaunchPrerenders=2:LocalPredictorUnencryptedSyncOnly=Enabled/RapporRollout/Enabled/RememberCertificateErrorDecisions/Default/SRTPromptFieldTrial/On/SafeBrowsingIncidentReportingService/Enabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/group_01/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-1-Percent/group_65/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_09/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/WebRTC-ApplicationUDPSendSocketSize/Default/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="3356.31.652643311\1538777648" /prefetch:673131151
C:\WINDOWS\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cf4e92abc5b674.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA1cf9084c1314275.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\WINDOWS\tasks\HPCeeScheduleForZdeněk Kudrnáč.job - C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForZdeněk Kudrnáč (null)

=========Mozilla firefox=========

ProfilePath - C:\Users\Zdeněk Kudrnáč\AppData\Roaming\Mozilla\Firefox\Profiles\csxtu4j7.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.51.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0]
"Description"=Microsoft Lync Plug-in for Firefox
"Path"=C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll


C:\Program Files (x86)\Mozilla Firefox\plugins\
npMeetingJoinPluginOC.dll

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01 205416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28 303416]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01 139368]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-12-18 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL [2012-10-01 704664]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL [2012-10-01 1720976]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-12-18 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28 286520]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BeatsOSDApp"=C:\Program Files\IDT\WDM\beats64.exe [2012-09-19 37888]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2013-03-29 1702912]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-03-21 472992]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2014-10-01 5595336]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"=C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [2014-11-11 21720]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"=C:\Users\Zdeněk Kudrnáč\AppData\Local\Akamai\netsession_win.exe [2013-06-05 4489472]
"AdobeBridge"= []
"Lync"=C:\Program Files\Microsoft Office\Office15\lync.exe [2012-10-01 21431912]
"Zoner Photo Studio Autoupdate"=C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTRAY.EXE [2014-03-13 779776]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS6ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [2012-03-09 1073312]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.yuy2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"vidc.yvyu"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"vidc.uyvy"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-11-24 16:32:38 ----D---- C:\Program Files\trend micro
2014-11-24 16:32:37 ----D---- C:\rsit
2014-11-23 22:04:13 ----D---- C:\ProgramData\Malwarebytes
2014-11-23 20:08:40 ----A---- C:\WINDOWS\SYSWOW64\drivers\rkhdrv40.sys
2014-11-23 19:54:42 ----A---- C:\WINDOWS\SYSWOW64\MSSTDFMT.DLL
2014-11-23 19:51:37 ----A---- C:\WINDOWS\system32\drivers\stflt.sys
2014-11-23 19:51:03 ----D---- C:\Program Files (x86)\Spyware Terminator
2014-11-23 19:32:28 ----A---- C:\autoexec.bat
2014-11-23 19:32:15 ----D---- C:\Users\Zdeněk Kudrnáč\AppData\Roaming\Enigma Software Group
2014-11-23 19:32:08 ----D---- C:\sh4ldr
2014-11-23 19:31:42 ----A---- C:\WINDOWS\system32\drivers\EsgScanner.sys
2014-11-23 13:37:35 ----D---- C:\Users\Zdeněk Kudrnáč\AppData\Roaming\Mozilla
2014-11-23 13:37:22 ----D---- C:\ProgramData\Mozilla
2014-11-23 13:37:22 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-20 20:00:01 ----D---- C:\ProgramData\ESET
2014-11-20 20:00:01 ----D---- C:\Program Files\ESET
2014-11-20 18:43:23 ----D---- C:\ProgramData\1782619844445197481
2014-11-19 20:45:42 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2014-11-17 14:44:20 ----D---- C:\Users\Zdeněk Kudrnáč\AppData\Roaming\RIFT
2014-11-16 14:30:45 ----A---- C:\WINDOWS\SYSWOW64\dvttrn.dll
2014-11-15 11:18:58 ----D---- C:\Program Files\Nexus Mod Manager
2014-11-10 19:03:49 ----D---- C:\Program Files (x86)\FreeRapid-0.9u4
2014-11-03 17:40:18 ----D---- C:\Users\Zdeněk Kudrnáč\AppData\Roaming\WinRAR
2014-11-03 17:39:16 ----D---- C:\Program Files\WinRAR
2014-11-03 16:27:06 ----D---- C:\Users\Zdeněk Kudrnáč\AppData\Roaming\HexChat
2014-11-03 16:27:00 ----D---- C:\ProgramData\Package Cache
2014-11-03 16:26:32 ----D---- C:\Program Files\HexChat
2014-11-03 16:23:16 ----D---- C:\Users\Zdeněk Kudrnáč\AppData\Roaming\mIRC
2014-11-02 16:28:19 ----D---- C:\Program Files (x86)\ASIO4ALL v2
2014-11-02 16:26:58 ----D---- C:\Program Files (x86)\VstPlugins
2014-11-02 16:26:58 ----A---- C:\WINDOWS\SYSWOW64\rewire.dll
2014-11-02 16:26:50 ----D---- C:\Users\Zdeněk Kudrnáč\AppData\Roaming\Image-Line
2014-11-02 16:26:49 ----D---- C:\Program Files\Image-Line
2014-11-02 16:26:35 ----D---- C:\Users\Zdeněk Kudrnáč\AppData\Roaming\FlowStone
2014-11-02 16:26:35 ----D---- C:\Program Files (x86)\DSPRobotics
2014-11-02 16:23:40 ----D---- C:\Program Files (x86)\Image-Line

======List of files/folders modified in the last 1 month======

2014-11-24 16:32:38 ----D---- C:\Program Files
2014-11-24 16:27:08 ----D---- C:\WINDOWS\system32\drivers
2014-11-24 16:27:07 ----RD---- C:\Program Files (x86)
2014-11-24 16:27:07 ----D---- C:\WINDOWS\Prefetch
2014-11-24 16:20:19 ----D---- C:\WINDOWS\Temp
2014-11-24 16:08:59 ----D---- C:\WINDOWS\system32\sru
2014-11-24 09:23:03 ----RD---- C:\WINDOWS\System32
2014-11-24 09:23:03 ----D---- C:\WINDOWS\Inf
2014-11-24 09:23:03 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2014-11-24 09:20:47 ----A---- C:\WINDOWS\SYSWOW64\log.txt
2014-11-23 22:29:54 ----D---- C:\WINDOWS\debug
2014-11-23 22:29:52 ----D---- C:\ProgramData\NVIDIA
2014-11-23 22:29:45 ----D---- C:\Windows
2014-11-23 22:29:02 ----D---- C:\WINDOWS\AUInstallAgent
2014-11-23 22:29:00 ----D---- C:\WINDOWS\SysWOW64
2014-11-23 22:22:44 ----D---- C:\WINDOWS\Microsoft.NET
2014-11-23 22:04:13 ----HD---- C:\ProgramData
2014-11-23 21:48:07 ----AD---- C:\3590F75ABA9E485486C100C1A9D4FF06ZZ..ZZZZZ.Z..Z.Z
2014-11-23 21:47:38 ----D---- C:\WINDOWS\Logs
2014-11-23 21:21:49 ----D---- C:\WINDOWS\system32\config
2014-11-23 21:16:20 ----D---- C:\WINDOWS\system32\catroot2
2014-11-23 21:13:45 ----D---- C:\WINDOWS\WinSxS
2014-11-23 20:49:31 ----D---- C:\WINDOWS\CbsTemp
2014-11-23 20:08:40 ----D---- C:\WINDOWS\SYSWOW64\drivers
2014-11-23 20:07:07 ----AD---- C:\ProgramData\Temp
2014-11-23 19:32:13 ----D---- C:\WINDOWS\system32\Tasks
2014-11-23 16:29:34 ----SHD---- C:\System Volume Information
2014-11-23 13:37:20 ----D---- C:\Program Files (x86)\Mozilla Firefox
2014-11-20 20:08:14 ----SHD---- C:\WINDOWS\Installer
2014-11-20 20:08:13 ----SHD---- C:\Config.Msi
2014-11-20 20:07:56 ----D---- C:\WINDOWS\system32\DriverStore
2014-11-20 19:44:43 ----D---- C:\WINDOWS\Tasks
2014-11-20 19:24:30 ----D---- C:\Users
2014-11-20 16:14:49 ----D---- C:\Program Files (x86)\Guild Wars 2
2014-11-20 16:14:13 ----D---- C:\Users\Zdeněk Kudrnáč\AppData\Roaming\Guild Wars 2
2014-11-19 19:17:33 ----D---- C:\WINDOWS\system32\NDF
2014-11-19 19:15:37 ----A---- C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-11-17 18:46:54 ----D---- C:\Users\Zdeněk Kudrnáč\AppData\Roaming\Aegisub
2014-11-17 12:32:04 ----D---- C:\Users\Zdeněk Kudrnáč\AppData\Roaming\Azureus
2014-11-16 22:35:29 ----D---- C:\Games
2014-11-16 22:15:08 ----RSD---- C:\WINDOWS\assembly
2014-11-12 17:00:45 ----D---- C:\Action!
2014-11-12 16:56:42 ----D---- C:\Users\Zdeněk Kudrnáč\AppData\Roaming\VitySoft
2014-11-11 15:54:50 ----D---- C:\Program Files (x86)\QuadCoreM2
2014-10-30 19:25:08 ----D---- C:\Users\Zdeněk Kudrnáč\AppData\Roaming\Skype

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 edevmon;edevmon; C:\WINDOWS\system32\DRIVERS\edevmon.sys [2014-10-10 241368]
R0 epfwwfp;epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [2014-10-10 63160]
R0 excsd;ExpressCache Storage Filter Driver; C:\WINDOWS\system32\DRIVERS\excsd.sys [2012-03-30 95024]
R0 iaStorA;iaStorA; C:\WINDOWS\System32\drivers\iaStorA.sys [2012-09-19 647736]
R1 eamonm;eamonm; C:\WINDOWS\system32\DRIVERS\eamonm.sys [2014-10-10 243440]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2014-10-10 169280]
R1 EpfwLWF;@oem35.inf,%EpfwLWF_Desc%;Epfw NDIS LightWeight Filter; C:\WINDOWS\system32\DRIVERS\EpfwLWF.sys [2014-10-10 44632]
R1 excfs;ExpressCache File System Filter Driver; C:\WINDOWS\system32\DRIVERS\excfs.sys [2012-03-30 23344]
R1 SeLow;@oem26.inf,%SeLow_DisplayName%;SoftEther Lightweight Network Protocol; C:\WINDOWS\system32\DRIVERS\SeLow_x64.sys [2014-08-08 38112]
R1 VBoxDrv;VirtualBox Service; C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys [2013-09-06 238352]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [2013-09-06 119056]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2014-10-10 222280]
R3 L1C;@netl1c63x64.inf,%L1C.Service.DispName%;NDIS Miniport – ovladač pro řadič Qualcomm Atheros AR81xx PCI-E Ethernet; C:\WINDOWS\system32\DRIVERS\L1C63x64.sys [2013-06-18 129224]
R3 MEIx64;@oem21.inf,%TEE_SvcDesc%;Intel(R) Management Engine Interface ; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [2014-06-01 100312]
R3 Neo_VPN;@oem27.inf,%Neo.Service.DispName%;VPN Client Device Driver - VPN; C:\WINDOWS\system32\DRIVERS\Neo_VPN.sys [2014-08-08 28768]
R3 NVHDA;@oem22.inf,%NVHDA.SvcDesc%;Service for NVIDIA High Definition Audio Driver; C:\WINDOWS\system32\drivers\nvhda64v.sys [2014-06-01 197408]
R3 nvlddmkm;nvlddmkm; C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys [2014-05-20 12688328]
R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10322; C:\WINDOWS\system32\DRIVERS\stwrt64.sys [2013-03-29 544768]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys [2013-09-06 131856]
R3 VBoxNetFlt;@oem15.inf,%VBoxNetFltService_Desc%;VirtualBox Bridged Networking Service; C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys [2013-09-06 146704]
S3 Apowersoft_AudioDevice;@oem25.inf,%DriverFile%;Apowersoft_AudioDevice; C:\WINDOWS\system32\drivers\Apowersoft_AudioDevice.sys [2014-04-09 31920]
S3 DrvAgent64;DrvAgent64; \??\C:\WINDOWS\SysWOW64\Drivers\DrvAgent64.SYS [2014-05-30 21712]
S3 EagleX64;EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys []
S3 EsgScanner;EsgScanner; C:\WINDOWS\system32\DRIVERS\EsgScanner.sys [2014-11-23 22704]
S3 MFE_RR;MFE_RR; \??\C:\Users\ZDENKK~1\AppData\Local\Temp\mfe_rr.sys []
S3 rkhdrv40;Rootkit Unhooker Driver; C:\WINDOWS\system32\drivers\rkhdrv40.sys []
S3 tap0901;@oem10.inf,%DeviceDescription%;TAP-Windows Adapter V9; C:\WINDOWS\system32\DRIVERS\tap0901.sys [2013-08-22 40664]
S3 VBoxUSB;@oem14.inf,%VBoxUSB.SvcDesc%;VirtualBox USB; C:\WINDOWS\System32\Drivers\VBoxUSB.sys [2013-09-06 106256]
S4 nvvad_WaveExtensible;@oem25.inf,%nvvad_WaveExtensible.SvcDesc%;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\WINDOWS\system32\drivers\nvvad64v.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-21 65432]
R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\WINDOWS\system32\svchost.exe [2013-08-22 37768]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 462184]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2014-10-01 1349576]
R2 ExpressCache;ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [2012-03-30 79664]
R2 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2013-11-04 92160]
R2 HPConnectedRemote;HP Connected Remote Service; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [2012-08-29 35232]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-04-20 635104]
R2 Intel(R) ME Service;Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-07-18 128896]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-07-18 165760]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2012-07-18 276864]
R2 mi-raysat_3dsmax2014_64;mental ray Satellite for Autodesk 3ds Max 2014 64-bit; C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe [2011-09-15 86016]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvvsvc.exe [2014-05-20 927520]
R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10122; C:\Program Files\IDT\WDM\STacSV64.exe [2013-03-29 332800]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-05-20 413128]
R2 TeamViewer9;TeamViewer 9; C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-09-12 4799760]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-07-18 364416]
S2 fc67e7a0;DeltaFix; C:\WINDOWS\syswow64\rundll32.exe [2013-08-22 49664]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-26 116648]
S3 aspnet_state;@%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_rc.dll,-1; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-08-10 50784]
S3 FlexNet Licensing Service 64;FlexNet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-12-03 1471352]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2013-08-03 43696]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-26 116648]
S3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [2013-05-13 1129760]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-11-14 114288]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\syswow64\GameMon.des [2014-06-23 4797064]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-12-08 178760]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 w3logsvc;@%windir%\system32\inetsrv\iisres.dll,-30014; C:\WINDOWS\system32\svchost.exe [2013-08-22 37768]
S3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\WINDOWS\system32\svchost.exe [2013-08-22 37768]

-----------------EOF-----------------

Zdravím, smaž nepotřebné soubory

pomocí CCleaneru

návod :

Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)

čištění registru je třeba několikrát zopakovat !

Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém


Stáhni a ulož na plochu AdwCleaner,

ukonči všechny programy včetně prohlížeče a dvojklikem spusť,

objeví se okno kde vlevo nahoře klikni na Scan.

Po té proběhne sken a po jeho skončení klikni na Report a to co na Tebe vypadne mi sem zkopíruj.

Trochu jsem se v tom ještě šťoural po tom, co jsem napsal a přišel na to, že tu stránku to vyhodí jen pokud to spustím z "metra". Proto jsem dlaždici vyhodil a dal ji tam znova a už to tu stránku nehází. Ale budu rád, když ty logy zkontrolujete jestli je v pořádku. Děkuji.



A tady je log z ADW.


# AdwCleaner v4.102 - Report created 24/11/2014 at 17:08:50
# Updated 23/11/2014 by Xplode
# Database : 2014-11-24.1 [Live]
# Operating System : Windows 8.1 (64 bits)
# Username : Zdeněk Kudrnáč - PERSOCOM
# Running from : C:\Users\Zdeněk Kudrnáč\Downloads\adwcleaner_4.102.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\ZDENKK~1\AppData\Local\Temp\Uninstall.exe
Folder Found : C:\Program Files (x86)\eSupport.com
Folder Found : C:\ProgramData\1782619844445197481
Folder Found : C:\ProgramData\apn
Folder Found : C:\Users\Zdeněk Kudrnáč\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Oxy
Folder Found : C:\Users\Zdeněk Kudrnáč\AppData\Roaming\tencent

***** [ Scheduled Tasks ] *****

Task Found : Oxy
Task Found : PileFile logon
Task Found : PileFile reminder

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Escolade
Key Found : HKCU\Software\eSupport.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Found : HKCU\Software\Tencent
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\Escolade
Key Found : [x64] HKCU\Software\eSupport.com
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKCU\Software\Tencent
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{96CF2CBE-B6D5-454A-A62A-84BCDA86EF1D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-576482620
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

***** [ Browsers ] *****

-\\ Internet Explorer v0.0.0.0


-\\ Mozilla Firefox v33.1.1 (x86 cs)


-\\ Google Chrome v39.0.2171.65


-\\ Chromium v

[C:\Users\Zdeněk Kudrnáč\AppData\Local\Chromium\User Data\Default\Web data] - Found [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [2780 octets] - [24/11/2014 17:08:50]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2840 octets] ##########

Znovu spusť AdwCleaner ale tentokrát klikni na Clean,

proběhne restart PC kdy dojde ke smazání nepořádku.

Po té mi sem zase zkopíruj Report.


Pak ještě poprosím o aktuální log z Rsit a Frst.

ADW

# AdwCleaner v4.102 - Report created 24/11/2014 at 17:32:34
# Updated 23/11/2014 by Xplode
# Database : 2014-11-24.1 [Live]
# Operating System : Windows 8.1 (64 bits)
# Username : Zdeněk Kudrnáč - PERSOCOM
# Running from : C:\Users\Zdeněk Kudrnáč\Downloads\adwcleaner_4.102.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\1782619844445197481
Folder Deleted : C:\Program Files (x86)\eSupport.com
Folder Deleted : C:\Users\Zdeněk Kudrnáč\AppData\Roaming\tencent
Folder Deleted : C:\Users\Zdeněk Kudrnáč\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Oxy
File Deleted : C:\Users\ZDENKK~1\AppData\Local\Temp\Uninstall.exe

***** [ Scheduled Tasks ] *****

Task Deleted : Oxy
Task Deleted : PileFile logon
Task Deleted : PileFile reminder

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-576482620
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96CF2CBE-B6D5-454A-A62A-84BCDA86EF1D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Escolade
Key Deleted : HKCU\Software\eSupport.com
Key Deleted : HKCU\Software\Tencent
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}

***** [ Browsers ] *****

-\\ Internet Explorer v0.0.0.0


-\\ Mozilla Firefox v33.1.1 (x86 cs)


-\\ Google Chrome v39.0.2171.65

[C:\Users\Zdeněk Kudrnáč\AppData\Local\Chromium\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}

-\\ Chromium v

[C:\Users\Zdeněk Kudrnáč\AppData\Local\Chromium\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [2952 octets] - [24/11/2014 17:08:50]
AdwCleaner[S0].txt - [2664 octets] - [24/11/2014 17:32:34]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2724 octets] ##########



RSIT

Logfile of random's system information tool 1.10 (written by random/random)
Run by Zdeněk Kudrnáč at 2014-11-24 17:39:40
Microsoft Windows 8.1
System drive C: has 1289 GB (68%) free of 1894 GB
Total RAM: 8130 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:39:41, on 24. 11. 2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTray.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Zdeněk Kudrnáč.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = google.cz
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = google.cz
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.cz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = google.cz
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = google.cz
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Zdeněk Kudrnáč\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [Lync] "C:\Program Files\Microsoft Office\Office15\lync.exe" /fromrunkey
O4 - HKCU\..\Run: [Zoner Photo Studio Autoupdate] C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTRAY.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office15\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{59F1010C-5176-4797-B554-EBF38E6251E9}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: ExpressCache - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: FlexNet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Connected Remote Service (HPConnectedRemote) - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - c:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: mental ray Satellite for Autodesk 3ds Max 2014 64-bit (mi-raysat_3dsmax2014_64) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10122 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12470 bytes

======Listing Processes======





wininit.exe

winlogon.exe

C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
"C:\WINDOWS\system32\nvvsvc.exe"
"dwm.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\WINDOWS\system32\nvvsvc.exe -session -first
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
"C:\Program Files\IDT\WDM\STacSV64.exe"
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\WINDOWS\system32\svchost.exe -k apphost
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
dashost.exe {1f08229a-8cef-4cd9-9b63362918e4d8e5}
"C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe"
taskhostex.exe
C:\WINDOWS\Explorer.EXE
"c:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe"
"C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe"
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\System32\SettingSyncHost.exe" -Embedding
"C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe"
"C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\Version9\TeamViewer9_Logfile.log
"C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\Version9\TeamViewer9_Logfile.log
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
C:\Windows\System32\skydrive.exe -Embedding
"C:\Program Files\IDT\WDM\Beats64.exe"
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTray.exe"
taskeng.exe {BE042CA8-57EE-4DCF-B2EF-AD15E07927E8}
"C:\Program Files\Microsoft Office\Office15\MsoSync.exe"

"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
"c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe"
c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\vssvc.exe
C:\WINDOWS\System32\svchost.exe -k swprv
"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\WINDOWS\system32\SearchFilterHost.exe" 0 572 576 584 65536 580
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="3068.0.24312370\1064472262" --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,17,38,46 --gpu-vendor-id=0x10de --gpu-device-id=0x1185 --gpu-driver-vendor=NVIDIA --gpu-driver-version=9.18.13.3788 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="DomRel-Enable/enable/EmbeddedSearch/Group4 dev:r1 prefetch_results:1 reuse_instant_search_base_page:1 allow_prefetch_non_default_match:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Bootstrap/GoogleNow/Enable/MaterialDesignNTP/Default/NewProfileManagement/NewAvatarMenu/PasswordGeneration/Disabled/Prerender/Prerender15minTTL/PrerenderLocalPredictorSpec/cd=3e:LocalPredictor=Enabled:SkipHTTPS=Enabled:SideEffectFreeWhitelist=Enabled:MaxConcurrentPrerenders=5:PrerenderPriorityHalfLifeTimeSeconds=30:PrerenderQueryPrerenderService=Enabled:PrerenderServiceFetchTimeoutMs=5000:PrerenderAlwaysControl=Enabled:MaxLaunchPrerenders=2:LocalPredictorUnencryptedSyncOnly=Enabled/RapporRollout/Enabled/RememberCertificateErrorDecisions/Default/SRTPromptFieldTrial/On/SafeBrowsingIncidentReportingService/Enabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/group_01/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-1-Percent/group_65/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_09/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/WebRTC-ApplicationUDPSendSocketSize/Default/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="3068.1.2077429267\788968953" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="AutoReloadExperiment/Enabled/AutoReloadVisibleOnlyExperiment/Enabled/DomRel-Enable/enable/EmbeddedSearch/Group4 dev:r1 prefetch_results:1 reuse_instant_search_base_page:1 allow_prefetch_non_default_match:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Bootstrap/GoogleNow/Enable/MaterialDesignNTP/Default/NewProfileManagement/NewAvatarMenu/PasswordGeneration/Disabled/Prerender/Prerender15minTTL/PrerenderLocalPredictorSpec/cd=3e:LocalPredictor=Enabled:SkipHTTPS=Enabled:SideEffectFreeWhitelist=Enabled:MaxConcurrentPrerenders=5:PrerenderPriorityHalfLifeTimeSeconds=30:PrerenderQueryPrerenderService=Enabled:PrerenderServiceFetchTimeoutMs=5000:PrerenderAlwaysControl=Enabled:MaxLaunchPrerenders=2:LocalPredictorUnencryptedSyncOnly=Enabled/RapporRollout/Enabled/RememberCertificateErrorDecisions/Default/SRTPromptFieldTrial/On/SafeBrowsingIncidentReportingService/Enabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/group_01/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-1-Percent/group_65/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_09/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/WebRTC-ApplicationUDPSendSocketSize/Default/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="3068.2.1419575589\1429564382" /prefetch:673131151
C:\WINDOWS\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\WINDOWS\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\Users\Zdeněk Kudrnáč\Downloads\RSITx64.exe"
C:\WINDOWS\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cf4e92abc5b674.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA1cf9084c1314275.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\WINDOWS\tasks\HPCeeScheduleForZdeněk Kudrnáč.job - C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForZdeněk Kudrnáč (null)

=========Mozilla firefox=========

ProfilePath - C:\Users\Zdeněk Kudrnáč\AppData\Roaming\Mozilla\Firefox\Profiles\csxtu4j7.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.51.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0]
"Description"=Microsoft Lync Plug-in for Firefox
"Path"=C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll


C:\Program Files (x86)\Mozilla Firefox\plugins\
npMeetingJoinPluginOC.dll

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01 205416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28 303416]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01 139368]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-12-18 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL [2012-10-01 704664]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL [2012-10-01 1720976]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-12-18 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28 286520]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BeatsOSDApp"=C:\Program Files\IDT\WDM\beats64.exe [2012-09-19 37888]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2013-03-29 1702912]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-03-21 472992]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2014-10-01 5595336]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"=C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [2014-11-11 21720]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"=C:\Users\Zdeněk Kudrnáč\AppData\Local\Akamai\netsession_win.exe [2013-06-05 4489472]
"AdobeBridge"= []
"Lync"=C:\Program Files\Microsoft Office\Office15\lync.exe [2012-10-01 21431912]
"Zoner Photo Studio Autoupdate"=C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTRAY.EXE [2014-03-13 779776]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS6ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [2012-03-09 1073312]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.yuy2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"vidc.yvyu"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"vidc.uyvy"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-11-24 17:38:46 ----D---- C:\FRST
2014-11-24 17:08:40 ----D---- C:\AdwCleaner
2014-11-24 16:32:38 ----D---- C:\Program Files\trend micro
2014-11-24 16:32:37 ----D---- C:\rsit
2014-11-23 22:04:13 ----D---- C:\ProgramData\Malwarebytes
2014-11-23 20:08:40 ----A---- C:\WINDOWS\SYSWOW64\drivers\rkhdrv40.sys
2014-11-23 19:54:42 ----A---- C:\WINDOWS\SYSWOW64\MSSTDFMT.DLL
2014-11-23 19:51:37 ----A---- C:\WINDOWS\system32\drivers\stflt.sys
2014-11-23 19:51:03 ----D---- C:\Program Files (x86)\Spyware Terminator
2014-11-23 19:32:28 ----A---- C:\autoexec.bat
2014-11-23 19:32:15 ----D---- C:\Users\Zdeněk Kudrnáč\AppData\Roaming\Enigma Software Group
2014-11-23 19:32:08 ----D---- C:\sh4ldr
2014-11-23 19:31:42 ----A---- C:\WINDOWS\system32\drivers\EsgScanner.sys
2014-11-23 13:37:35 ----D---- C:\Users\Zdeněk Kudrnáč\AppData\Roaming\Mozilla
2014-11-23 13:37:22 ----D---- C:\ProgramData\Mozilla
2014-11-23 13:37:22 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-20 20:00:01 ----D---- C:\ProgramData\ESET
2014-11-20 20:00:01 ----D---- C:\Program Files\ESET
2014-11-19 20:45:42 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2014-11-17 14:44:20 ----D---- C:\Users\Zdeněk Kudrnáč\AppData\Roaming\RIFT
2014-11-16 14:30:45 ----A---- C:\WINDOWS\SYSWOW64\dvttrn.dll
2014-11-15 11:18:58 ----D---- C:\Program Files\Nexus Mod Manager
2014-11-10 19:03:49 ----D---- C:\Program Files (x86)\FreeRapid-0.9u4
2014-11-03 17:40:18 ----D---- C:\Users\Zdeněk Kudrnáč\AppData\Roaming\WinRAR
2014-11-03 17:39:16 ----D---- C:\Program Files\WinRAR
2014-11-03 16:27:06 ----D---- C:\Users\Zdeněk Kudrnáč\AppData\Roaming\HexChat
2014-11-03 16:27:00 ----D---- C:\ProgramData\Package Cache
2014-11-03 16:26:32 ----D---- C:\Program Files\HexChat
2014-11-03 16:23:16 ----D---- C:\Users\Zdeněk Kudrnáč\AppData\Roaming\mIRC
2014-11-02 16:28:19 ----D---- C:\Program Files (x86)\ASIO4ALL v2
2014-11-02 16:26:58 ----D---- C:\Program Files (x86)\VstPlugins
2014-11-02 16:26:58 ----A---- C:\WINDOWS\SYSWOW64\rewire.dll
2014-11-02 16:26:50 ----D---- C:\Users\Zdeněk Kudrnáč\AppData\Roaming\Image-Line
2014-11-02 16:26:49 ----D---- C:\Program Files\Image-Line
2014-11-02 16:26:35 ----D---- C:\Users\Zdeněk Kudrnáč\AppData\Roaming\FlowStone
2014-11-02 16:26:35 ----D---- C:\Program Files (x86)\DSPRobotics
2014-11-02 16:23:40 ----D---- C:\Program Files (x86)\Image-Line

======List of files/folders modified in the last 1 month======

2014-11-24 17:41:26 ----D---- C:\Windows
2014-11-24 17:40:19 ----D---- C:\WINDOWS\Prefetch
2014-11-24 17:38:42 ----RD---- C:\WINDOWS\System32
2014-11-24 17:38:42 ----D---- C:\WINDOWS\Inf
2014-11-24 17:38:42 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2014-11-24 17:37:47 ----D---- C:\WINDOWS\Temp
2014-11-24 17:35:55 ----A---- C:\WINDOWS\SYSWOW64\log.txt
2014-11-24 17:33:15 ----D---- C:\WINDOWS\debug
2014-11-24 17:33:14 ----D---- C:\ProgramData\NVIDIA
2014-11-24 17:32:35 ----D---- C:\WINDOWS\system32\Tasks
2014-11-24 17:32:34 ----RD---- C:\Program Files (x86)
2014-11-24 17:32:34 ----HD---- C:\ProgramData
2014-11-24 17:06:37 ----D---- C:\WINDOWS\SoftwareDistribution
2014-11-24 17:02:00 ----D---- C:\WINDOWS\system32\sru
2014-11-24 16:32:38 ----D---- C:\Program Files
2014-11-24 16:27:08 ----D---- C:\WINDOWS\system32\drivers
2014-11-23 22:29:43 ----D---- C:\WINDOWS\AUInstallAgent
2014-11-23 22:29:00 ----D---- C:\WINDOWS\SysWOW64
2014-11-23 22:22:44 ----D---- C:\WINDOWS\Microsoft.NET
2014-11-23 21:47:38 ----D---- C:\WINDOWS\Logs
2014-11-23 21:21:49 ----D---- C:\WINDOWS\system32\config
2014-11-23 21:17:06 ----D---- C:\WINDOWS\CbsTemp
2014-11-23 21:16:20 ----D---- C:\WINDOWS\system32\catroot2
2014-11-23 21:13:45 ----D---- C:\WINDOWS\WinSxS
2014-11-23 20:08:40 ----D---- C:\WINDOWS\SYSWOW64\drivers
2014-11-23 20:07:07 ----AD---- C:\ProgramData\Temp
2014-11-23 16:29:34 ----SHD---- C:\System Volume Information
2014-11-23 13:37:20 ----D---- C:\Program Files (x86)\Mozilla Firefox
2014-11-20 20:08:14 ----SHD---- C:\WINDOWS\Installer
2014-11-20 20:08:13 ----SHD---- C:\Config.Msi
2014-11-20 20:07:56 ----D---- C:\WINDOWS\system32\DriverStore
2014-11-20 19:44:43 ----D---- C:\WINDOWS\Tasks
2014-11-20 19:24:30 ----D---- C:\Users
2014-11-20 16:14:49 ----D---- C:\Program Files (x86)\Guild Wars 2
2014-11-20 16:14:13 ----D---- C:\Users\Zdeněk Kudrnáč\AppData\Roaming\Guild Wars 2
2014-11-19 19:17:33 ----D---- C:\WINDOWS\system32\NDF
2014-11-19 19:15:37 ----A---- C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-11-17 18:46:54 ----D---- C:\Users\Zdeněk Kudrnáč\AppData\Roaming\Aegisub
2014-11-17 12:32:04 ----D---- C:\Users\Zdeněk Kudrnáč\AppData\Roaming\Azureus
2014-11-16 22:35:29 ----D---- C:\Games
2014-11-16 22:15:08 ----RSD---- C:\WINDOWS\assembly
2014-11-12 17:00:45 ----D---- C:\Action!
2014-11-12 16:56:42 ----D---- C:\Users\Zdeněk Kudrnáč\AppData\Roaming\VitySoft
2014-11-11 15:54:50 ----D---- C:\Program Files (x86)\QuadCoreM2
2014-10-30 19:25:08 ----D---- C:\Users\Zdeněk Kudrnáč\AppData\Roaming\Skype

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 edevmon;edevmon; C:\WINDOWS\system32\DRIVERS\edevmon.sys [2014-10-10 241368]
R0 epfwwfp;epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [2014-10-10 63160]
R0 excsd;ExpressCache Storage Filter Driver; C:\WINDOWS\system32\DRIVERS\excsd.sys [2012-03-30 95024]
R0 iaStorA;iaStorA; C:\WINDOWS\System32\drivers\iaStorA.sys [2012-09-19 647736]
R1 eamonm;eamonm; C:\WINDOWS\system32\DRIVERS\eamonm.sys [2014-10-10 243440]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2014-10-10 169280]
R1 EpfwLWF;@oem35.inf,%EpfwLWF_Desc%;Epfw NDIS LightWeight Filter; C:\WINDOWS\system32\DRIVERS\EpfwLWF.sys [2014-10-10 44632]
R1 excfs;ExpressCache File System Filter Driver; C:\WINDOWS\system32\DRIVERS\excfs.sys [2012-03-30 23344]
R1 SeLow;@oem26.inf,%SeLow_DisplayName%;SoftEther Lightweight Network Protocol; C:\WINDOWS\system32\DRIVERS\SeLow_x64.sys [2014-08-08 38112]
R1 VBoxDrv;VirtualBox Service; C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys [2013-09-06 238352]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [2013-09-06 119056]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2014-10-10 222280]
R3 L1C;@netl1c63x64.inf,%L1C.Service.DispName%;NDIS Miniport – ovladač pro řadič Qualcomm Atheros AR81xx PCI-E Ethernet; C:\WINDOWS\system32\DRIVERS\L1C63x64.sys [2013-06-18 129224]
R3 MEIx64;@oem21.inf,%TEE_SvcDesc%;Intel(R) Management Engine Interface ; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [2014-06-01 100312]
R3 Neo_VPN;@oem27.inf,%Neo.Service.DispName%;VPN Client Device Driver - VPN; C:\WINDOWS\system32\DRIVERS\Neo_VPN.sys [2014-08-08 28768]
R3 NVHDA;@oem22.inf,%NVHDA.SvcDesc%;Service for NVIDIA High Definition Audio Driver; C:\WINDOWS\system32\drivers\nvhda64v.sys [2014-06-01 197408]
R3 nvlddmkm;nvlddmkm; C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys [2014-05-20 12688328]
R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10322; C:\WINDOWS\system32\DRIVERS\stwrt64.sys [2013-03-29 544768]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys [2013-09-06 131856]
R3 VBoxNetFlt;@oem15.inf,%VBoxNetFltService_Desc%;VirtualBox Bridged Networking Service; C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys [2013-09-06 146704]
S3 Apowersoft_AudioDevice;@oem25.inf,%DriverFile%;Apowersoft_AudioDevice; C:\WINDOWS\system32\drivers\Apowersoft_AudioDevice.sys [2014-04-09 31920]
S3 DrvAgent64;DrvAgent64; \??\C:\WINDOWS\SysWOW64\Drivers\DrvAgent64.SYS [2014-05-30 21712]
S3 EagleX64;EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys []
S3 EsgScanner;EsgScanner; C:\WINDOWS\system32\DRIVERS\EsgScanner.sys [2014-11-23 22704]
S3 MFE_RR;MFE_RR; \??\C:\Users\ZDENKK~1\AppData\Local\Temp\mfe_rr.sys []
S3 rkhdrv40;Rootkit Unhooker Driver; C:\WINDOWS\system32\drivers\rkhdrv40.sys []
S3 tap0901;@oem10.inf,%DeviceDescription%;TAP-Windows Adapter V9; C:\WINDOWS\system32\DRIVERS\tap0901.sys [2013-08-22 40664]
S3 VBoxUSB;@oem14.inf,%VBoxUSB.SvcDesc%;VirtualBox USB; C:\WINDOWS\System32\Drivers\VBoxUSB.sys [2013-09-06 106256]
S4 nvvad_WaveExtensible;@oem25.inf,%nvvad_WaveExtensible.SvcDesc%;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\WINDOWS\system32\drivers\nvvad64v.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-21 65432]
R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\WINDOWS\system32\svchost.exe [2013-08-22 37768]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 462184]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2014-10-01 1349576]
R2 ExpressCache;ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [2012-03-30 79664]
R2 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2013-11-04 92160]
R2 HPConnectedRemote;HP Connected Remote Service; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [2012-08-29 35232]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-04-20 635104]
R2 Intel(R) ME Service;Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-07-18 128896]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-07-18 165760]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2012-07-18 276864]
R2 mi-raysat_3dsmax2014_64;mental ray Satellite for Autodesk 3ds Max 2014 64-bit; C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe [2011-09-15 86016]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvvsvc.exe [2014-05-20 927520]
R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10122; C:\Program Files\IDT\WDM\STacSV64.exe [2013-03-29 332800]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-05-20 413128]
R2 TeamViewer9;TeamViewer 9; C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-09-12 4799760]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-07-18 364416]
S2 fc67e7a0;DeltaFix; C:\WINDOWS\syswow64\rundll32.exe [2013-08-22 49664]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-26 116648]
S3 aspnet_state;@%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_rc.dll,-1; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-08-10 50784]
S3 FlexNet Licensing Service 64;FlexNet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-12-03 1471352]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2013-08-03 43696]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-26 116648]
S3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [2013-05-13 1129760]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-11-14 114288]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\syswow64\GameMon.des [2014-06-23 4797064]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-12-08 178760]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 w3logsvc;@%windir%\system32\inetsrv\iisres.dll,-30014; C:\WINDOWS\system32\svchost.exe [2013-08-22 37768]
S3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\WINDOWS\system32\svchost.exe [2013-08-22 37768]

-----------------EOF-----------------


FRST

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-11-2014 01
Ran by Zdeněk Kudrnáč (administrator) on PERSOCOM on 24-11-2014 17:41:07
Running from C:\Users\Zdeněk Kudrnáč\Desktop
Loaded Profile: Zdeněk Kudrnáč (Available profiles: Zdeněk Kudrnáč & Host & Administrator)
Platform: Windows 8.1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(ZONER software) C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(forum.viry.cz) C:\Users\Zdeněk Kudrnáč\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2012-09-19] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1702912 2013-03-29] (IDT, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5595336 2014-10-01] (ESET)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-11-11] (Hewlett-Packard)
HKU\S-1-5-21-3215566112-2211355728-2427998824-1001\...\Run: [Akamai NetSession Interface] => "C:\Users\Zdenk Kudrná
\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-3215566112-2211355728-2427998824-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3215566112-2211355728-2427998824-1001\...\Run: [Lync] => C:\Program Files\Microsoft Office\Office15\lync.exe [21431912 2012-10-01] (Microsoft Corporation)
HKU\S-1-5-21-3215566112-2211355728-2427998824-1001\...\Run: [Zoner Photo Studio Autoupdate] => C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTRAY.EXE [779776 2014-03-13] (ZONER software)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3215566112-2211355728-2427998824-1001\Software\Microsoft\Internet Explorer\Main,Start Page = google.cz
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = google.cz
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... c=HPDTDFJS
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... c=HPDTDFJS
SearchScopes: HKLM -> {499DBADD-98C6-4499-B2ED-6285FF762C83} URL = http://www.amazon.co.uk/s/ref=azs_osd_i ... earchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... c=HPDTDFJS
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... c=HPDTDFJS
SearchScopes: HKLM-x32 -> {499DBADD-98C6-4499-B2ED-6285FF762C83} URL = http://www.amazon.co.uk/s/ref=azs_osd_i ... earchTerms}
SearchScopes: HKU\S-1-5-21-3215566112-2211355728-2427998824-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-3215566112-2211355728-2427998824-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... c=HPDTDFJS
SearchScopes: HKU\S-1-5-21-3215566112-2211355728-2427998824-1001 -> {3A40E547-20FD-44a2-94D0-1C98342D1507} URL = http://search.daum.net/search?nil_profi ... earchTerms}
SearchScopes: HKU\S-1-5-21-3215566112-2211355728-2427998824-1001 -> {499DBADD-98C6-4499-B2ED-6285FF762C83} URL = http://www.amazon.co.uk/s/ref=azs_osd_i ... earchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{59F1010C-5176-4797-B554-EBF38E6251E9}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

FireFox:
========
FF ProfilePath: C:\Users\Zdeněk Kudrnáč\AppData\Roaming\Mozilla\Firefox\Profiles\csxtu4j7.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-3215566112-2211355728-2427998824-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Zdeněk Kudrnáč\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3215566112-2211355728-2427998824-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Zdeněk Kudrnáč\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\Zdeněk Kudrnáč\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-24]
CHR Extension: (Docs) - C:\Users\Zdeněk Kudrnáč\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-24]
CHR Extension: (Disk Google) - C:\Users\Zdeněk Kudrnáč\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-24]
CHR Extension: (YouTube) - C:\Users\Zdeněk Kudrnáč\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-24]
CHR Extension: (Vyhledávání Google) - C:\Users\Zdeněk Kudrnáč\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-24]
CHR Extension: (Tabulky Google) - C:\Users\Zdeněk Kudrnáč\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-24]
CHR Extension: (Gmail) - C:\Users\Zdeněk Kudrnáč\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-24]
CHR Profile: C:\Users\Zdeněk Kudrnáč\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Prezentace Google) - C:\Users\Zdeněk Kudrnáč\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-20]
CHR Extension: (Dokumenty Google) - C:\Users\Zdeněk Kudrnáč\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-20]
CHR Extension: (Disk Google) - C:\Users\Zdeněk Kudrnáč\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-20]
CHR Extension: (YouTube) - C:\Users\Zdeněk Kudrnáč\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-20]
CHR Extension: (Vyhledávání Google) - C:\Users\Zdeněk Kudrnáč\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-20]
CHR Extension: (Tabulky Google) - C:\Users\Zdeněk Kudrnáč\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-20]
CHR Extension: (Gmail) - C:\Users\Zdeněk Kudrnáč\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1349576 2014-10-01] (ESET)
R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 mi-raysat_3dsmax2014_64; C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe [86016 2011-09-15] () [File not signed]
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [4797064 2014-06-23] (INCA Internet Co., Ltd.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [332800 2013-03-29] (IDT, Inc.) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-12-01] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
S2 fc67e7a0; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\DeltaFix\DeltaFix.dll",serv

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Apowersoft_AudioDevice; C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys [31920 2014-04-09] (Wondershare)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [243440 2014-10-10] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [241368 2014-10-10] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [169280 2014-10-10] (ESET)
R2 epfw; C:\Windows\system32\DRIVERS\epfw.sys [222280 2014-10-10] (ESET)
R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [44632 2014-10-10] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [63160 2014-10-10] (ESET)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2014-11-23] ()
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2011-10-24] (Huawei Technologies Co., Ltd.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2014-06-01] (Intel Corporation)
R3 Neo_VPN; C:\Windows\system32\DRIVERS\Neo_VPN.sys [28768 2014-08-08] (SoftEther VPN Project at University of Tsukuba, Japan.)
S3 rkhdrv40; C:\Windows\SysWow64\Drivers\rkhdrv40.sys [24448 2014-11-23] () [File not signed]
R1 SeLow; C:\Windows\system32\DRIVERS\SeLow_x64.sys [38112 2014-08-08] (SoftEther VPN Project at University of Tsukuba, Japan.)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [106256 2013-09-06] (Oracle Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
S3 MFE_RR; \??\C:\Users\ZDENKK~1\AppData\Local\Temp\mfe_rr.sys [X]
S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X]
S3 X6va015; \??\C:\WINDOWS\SysWOW64\Drivers\X6va015 [X]
S3 xhunter1; \??\C:\WINDOWS\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-24 17:39 - 2014-11-24 17:41 - 00019674 _____ () C:\Users\Zdeněk Kudrnáč\Desktop\FRST.txt
2014-11-24 17:38 - 2014-11-24 17:41 - 00000000 ____D () C:\FRST
2014-11-24 17:37 - 2014-11-24 17:37 - 02118144 _____ (Farbar) C:\Users\Zdeněk Kudrnáč\Desktop\FRST64.exe
2014-11-24 17:37 - 2014-11-24 17:37 - 00112640 _____ (forum.viry.cz) C:\Users\Zdeněk Kudrnáč\Desktop\FRSTLauncher.exe
2014-11-24 17:33 - 2014-11-24 17:33 - 00000562 _____ () C:\WINDOWS\PFRO.log
2014-11-24 17:08 - 2014-11-24 17:32 - 00000000 ____D () C:\AdwCleaner
2014-11-24 17:08 - 2014-11-24 17:08 - 02148864 _____ () C:\Users\Zdeněk Kudrnáč\Downloads\adwcleaner_4.102.exe
2014-11-24 16:32 - 2014-11-24 17:36 - 00000000 ____D () C:\Program Files\trend micro
2014-11-24 16:32 - 2014-11-24 16:32 - 00000000 ____D () C:\rsit
2014-11-24 16:18 - 2014-11-24 16:18 - 01222144 _____ () C:\Users\Zdeněk Kudrnáč\Downloads\RSITx64.exe
2014-11-23 22:04 - 2014-11-23 22:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-23 22:03 - 2014-11-23 22:03 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Zdeněk Kudrnáč\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-23 22:03 - 2014-11-23 22:03 - 00000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2014-11-23 20:08 - 2014-11-23 20:08 - 00024448 _____ () C:\WINDOWS\SysWOW64\Drivers\rkhdrv40.sys
2014-11-23 19:54 - 2011-11-04 05:13 - 01070352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSCOMCTL.OCX
2014-11-23 19:54 - 2009-03-24 12:52 - 00129872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSSTDFMT.DLL
2014-11-23 19:51 - 2014-11-23 21:33 - 00000000 ____D () C:\Program Files (x86)\Spyware Terminator
2014-11-23 19:51 - 2014-11-23 19:51 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\stflt.sys
2014-11-23 19:32 - 2014-11-23 19:32 - 00003362 _____ () C:\WINDOWS\System32\Tasks\SpyHunter4Startup
2014-11-23 19:32 - 2014-11-23 19:32 - 00000000 ____D () C:\Users\Zdeněk Kudrnáč\AppData\Roaming\Enigma Software Group
2014-11-23 19:32 - 2014-11-23 19:32 - 00000000 ____D () C:\sh4ldr
2014-11-23 19:32 - 2014-11-23 19:32 - 00000000 _____ () C:\autoexec.bat
2014-11-23 19:31 - 2014-11-23 19:31 - 00022704 _____ () C:\WINDOWS\system32\Drivers\EsgScanner.sys
2014-11-23 17:49 - 2014-11-23 17:49 - 361365305 _____ () C:\Users\Zdeněk Kudrnáč\Downloads\[Rildas]Sword Art Online II - 20.mkv
2014-11-23 13:37 - 2014-11-23 13:37 - 00001177 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-23 13:37 - 2014-11-23 13:37 - 00001165 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-11-23 13:37 - 2014-11-23 13:37 - 00000000 ____D () C:\Users\Zdeněk Kudrnáč\AppData\Roaming\Mozilla
2014-11-23 13:37 - 2014-11-23 13:37 - 00000000 ____D () C:\Users\Zdeněk Kudrnáč\AppData\Local\Mozilla
2014-11-23 13:37 - 2014-11-23 13:37 - 00000000 ____D () C:\ProgramData\Mozilla
2014-11-23 13:37 - 2014-11-23 13:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-20 20:07 - 2014-11-20 20:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2014-11-20 20:01 - 2014-11-20 20:01 - 00000000 ____D () C:\Users\Zdeněk Kudrnáč\Downloads\Speclean
2014-11-20 20:00 - 2014-11-20 20:00 - 00000000 ____D () C:\ProgramData\ESET
2014-11-20 20:00 - 2014-11-20 20:00 - 00000000 ____D () C:\Program Files\ESET
2014-11-20 19:29 - 2014-11-20 19:29 - 00000196 _____ () C:\Users\Zdenk Kudrn\Desktop\Metin2Mod_PL_20112014_3.exe
2014-11-20 19:24 - 2014-11-20 19:24 - 00000000 ____D () C:\Users\Zdenk Kudrn
2014-11-20 16:14 - 2014-11-20 16:14 - 00001087 _____ () C:\Users\Public\Desktop\Guild Wars 2.lnk
2014-11-20 16:14 - 2014-11-20 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2
2014-11-19 20:45 - 2014-10-30 12:25 - 00275080 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-11-19 14:56 - 2014-11-19 14:56 - 00000195 _____ () C:\Users\Host\Desktop\Bodysuits & One-Pieces Directory of Bodysuits, Rompers and more on Aliexpress.com.url
2014-11-19 14:56 - 2014-11-19 14:56 - 00000190 _____ () C:\Users\Host\Desktop\Outerwear & Coats Directory of Jackets & Coats, Vests and more on Aliexpress.com.url
2014-11-19 14:56 - 2014-11-19 14:56 - 00000188 _____ () C:\Users\Host\Desktop\Clothing Sets Directory of Baby Girls, Apparel & Accessories and more on Aliexpress.com.url
2014-11-19 14:56 - 2014-11-19 14:56 - 00000186 _____ () C:\Users\Host\Desktop\Accessories Directory of Gloves & Mittens, Receiving Blankets and more on Aliexpress.com.url
2014-11-18 17:48 - 2014-11-18 17:48 - 00000167 _____ () C:\Users\Host\Desktop\Shop newborn online - Buy newborn for unbeatable low prices on AliExpress.com - Page 18.url
2014-11-17 14:44 - 2014-11-17 15:04 - 00000000 ____D () C:\Users\Zdeněk Kudrnáč\AppData\Roaming\RIFT
2014-11-17 14:44 - 2014-11-17 14:44 - 00000000 ____D () C:\Users\Zdeněk Kudrnáč\Documents\RIFT
2014-11-16 16:33 - 2014-11-16 16:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-11-16 14:30 - 2014-11-16 14:31 - 01170432 _____ () C:\WINDOWS\SysWOW64\dvttrn.dll
2014-11-15 17:35 - 2014-11-17 21:18 - 00000000 ____D () C:\Users\Zdeněk Kudrnáč\Desktop\Seitokai Yakuindomo 2
2014-11-15 11:43 - 2013-09-28 06:52 - 00225280 ____H () C:\Users\Zdeněk Kudrnáč\Desktop\Dark Souls Utilities.v11.suo
2014-11-15 11:19 - 2014-11-16 16:32 - 00000908 _____ () C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2014-11-15 11:19 - 2014-11-15 11:19 - 00000000 ____D () C:\Users\Zdeněk Kudrnáč\Documents\Nexus Mod Manager
2014-11-15 11:19 - 2014-11-15 11:19 - 00000000 ____D () C:\Users\Zdeněk Kudrnáč\AppData\Local\Black_Tree_Gaming
2014-11-15 11:18 - 2014-11-15 11:19 - 00000000 ____D () C:\Program Files\Nexus Mod Manager
2014-11-14 18:58 - 2014-11-14 19:03 - 159300343 _____ () C:\Users\Zdeněk Kudrnáč\Downloads\[HorribleSubs] Persona 4 - The Golden Animation - 03 [480p].mkv
2014-11-14 18:56 - 2014-11-14 19:00 - 159339295 _____ () C:\Users\Zdeněk Kudrnáč\Downloads\[HorribleSubs] Persona 4 - The Golden Animation - 02 [480p].mkv
2014-11-14 15:09 - 2014-11-17 14:24 - 00836801 _____ () C:\Users\Zdeněk Kudrnáč\Desktop\Nový Microsoft PowerPoint Presentation.pptx
2014-11-13 15:30 - 2014-11-13 15:30 - 00000000 ____D () C:\Users\Zdeněk Kudrnáč\Documents\FLiNGTrainer
2014-11-13 15:14 - 2014-11-13 15:14 - 00000000 ____D () C:\Users\Zdeněk Kudrnáč\Documents\Vlastní šablony Office
2014-11-12 17:00 - 2014-11-12 17:00 - 00000000 ____D () C:\Users\Zdeněk Kudrnáč\AppData\Local\Mirillis
2014-11-10 19:03 - 2014-11-10 19:03 - 00000000 ____D () C:\Program Files (x86)\FreeRapid-0.9u4
2014-11-03 17:43 - 2014-11-05 18:34 - 00000000 ____D () C:\Users\Zdeněk Kudrnáč\Desktop\Persona 4 - Golden Animation
2014-11-03 17:40 - 2014-11-03 17:40 - 00000000 ____D () C:\Users\Zdeněk Kudrnáč\AppData\Roaming\WinRAR
2014-11-03 17:39 - 2014-11-19 19:19 - 00000000 ____D () C:\Program Files\WinRAR
2014-11-03 17:32 - 2014-01-28 19:28 - 00000000 ____D () C:\Users\Zdeněk Kudrnáč\Desktop\Katekyo Hitman Reborn! 127-153
2014-11-03 16:33 - 2014-11-17 17:52 - 00000000 ____D () C:\Users\Zdeněk Kudrnáč\AppData\Local\gtk-2.0
2014-11-03 16:27 - 2014-11-17 18:46 - 00000000 ____D () C:\Users\Zdeněk Kudrnáč\AppData\Roaming\HexChat
2014-11-03 16:27 - 2014-11-03 16:27 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-03 16:26 - 2014-11-03 16:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HexChat
2014-11-03 16:26 - 2014-11-03 16:26 - 00000000 ____D () C:\Program Files\HexChat
2014-11-03 16:23 - 2014-11-03 16:25 - 00000000 ____D () C:\Users\Zdeněk Kudrnáč\AppData\Roaming\mIRC
2014-11-02 16:28 - 2014-11-02 16:28 - 00000000 ____D () C:\Users\Zdeněk Kudrnáč\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2014-11-02 16:28 - 2014-11-02 16:28 - 00000000 ____D () C:\Program Files (x86)\ASIO4ALL v2
2014-11-02 16:26 - 2014-11-02 16:26 - 00002074 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FL Studio 11.lnk
2014-11-02 16:26 - 2014-11-02 16:26 - 00002062 _____ () C:\Users\Public\Desktop\FL Studio 11.lnk
2014-11-02 16:26 - 2014-11-02 16:26 - 00000000 ____D () C:\Users\Zdeněk Kudrnáč\Documents\Image-Line
2014-11-02 16:26 - 2014-11-02 16:26 - 00000000 ____D () C:\Users\Zdeněk Kudrnáč\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2014-11-02 16:26 - 2014-11-02 16:26 - 00000000 ____D () C:\Users\Zdeněk Kudrnáč\AppData\Roaming\Image-Line
2014-11-02 16:26 - 2014-11-02 16:26 - 00000000 ____D () C:\Users\Zdeněk Kudrnáč\AppData\Roaming\FlowStone
2014-11-02 16:26 - 2014-11-02 16:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
2014-11-02 16:26 - 2014-11-02 16:26 - 00000000 ____D () C:\Program Files\Image-Line
2014-11-02 16:26 - 2014-11-02 16:26 - 00000000 ____D () C:\Program Files (x86)\VstPlugins
2014-11-02 16:26 - 2014-11-02 16:26 - 00000000 ____D () C:\Program Files (x86)\DSPRobotics
2014-11-02 16:26 - 2013-03-12 11:47 - 01431552 _____ (Propellerhead Software AB) C:\WINDOWS\SysWOW64\rewire.dll
2014-11-02 16:26 - 2009-09-15 10:14 - 01554944 _____ (HMS http://hp.vector.co.jp/authors/VA012897/) C:\WINDOWS\SysWOW64\vorbis.acm
2014-11-02 16:23 - 2014-11-02 16:26 - 00000000 ____D () C:\Program Files (x86)\Image-Line
2014-10-28 11:06 - 2014-11-23 21:47 - 00000000 ____D () C:\Users\Zdeněk Kudrnáč\AppData\Local\CrashDumps

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-24 17:38 - 2014-04-13 12:42 - 00464944 _____ () C:\WINDOWS\system32\prfh0804.dat
2014-11-24 17:38 - 2014-04-13 12:42 - 00147228 _____ () C:\WINDOWS\system32\prfc0804.dat
2014-11-24 17:38 - 2013-12-01 12:43 - 02548560 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-11-24 17:38 - 2013-11-26 16:22 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3215566112-2211355728-2427998824-1001
2014-11-24 17:38 - 2013-09-30 04:56 - 00800964 _____ () C:\WINDOWS\system32\perfh005.dat
2014-11-24 17:38 - 2013-09-30 04:56 - 00183494 _____ () C:\WINDOWS\system32\perfc005.dat
2014-11-24 17:36 - 2013-11-26 17:15 - 00000000 ____D () C:\Users\Zdeněk Kudrnáč\AppData\Local\Adobe
2014-11-24 17:34 - 2014-09-26 15:02 - 00004994 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for PERSOCOM-Zdeněk Kudrnáč Persocom
2014-11-24 17:34 - 2013-12-01 13:00 - 00000000 __RDO () C:\Users\Zdeněk Kudrnáč\SkyDrive
2014-11-24 17:33 - 2014-04-02 17:43 - 00000974 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cf4e92abc5b674.job
2014-11-24 17:33 - 2013-12-01 12:41 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-24 17:33 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-24 17:32 - 2013-11-26 16:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-11-24 17:32 - 2013-08-22 14:25 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI
2014-11-24 17:05 - 2014-06-25 15:50 - 00000978 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cf9084c1314275.job
2014-11-24 17:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-11-24 12:47 - 2014-10-08 17:33 - 00000386 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForZdeněk Kudrnáč.job
2014-11-24 09:24 - 2013-12-18 09:03 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3215566112-2211355728-2427998824-1005
2014-11-23 22:29 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2014-11-23 21:47 - 2014-01-27 16:09 - 00000000 ___DC () C:\Users\Zdeněk Kudrnáč\AppData\Local\MigWiz
2014-11-23 21:46 - 2013-11-09 17:51 - 00000000 ____D () C:\Users\Zdeněk Kudrnáč\Desktop\Já
2014-11-23 21:17 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-11-23 20:07 - 2012-11-14 15:54 - 00000000 ____D () C:\ProgramData\Temp
2014-11-23 19:32 - 2013-12-01 12:45 - 00000000 ____D () C:\Users\Zdeněk Kudrnáč
2014-11-23 13:37 - 2014-09-26 14:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-20 19:57 - 2013-11-26 16:24 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-20 17:37 - 2014-02-23 15:42 - 00000000 ____D () C:\Users\Zden�k Kudrn��\Downloads\Gameforge Live
2014-11-20 16:14 - 2014-07-31 21:11 - 00000000 ____D () C:\Program Files (x86)\Guild Wars 2
2014-11-20 16:14 - 2014-07-31 21:10 - 00000000 ____D () C:\Users\Zdeněk Kudrnáč\AppData\Roaming\Guild Wars 2
2014-11-20 16:13 - 2013-04-01 14:55 - 00000000 ____D () C:\Users\Zdeněk Kudrnáč\Documents\Guild Wars 2
2014-11-19 20:47 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-11-19 19:17 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-11-19 19:15 - 2013-12-04 18:10 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2014-11-19 19:15 - 2013-12-04 18:10 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-11-17 18:46 - 2014-01-10 18:08 - 00000000 ____D () C:\Users\Zdeněk Kudrnáč\AppData\Roaming\Aegisub
2014-11-17 17:51 - 2014-08-14 17:49 - 00000000 ____D () C:\Users\Zdeněk Kudrnáč\Documents\ArcheAge
2014-11-17 12:32 - 2014-01-24 16:14 - 00000000 ____D () C:\Users\Zdeněk Kudrnáč\AppData\Roaming\Azureus
2014-11-16 22:35 - 2013-09-16 15:59 - 00000000 ____D () C:\Games
2014-11-16 17:25 - 2014-07-28 18:30 - 00000000 ____D () C:\Users\Zdeněk Kudrnáč\Desktop\Sword Art Online II
2014-11-16 16:34 - 2014-09-14 13:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Witcher 2
2014-11-16 09:20 - 2013-11-26 16:12 - 00000000 ____D () C:\Users\Zdeněk Kudrnáč\AppData\Local\Packages
2014-11-15 15:00 - 2014-06-25 15:50 - 00003950 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1cf9084c1314275
2014-11-15 15:00 - 2014-04-02 17:43 - 00003714 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1cf4e92abc5b674
2014-11-12 18:47 - 2014-10-08 17:33 - 00003218 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForZdeněk Kudrnáč
2014-11-12 17:00 - 2014-07-15 15:09 - 00000000 ____D () C:\Action!
2014-11-12 16:56 - 2013-11-28 17:13 - 00000000 ____D () C:\Users\Zdeněk Kudrnáč\AppData\Roaming\VitySoft
2014-11-11 15:54 - 2014-10-12 14:27 - 00000000 ____D () C:\Program Files (x86)\QuadCoreM2
2014-11-10 19:07 - 2013-12-08 16:48 - 00001415 _____ () C:\Users\Zdeněk Kudrnáč\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\frd.lnk
2014-11-03 17:45 - 2014-08-08 17:40 - 00000000 ____D () C:\Users\Zdeněk Kudrnáč\Desktop\vpngate-client-2014.08.09-build-9473.130325
2014-11-03 16:16 - 2013-12-01 12:45 - 00000000 ____D () C:\Users\Host
2014-10-30 19:25 - 2013-12-02 17:18 - 00000000 ____D () C:\Users\Zdeněk Kudrnáč\AppData\Roaming\Skype

Some content of TEMP:
====================
C:\Users\Host\AppData\Local\Temp\i4jdel0.exe
C:\Users\Zdeněk Kudrnáč\AppData\Local\Temp\7d8ac556f5820589e97845dccc785fbf.dll
C:\Users\Zdeněk Kudrnáč\AppData\Local\Temp\dsp_ipp.dll
C:\Users\Zdeněk Kudrnáč\AppData\Local\Temp\i4jdel0.exe
C:\Users\Zdeněk Kudrnáč\AppData\Local\Temp\m2tvwjze.dll
C:\Users\Zdeněk Kudrnáč\AppData\Local\Temp\mirc736.exe
C:\Users\Zdeněk Kudrnáč\AppData\Local\Temp\Quarantine.exe
C:\Users\Zdeněk Kudrnáč\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Zdeněk Kudrnáč\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-20 09:55




===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: (OS) (Fixed) (Total:1849.78 GB) (Free:1258.45 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:11.42 GB) (Free:1.34 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Available physical RAM: 5498.19 MB
Total physical RAM: 8130.14 MB
Percentage of memory in use: 32%

==================== MBR and Partition Table ==================

Disk: 0 (Size: 1863 GB) (Disk ID: A69D0469)
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 14.9 GB) (Disk ID: 5EA6D18E)
Partition 1: (Not Active) - (Size=14.9 GB) - (Type=73)

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cf4e92abc5b674.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cf9084c1314275.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForZdeněk Kudrnáč.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\Users\Zdeněk Kudrnáč\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Zdeněk Kudrnáč\SkyDrive.old:ms-properties

==================== Security Center ==================

AV: ESET Smart Security 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personální firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Zden�k Kudrn��\Desktop" je 355746 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Bezva již to nikde nevidím a co PC má ještě nějaký problém ?

Tak to jsem rád. Počítač už je jinak v pořádku. Děkuji za pomoc.

Není zač a