VIRY.CZ

Dobrý den,

prosím o preventivní kontrolu, log příkládám níže.

Děkuji


Logfile of random's system information tool 1.10 (written by random/random)
Run by Michal at 2015-07-13 14:39:25
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 139 GB (31%) free of 454 GB
Total RAM: 3978 MB (40% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:39:30, on 13.7.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16659)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\MiuiTab\cmdshell.exe
C:\Users\Michal\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
C:\Program Files (x86)\rnamfler\naomf.exe
C:\Users\Michal\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\program files (x86)\rnamfler\radprcmp.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_203.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_203.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
C:\Program Files (x86)\MiuiTab\HPNotify.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\trend micro\Michal.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hppp&ts ... 6E849B5978
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type= ... earchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type= ... earchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hppp&ts ... 6E849B5978
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hppp&ts ... 6E849B5978
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds& ... earchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds& ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hppp&ts ... 6E849B5978
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.istartsurf.com/web/?type=dsp ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.istartsurf.com/web/?type=dsp ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 137.56.127.10 vpn.uvt.nl ###Cisco AnyConnect VPN client modified this file. Please do not modify contents until this comment is removed.
O2 - BHO: (no name) - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - (no file)
O2 - BHO: LuckyTab Class - {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} - C:\Program Files (x86)\MiuiTab\SupTab.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
O4 - HKLM\..\Run: [wrna3ls] C:\Program Files (x86)\rnamfler\naomf.exe
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Users\Michal\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Dropbox Update] "C:\Users\Michal\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3709121103-697001368-1351868520-1004\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'postgres')
O4 - HKUS\S-1-5-21-3709121103-697001368-1351868520-1004\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'postgres')
O4 - Startup: Dropbox.lnk = Michal\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (file missing)
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (file missing)
O9 - Extra button: (no name) - {537675de-6231-4c94-a204-c14207cd8f6f} - (no file)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{350719A6-CA5E-4B1C-B313-121017B2C3C7}: NameServer = 10.128.120.81
O17 - HKLM\System\CCS\Services\Tcpip\..\{9FD75074-C9C3-414D-A68C-4F6CE983914B}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{350719A6-CA5E-4B1C-B313-121017B2C3C7}: NameServer = 10.128.120.81
O17 - HKLM\System\CS2\Services\Tcpip\..\{350719A6-CA5E-4B1C-B313-121017B2C3C7}: NameServer = 10.128.120.81
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel® Centrino® Wireless Bluetooth® + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Power Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Connection Manager 4 Service (hpCMSrv) - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
O23 - Service: hpHotkeyMonitor - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: Úložná technologie Intel(R) Rapid (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: IHProtect Service - XTab system - C:\Program Files (x86)\MiuiTab\ProtectService.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: postgresql-8.4 - PostgreSQL Server 8.4 (postgresql-8.4) - PostgreSQL Global Development Group - C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RdnaoFlSvc - Unknown owner - C:\Program Files (x86)\rnamfler\naofsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10122 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: ArcCapture (uArcCapture) - ArcSoft, Inc. - C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Cisco AnyConnect Secure Mobility Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WinZiper service (winzipersvc) - Taiwan Shui Mu Chih Ching Technology Limited. - C:\Program Files (x86)\WinZipper\winzipersvc.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Broadcom Corporation - C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

--
End of file - 15311 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
"C:\Program Files\IDT\WDM\STacSV64.exe"

C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\vcsFPService.exe
"C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe"
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE" "C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe"
C:\Windows\system32\WLANExt.exe 26562608
\??\C:\Windows\system32\conhost.exe "1237010481-315048472-323136692-3414815541442953255-59566931-18510043101845445310
C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\Program Files (x86)\WinZipper\winzipersvc.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe"
"C:\Program Files (x86)\MiuiTab\ProtectService.exe"
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
C:\Windows\system32\IProsetMonitor.exe
"C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe" runservice -N "postgresql-8.4" -D "C:/Program Files (x86)/PostgreSQL/8.4/data" -w
"C:\Program Files (x86)\rnamfler\naofsvc.exe"
"C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:/Program Files (x86)/PostgreSQL/8.4/bin/postgres.exe" -D "C:/Program Files (x86)/PostgreSQL/8.4/data"
\??\C:\Windows\system32\conhost.exe "-1919721608132596601690938793618955855712038600973-2038841122-1520009927-2078746417
C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe
"C:/Program Files (x86)/PostgreSQL/8.4/bin/postgres.exe" "--forkboot" "864" "-x3"
"C:/Program Files (x86)/PostgreSQL/8.4/bin/postgres.exe" "--forkboot" "840" "-x4"
"C:/Program Files (x86)/PostgreSQL/8.4/bin/postgres.exe" "--forkavlauncher" "864"
"C:/Program Files (x86)/PostgreSQL/8.4/bin/postgres.exe" "--forkcol" "840"
"C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe"
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-0610d4df-38f1-4745-9677-0c0c68e3f014 -SystemEventPortName:HostProcess-0235afbf-41d7-4027-ad3d-6fa168e3e40d -IoCancelEventPortName:HostProcess-642a177d-9c17-480f-ac64-700390bff1ae -NonStateChangingEventPortName:HostProcess-8aadf346-6539-48c4-b37a-03eb829b3c97 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:b9571206-0bf7-43a6-99b9-f803e370a033 -DeviceGroupId:
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe"
"C:\Program Files (x86)\MiuiTab\cmdshell.exe"
"C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe"
"C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\Users\Michal\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
"C:\Program Files (x86)\rnamfler\naomf.exe"
"C:\Users\Michal\AppData\Roaming\Dropbox\bin\Dropbox.exe" /systemstartup
"C:\program files (x86)\rnamfler\radprcmp.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\sysWOW64\wbem\wmiprvse.exe -Embedding
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe" /hidden
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel="3212.0.359423402\1658958652" "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_203.dll" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" E7CF176E110C211B 3212 "\\.\pipe\gecko-crash-server-pipe.3212" plugin
"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_203.exe" --proxy-stub-channel=Flash6972.6307D9E8.8574 --host-broker-channel=Flash6972.6307D9E8.16553 --host-pid=6972 --host-npapi-version=28 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_203.dll"
"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_203.exe" --channel=7048.001BF614.1924491070 --proxy-stub-channel=Flash6972.6307D9E8.8574 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_203.dll" --host-npapi-version=28 --type=renderer
"C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe" -Embedding
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Users\Michal\AppData\Local\Hola\firefox\app\hola_plugin.exe" --no-root --no-kernel --workdir C:\Users\Michal\AppData\Local\Hola\firefox --firefox
"C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe"
C:\Windows\system32\igfxext.exe -Embedding
HPNotify.exe -run
"C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe" -auto
C:\Windows\system32\msiexec.exe /V
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
taskeng.exe {8B928197-9C96-4136-AC72-973D331B5B44}
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe5_ Global\UsGthrCtrlFltPipeMssGthrPipe5 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 520 524 532 65536 528
"C:\Users\Michal\Documents\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\DriverEasy Scheduled Scan.job - C:\Program Files\Easeware\DriverEasy\DriverEasy.exe --scan
C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-3709121103-697001368-1351868520-1000Core.job - C:\Users\Michal\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c
C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-3709121103-697001368-1351868520-1000UA.job - C:\Users\Michal\AppData\Local\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3709121103-697001368-1351868520-1000Core.job - C:\Users\Michal\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3709121103-697001368-1351868520-1000UA.job - C:\Users\Michal\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\HPCeeScheduleForMichal.job - C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForMichal (null)

=========Mozilla firefox=========

ProfilePath - C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\5j1q229b.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "https://www.google.cz/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 18.0.0.203 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_203.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.40.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.40.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.0]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 18.0.0.203 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_203.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.72.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.72.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll


C:\Program Files (x86)\Mozilla Firefox\plugins\
np-mswmp.dll
nppdf32.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\5j1q229b.default\extensions\
fftoolbar2014@etech.com
jid1-4P0kohSJxU1qGg@jetpack
sweetsearch@gmail.com
{5384767E-00D9-40E9-B72F-9CC39D655D6F}
{dd3d7613-0246-469d-bc65-2a3cc1668adc}

C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\5j1q229b.default\searchplugins\
delta-homes.xml
istartsurf.xml
mystartsearch.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2014-11-14 553896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-01 662672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-11-14 211880]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}]
LuckyTab Class - C:\Program Files (x86)\MiuiTab\SupTab.dll [2015-06-24 544952]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-20 460712]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-01 565304]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-20 172968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HPPowerAssistant"=C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe [2012-03-14 15232]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2014-11-14 171504]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2014-11-14 399856]
"Persistence"=C:\Windows\system32\igfxpers.exe [2014-11-14 442352]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2014-11-14 1703424]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Octoshape Streaming Services"=C:\Users\Michal\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [2011-03-24 107800]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2014-03-04 3696912]
"Dropbox Update"=C:\Users\Michal\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19 134512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21 959176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe [2012-09-29 7173632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2014-03-04 3696912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeAC]
C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe [2011-11-22 1327440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPConnectionManager]
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [2012-06-12 184736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NCPluginUpdater]
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [2015-06-30 21304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QLBController]
C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [2012-03-14 319360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-03-09 2887440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]
C:\Program Files\IDT\WDM\sttray64.exe [2014-11-14 1703424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files (x86)\Winamp\winampa.exe [2011-12-09 74752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe [2012-02-01 1380128]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe [2012-03-01 56088]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21 959176]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2015-07-02 5515496]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-03-07 335232]
"Cisco AnyConnect Secure Mobility Agent for Windows"=C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [2015-02-19 708496]
"wrna3ls"=C:\Program Files (x86)\rnamfler\naomf.exe [2006-04-01 1253448]

C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\Michal\AppData\Roaming\Dropbox\bin\Dropbox.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2014-11-14 441856]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=DPPassFilter
scecli
C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2015-07-13 14:36:18 ----D---- C:\Program Files (x86)\LibreOffice 4
2015-07-07 12:55:53 ----D---- C:\Users\Michal\AppData\Roaming\DonationCoder
2015-07-07 12:55:53 ----A---- C:\Windows\SYSWOW64\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2015-07-07 12:55:46 ----D---- C:\ProgramData\DonationCoder
2015-07-07 12:55:46 ----D---- C:\Program Files (x86)\ScreenshotCaptor
2015-07-07 12:46:40 ----A---- C:\Users\Michal\AppData\Roaming\CamShapes.ini
2015-07-07 12:46:40 ----A---- C:\Users\Michal\AppData\Roaming\CamLayout.ini
2015-07-07 12:46:40 ----A---- C:\Users\Michal\AppData\Roaming\Camdata.ini
2015-07-07 12:40:04 ----D---- C:\Users\Michal\AppData\Roaming\OBS
2015-07-07 12:39:56 ----D---- C:\Program Files\OBS
2015-07-07 12:39:55 ----D---- C:\Program Files (x86)\OBS
2015-07-07 10:27:09 ----D---- C:\Program Files\CamStudio 2.7
2015-07-07 10:25:56 ----D---- C:\Users\Michal\AppData\Roaming\Nico Mak Computing
2015-07-07 10:25:20 ----A---- C:\Windows\system32\roboot64.exe
2015-07-07 10:25:17 ----D---- C:\Program Files (x86)\WinZip Registry Optimizer
2015-07-04 22:26:19 ----D---- C:\Program Files (x86)\SopCast
2015-07-01 18:01:25 ----A---- C:\Windows\system32\aswBoot.exe
2015-07-01 18:01:12 ----A---- C:\Windows\avastSS.scr
2015-06-28 18:57:37 ----SHD---- C:\found.000
2015-06-24 07:02:52 ----A---- C:\Windows\SYSWOW64\vccorlib110.dll
2015-06-24 07:02:52 ----A---- C:\Windows\SYSWOW64\msvcr110.dll
2015-06-24 07:02:52 ----A---- C:\Windows\SYSWOW64\msvcp110.dll
2015-06-19 11:12:02 ----D---- C:\ProgramData\Dropbox

======List of files/folders modified in the last 1 month======

2015-07-13 14:39:29 ----D---- C:\Program Files\trend micro
2015-07-13 14:39:19 ----D---- C:\Windows\winsxs
2015-07-13 14:39:14 ----SHD---- C:\Windows\Installer
2015-07-13 14:39:14 ----SHD---- C:\Config.Msi
2015-07-13 14:39:13 ----RSD---- C:\Windows\assembly
2015-07-13 14:38:31 ----D---- C:\Windows\SysWOW64
2015-07-13 14:37:28 ----RSD---- C:\Windows\Fonts
2015-07-13 14:36:46 ----D---- C:\Windows\Temp
2015-07-13 14:36:18 ----RD---- C:\Program Files (x86)
2015-07-13 14:35:32 ----SHD---- C:\System Volume Information
2015-07-13 14:26:00 ----SD---- C:\Users\Michal\AppData\Roaming\Microsoft
2015-07-13 14:24:24 ----D---- C:\Users\Michal\AppData\Roaming\Dropbox
2015-07-13 14:23:50 ----D---- C:\Windows\SYSWOW64\drivers
2015-07-13 14:23:43 ----D---- C:\Windows
2015-07-13 14:22:32 ----D---- C:\Windows\Prefetch
2015-07-13 14:21:33 ----D---- C:\Windows\system32\config
2015-07-13 14:18:43 ----D---- C:\Users\Michal\AppData\Roaming\uTorrent
2015-07-13 14:13:10 ----D---- C:\Windows\Microsoft.NET
2015-07-13 14:12:57 ----D---- C:\ProgramData\Microsoft Help
2015-07-13 14:11:51 ----SD---- C:\ProgramData\Microsoft
2015-07-13 14:11:51 ----D---- C:\Program Files\Microsoft Office
2015-07-13 14:11:51 ----D---- C:\Program Files\Common Files\Microsoft Shared
2015-07-13 14:11:51 ----D---- C:\Program Files (x86)\Microsoft.NET
2015-07-13 14:11:51 ----D---- C:\Program Files
2015-07-13 14:10:10 ----D---- C:\Windows\ShellNew
2015-07-13 14:10:07 ----D---- C:\Program Files (x86)\MSBuild
2015-07-13 14:10:03 ----D---- C:\Windows\System32
2015-07-13 14:10:03 ----D---- C:\Program Files\Common Files
2015-07-13 14:07:31 ----D---- C:\Program Files\Common Files\System
2015-07-13 14:07:29 ----A---- C:\Windows\win.ini
2015-07-13 13:58:17 ----D---- C:\Program Files (x86)\Pinnacle
2015-07-13 13:58:12 ----HD---- C:\ProgramData
2015-07-13 13:57:17 ----D---- C:\Program Files (x86)\Common Files
2015-07-13 13:49:11 ----D---- C:\Windows\system32\Tasks
2015-07-13 13:49:10 ----D---- C:\Windows\Tasks
2015-07-13 08:03:38 ----D---- C:\Users\Michal\AppData\Roaming\Skype
2015-07-13 05:55:42 ----D---- C:\Program Files (x86)\WinZipper
2015-07-09 17:47:12 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-07-08 20:41:45 ----D---- C:\Users\Michal\AppData\Roaming\Audacity
2015-07-07 10:26:53 ----D---- C:\Program Files (x86)\MiuiTab
2015-07-04 22:05:25 ----D---- C:\Windows\system32\drivers
2015-07-04 22:04:23 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-04 22:04:23 ----D---- C:\Program Files (x86)\Mozilla Firefox
2015-06-30 18:34:54 ----D---- C:\Windows\system32\drivers\etc
2015-06-29 23:24:04 ----D---- C:\ProgramData\Skype
2015-06-23 13:30:20 ----N---- C:\Windows\system32\MpSigStub.exe
2015-06-14 12:47:44 ----D---- C:\Windows\rescache

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2015-07-01 65736]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2015-07-01 272248]
R0 hpdskflt;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2014-11-14 31040]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iaStor.sys [2012-02-02 568600]
R0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2012-03-27 19224]
R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [2012-03-08 58000]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2015-07-01 93528]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2015-07-01 1047320]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2015-07-02 442264]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2015-03-03 283064]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver; \??\C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [2015-01-01 26528]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2015-07-01 29168]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2015-07-01 89944]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2015-07-01 137288]
R3 Accelerometer;HP Mobile Data Protection Sensor; C:\Windows\system32\DRIVERS\Accelerometer.sys [2014-11-14 43328]
R3 AMPPAL;Virtuální adaptér Intel® Centrino® Wireless Bluetooth® + High Speed; C:\Windows\system32\DRIVERS\AMPPAL.sys [2012-01-09 195584]
R3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver; C:\Windows\system32\DRIVERS\ArcSoftVCapture.sys [2012-02-03 42816]
R3 BCM42RLY;BCM42RLY; C:\Windows\system32\drivers\BCM42RLY.sys [2012-09-29 22592]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl664.sys [2014-11-14 4749008]
R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C; C:\Windows\system32\DRIVERS\e1c62x64.sys [2014-05-02 495376]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2011-07-18 25912]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2014-11-14 5343584]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2014-11-14 454416]
R3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hub.sys [2012-03-27 356632]
R3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2014-11-14 792560]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [2015-02-12 129312]
R3 SPUVCbv;SPUVCb Driver Service; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [2014-11-14 1522976]
R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10322; C:\Windows\system32\DRIVERS\stwrt64.sys [2014-11-14 551936]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2012-03-09 425232]
R3 TotRec8;Total Recorder WDM audio filter driver; \??\C:\Windows\system32\drivers\TotRec8.sys [2014-04-30 126152]
R3 TPM;Čip TPM; C:\Windows\system32\drivers\tpm.sys [2009-07-14 38400]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\drivers\usbfilter.sys [2011-12-13 56448]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S1 chtqeqec;chtqeqec; \??\C:\Windows\system32\drivers\chtqeqec.sys []
S3 acsock;acsock; C:\Windows\system32\DRIVERS\acsock64.sys [2015-02-19 112496]
S3 amdhub30;AMD USB 3.0 Hub Driver; C:\Windows\system32\drivers\amdhub30.sys [2012-01-04 103552]
S3 amdxhc;AMD USB 3.0 Host Controller Driver; C:\Windows\system32\drivers\amdxhc.sys [2012-01-04 220288]
S3 AMPPALP;Protokol Intel® Centrino® Wireless Bluetooth® + High Speed; C:\Windows\system32\DRIVERS\amppal.sys [2012-01-09 195584]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter; C:\Windows\system32\drivers\bcbtums.sys [2014-11-14 172760]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 btwampfl;btwampfl Bluetooth filter driver; \??\C:\Windows\system32\drivers\btwampfl.sys [2012-02-02 615976]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2012-02-02 184360]
S3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\DRIVERS\btwavdt.sys [2012-02-02 211496]
S3 BTWDPAN;Bluetooth Personal Area Network; C:\Windows\system32\DRIVERS\btwdpan.sys [2012-02-02 89640]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2012-02-02 39976]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2012-02-02 21544]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2014-01-22 108800]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 esgiguard;esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys []
S3 EsgScanner;EsgScanner; C:\Windows\system32\DRIVERS\EsgScanner.sys []
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
S3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2014-11-14 176880]
S3 johci;JMicron 1394 Filter Driver; C:\Windows\system32\DRIVERS\johci.sys [2014-11-14 26208]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\Windows\system32\drivers\nusb3hub.sys [2010-07-27 78848]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\drivers\nusb3xhc.sys [2010-07-27 180224]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2010-11-21 109056]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2014-01-22 206080]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 tap0901;TAP-Windows Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2013-08-22 40664]
S3 taphss6;Anchorfree HSS VPN Adapter; C:\Windows\system32\DRIVERS\taphss6.sys [2014-05-17 42184]
S3 tapse01;SurfEasy TAP-Windows Adapter V9; C:\Windows\system32\DRIVERS\tapse01.sys [2014-12-02 39096]
S3 tap-tb-0901;TunnelBear Adapter V9; C:\Windows\system32\DRIVERS\tap-tb-0901.sys [2014-08-12 38656]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2013-02-12 19968]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 vpnva;Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64; C:\Windows\system32\DRIVERS\vpnva64-6.sys [2015-02-19 52592]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-09-04 64704]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service; C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-01-09 659968]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-07-01 343336]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service; C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-01-17 135952]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2012-02-01 945440]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DpHost;@C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [2012-03-27 493904]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2012-02-26 626960]
R2 HP Power Assistant Service;HP Power Assistant Service; C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2012-03-14 152992]
R2 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2015-05-19 99128]
R2 hpHotkeyMonitor;hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [2012-03-14 365440]
R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2014-11-14 33600]
R2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-03-01 13592]
R2 IHProtect Service;IHProtect Service; C:\Program Files (x86)\MiuiTab\ProtectService.exe [2015-06-24 125112]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-03-07 629984]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe [2014-09-23 261896]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2014-04-03 154584]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2014-04-03 398296]
R2 postgresql-8.4;postgresql-8.4 - PostgreSQL Server 8.4; C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files (x86)/PostgreSQL/8.4/data -w []
R2 RdnaoFlSvc;RdnaoFlSvc; C:\Program Files (x86)\rnamfler\naofsvc.exe [2006-04-01 55296]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2012-02-26 148752]
R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10122; C:\Program Files\IDT\WDM\STacSV64.exe [2014-11-14 340480]
R2 uArcCapture;ArcCapture; C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe [2012-02-03 498352]
R2 vcsFPService;Validity VCS Fingerprint Service; C:\Windows\system32\vcsFPService.exe [2012-03-20 2694224]
R2 vpnagent;Cisco AnyConnect Secure Mobility Agent; C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2015-02-19 562576]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2013-05-13 1129760]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-12 103608]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-19 116648]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-02-18 315488]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-09 268976]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2014-11-14 277488]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-19 116648]
S3 hpCMSrv;HP Connection Manager 4 Service; C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2012-06-12 1421728]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-07-01 148136]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-02-26 273168]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 PdiService;Portrait Displays SDK Service; C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2012-03-09 117552]

-----------------EOF-----------------

Zdravim

Stahnete AdwCleaner https://toolslib.net/downloads/finish/1/ a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Cleaning
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner [S?].txt ). Ten mi sem zkopirujte.

Udelejte kontrolu s MBAM. Test nastavte podle tohoto navodu (cili Vlastni sken vsech disku) http://forum.viry.cz/viewtopic.php?f=29&t=144868 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

# AdwCleaner v4.208 - Log vytvořen 14/07/2015 v 13:13:23
# Aktualizováno 09/07/2015 by Xplode
# Databáze : 2015-07-11.1 [Server]
# Operační system : Windows 7 Professional Service Pack 1 (x64)
# Uživatelské jméno : Michal - MICHAL-PC
# Spuštěno z : C:\Users\Michal\Desktop\adwcleaner_4.208.exe
# Nastavení : Čištění

***** [ Služby ] *****

[#] Služba Smazáno : IHProtect Service
[#] Služba Smazáno : winzipersvc

***** [ Soubory / Složky ] *****

Složka Smazáno : C:\ProgramData\WindowsMangerProtect
Složka Smazáno : C:\ProgramData\Fighters
Složka Smazáno : C:\ProgramData\IHProtectUpDate
Složka Smazáno : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper
Složka Smazáno : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Applian Technologies
Složka Smazáno : C:\Program Files (x86)\rnamfler
Složka Smazáno : C:\Program Files (x86)\WinZip Registry Optimizer
Složka Smazáno : C:\Program Files (x86)\WinZipper
Složka Smazáno : C:\Program Files (x86)\XTab
Složka Smazáno : C:\Program Files (x86)\Applian Technologies
Složka Smazáno : C:\Program Files (x86)\miuitab
Složka Smazáno : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Fighters
Složka Smazáno : C:\Program Files\Hola
Složka Smazáno : C:\Users\Michal\AppData\Local\Hola
Složka Smazáno : C:\Users\Michal\AppData\Roaming\WinZipper
Složka Smazáno : C:\Users\Michal\AppData\Roaming\Fighters
Složka Smazáno : C:\Users\Michal\AppData\Roaming\ProgSense
Složka Smazáno : C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\5j1q229b.default\Extensions\fftoolbar2014@etech.com
Složka Smazáno : C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\5j1q229b.default\Extensions\sweetsearch@gmail.com
Soubor Smazáno : C:\END
Soubor Smazáno : C:\Windows\System32\log\iSafeKrnlCall.log
Soubor Smazáno : C:\Windows\System32\roboot64.exe
Soubor Smazáno : C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\5j1q229b.default\invalidprefs.js
Soubor Smazáno : C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\5j1q229b.default\searchplugins\delta-homes.xml
Soubor Smazáno : C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\5j1q229b.default\searchplugins\istartsurf.xml
Soubor Smazáno : C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\5j1q229b.default\searchplugins\mystartsearch.xml
Soubor Smazáno : C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\5j1q229b.default\user.js
Soubor Smazáno : C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.v9.com_0.localstorage
Soubor Smazáno : C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.v9.com_0.localstorage-journal

***** [ Naplánované úlohy ] *****

Úloha Smazáno : BrowserProtect
Úloha Smazáno : DriverEasy Scheduled Scan
Úloha Smazáno : SomotoUpdateCheckerAutoStart

***** [ Zástupci ] *****


***** [ Registry ] *****

Hodnota Smazáno : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [fftoolbar2014@etech.com]
Hodnota Smazáno : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [searchengine@gmail.com]
Hodnota Smazáno : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [istart_ffnt@gmail.com]
Hodnota Smazáno : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [sweetsearch@gmail.com]
Hodnota Smazáno : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [quick_searchff@gmail.com]
Hodnota Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [wrna3ls]
Klíč Smazáno : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Klíč Smazáno : HKCU\Software\Mozilla\Extends
Klíč Smazáno : HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZipper
Klíč Smazáno : HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZipper
Klíč Smazáno : HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinZipper
Klíč Smazáno : HKLM\SOFTWARE\Classes\SDP
Klíč Smazáno : HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinZipper
Klíč Smazáno : HKLM\SOFTWARE\Classes\WinZipper.001
Klíč Smazáno : HKLM\SOFTWARE\Classes\WinZipper.7z
Klíč Smazáno : HKLM\SOFTWARE\Classes\WinZipper.arj
Klíč Smazáno : HKLM\SOFTWARE\Classes\WinZipper.bz2
Klíč Smazáno : HKLM\SOFTWARE\Classes\WinZipper.bzip2
Klíč Smazáno : HKLM\SOFTWARE\Classes\WinZipper.cab
Klíč Smazáno : HKLM\SOFTWARE\Classes\WinZipper.cpio
Klíč Smazáno : HKLM\SOFTWARE\Classes\WinZipper.deb
Klíč Smazáno : HKLM\SOFTWARE\Classes\WinZipper.dmg
Klíč Smazáno : HKLM\SOFTWARE\Classes\WinZipper.fat
Klíč Smazáno : HKLM\SOFTWARE\Classes\WinZipper.gz
Klíč Smazáno : HKLM\SOFTWARE\Classes\WinZipper.gzip
Klíč Smazáno : HKLM\SOFTWARE\Classes\WinZipper.hfs
Klíč Smazáno : HKLM\SOFTWARE\Classes\WinZipper.iso
Klíč Smazáno : HKLM\SOFTWARE\Classes\WinZipper.lha
Klíč Smazáno : HKLM\SOFTWARE\Classes\WinZipper.lzh
Klíč Smazáno : HKLM\SOFTWARE\Classes\WinZipper.lzma
Klíč Smazáno : HKLM\SOFTWARE\Classes\WinZipper.ntfs
Klíč Smazáno : HKLM\SOFTWARE\Classes\WinZipper.rar
Klíč Smazáno : HKLM\SOFTWARE\Classes\WinZipper.rpm
Klíč Smazáno : HKLM\SOFTWARE\Classes\WinZipper.squashfs
Klíč Smazáno : HKLM\SOFTWARE\Classes\WinZipper.swm
Klíč Smazáno : HKLM\SOFTWARE\Classes\WinZipper.tar
Klíč Smazáno : HKLM\SOFTWARE\Classes\WinZipper.taz
Klíč Smazáno : HKLM\SOFTWARE\Classes\WinZipper.tbz
Klíč Smazáno : HKLM\SOFTWARE\Classes\WinZipper.tbz2
Klíč Smazáno : HKLM\SOFTWARE\Classes\WinZipper.tgz
Klíč Smazáno : HKLM\SOFTWARE\Classes\WinZipper.tpz
Klíč Smazáno : HKLM\SOFTWARE\Classes\WinZipper.txz
Klíč Smazáno : HKLM\SOFTWARE\Classes\WinZipper.vhd
Klíč Smazáno : HKLM\SOFTWARE\Classes\WinZipper.wim
Klíč Smazáno : HKLM\SOFTWARE\Classes\WinZipper.xar
Klíč Smazáno : HKLM\SOFTWARE\Classes\WinZipper.xz
Klíč Smazáno : HKLM\SOFTWARE\Classes\WinZipper.z
Klíč Smazáno : HKLM\SOFTWARE\Classes\WinZipper.zip
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}
Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Klíč Smazáno : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\CLSID\{4F622628-7632-4B28-B184-D7BA0CA3273B}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Klíč Smazáno : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{425ED333-6083-428A-92C9-0CFC28B9D1BF}
Klíč Smazáno : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Klíč Smazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Klíč Smazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Klíč Smazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}
Klíč Smazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{425ED333-6083-428a-92C9-0CFC28B9D1BF}
Klíč Smazáno : HKCU\Software\APN PIP
Klíč Smazáno : HKCU\Software\simplytech
Klíč Smazáno : HKCU\Software\Somoto
Klíč Smazáno : HKCU\Software\V9
Klíč Smazáno : HKCU\Software\TNT2
Klíč Smazáno : HKCU\Software\Fighters
Klíč Smazáno : HKCU\Software\ProgSense
Klíč Smazáno : HKCU\Software\AceStream
Klíč Smazáno : HKCU\Software\PRODUCTSETUP
Klíč Smazáno : HKCU\Software\AppDataLow\Software\adawarebp
Klíč Smazáno : HKLM\SOFTWARE\delta-homesSoftware
Klíč Smazáno : HKLM\SOFTWARE\hdcode
Klíč Smazáno : HKLM\SOFTWARE\istartsurfSoftware
Klíč Smazáno : HKLM\SOFTWARE\PIP
Klíč Smazáno : HKLM\SOFTWARE\SupDp
Klíč Smazáno : HKLM\SOFTWARE\SupTab
Klíč Smazáno : HKLM\SOFTWARE\V9
Klíč Smazáno : HKLM\SOFTWARE\winzipersvc
Klíč Smazáno : HKLM\SOFTWARE\mystartsearchSoftware
Klíč Smazáno : HKLM\SOFTWARE\IHProtect
Klíč Smazáno : HKLM\SOFTWARE\FFPluginHp
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AceStream
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winzipper
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Klíč Smazáno : [x64] HKLM\SOFTWARE\Speedchecker Limited

***** [ Prohlížeče ] *****

-\\ Internet Explorer v9.0.8112.16659

Nastavení Obnoveno : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Nastavení Obnoveno : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Nastavení Obnoveno : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Nastavení Obnoveno : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Nastavení Obnoveno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Nastavení Obnoveno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Nastavení Obnoveno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Nastavení Obnoveno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Nastavení Obnoveno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch]
Nastavení Obnoveno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]
Nastavení Obnoveno : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Nastavení Obnoveno : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Nastavení Obnoveno : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Nastavení Obnoveno : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]

-\\ Mozilla Firefox v39.0 (x86 cs)

[5j1q229b.default\prefs.js] - Řádek Smazáno : user_pref("browser.search.defaultenginename", "istartsurf");
[5j1q229b.default\prefs.js] - Řádek Smazáno : user_pref("browser.search.hiddenOneOffs", "DuckDuckGo,Heuréka,Slunečnice,mystartsearch");
[5j1q229b.default\prefs.js] - Řádek Smazáno : user_pref("browser.search.searchengine.alias", "istartsurf");
[5j1q229b.default\prefs.js] - Řádek Smazáno : user_pref("browser.search.searchengine.iconURL", "hxxp://www.istartsurf.com/web/favicon.ico");
[5j1q229b.default\prefs.js] - Řádek Smazáno : user_pref("browser.search.searchengine.name", "istartsurf");
[5j1q229b.default\prefs.js] - Řádek Smazáno : user_pref("browser.search.searchengine.url", "hxxp://www.istartsurf.com/web/?type=dspp&ts=14 ... earchTerms}");
[5j1q229b.default\prefs.js] - Řádek Smazáno : user_pref("browser.search.selectedEngine", "istartsurf");
[5j1q229b.default\prefs.js] - Řádek Smazáno : user_pref("extensions.istart_ffnt@gmail.com.install-event-fired", true);
[5j1q229b.default\prefs.js] - Řádek Smazáno : user_pref("extensions.quick_start.enable_search1", false);
[5j1q229b.default\prefs.js] - Řádek Smazáno : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);

-\\ Google Chrome v43.0.2357.132

[C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Smazáno [Search Provider] : hxxp://www.v9.com/web?type=ds&ts=1433835434&fr ... earchTerms}
[C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Smazáno [Homepage] :
[C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Smazáno [Startup_URLs] : AB0F5DE03A08A5554B03A1961CB88C91C52FDD60467C65D1DB878F0EFFDB3332"},"software_reporter":{"prompt_reason":"D9E4E60C09A3F806EDADFD4AA6FF69EB7116600DB3E319F0D4504BC15F90D39E","prompt_seed":"BBE970270B91D12C722459E865850659A11C00E40E77408858A078916C2976C7","prompt_version":"59F57405660A2B4BB040374C8D380DEE6940A71E918C6F4ED07C86615F901BBB"},"sync":{"remaining_rollback_tries":"B1B51611A679F125AC946E49D750EA65D270942EE1E12143598FA7A540CB8F3C"}},"super_mac":"33E6ABFE828D6876E857CF93C455CFED28CC5DA44A3989AD6DC9A0DCA02D8DF3"},"session":{"restore_on_startup":5,"startup_urls":["hxxp://www.v9.com?type=hp&ts=1433835434&from=m ... 4c2w9z8c5m

*************************

AdwCleaner[R0].txt - [2570 bytů] - [09/11/2013 01:10:16]
AdwCleaner[R1].txt - [21692 bytů] - [14/07/2015 13:07:33]
AdwCleaner[S0].txt - [2425 bytů] - [09/11/2013 01:11:28]
AdwCleaner[S1].txt - [13645 bytů] - [14/07/2015 13:13:23]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [13704 bytů] ##########

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 14.7.2015
Čas skenování: 13:26
Protokol: mal.txt
Správce: Ano

Verze: 2.1.8.1057
Databáze malwaru: v2015.07.14.02
Databáze rootkitů: v2015.07.10.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Michal

Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 640465
Uplynulý čas: 3 hod, 0 min, 46 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Zapnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 5
PUP.Optional.V9.A, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{425ED333-6083-428A-92C9-0CFC28B9D1BF}, , [8c1e479a5e2cbe78f4c39deba361639d],
PUP.Optional.V9.A, HKU\S-1-5-19\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{425ED333-6083-428A-92C9-0CFC28B9D1BF}, , [7535657c3654be78764153359e66df21],
PUP.Optional.V9.A, HKU\S-1-5-20\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{425ED333-6083-428A-92C9-0CFC28B9D1BF}, , [66448b567b0f3afc0caba0e8877d728e],
PUP.Optional.V9.A, HKU\S-1-5-21-3709121103-697001368-1351868520-1000\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{425ED333-6083-428A-92C9-0CFC28B9D1BF}, , [8822cb169feb62d4595e53356c9841bf],
PUP.Optional.V9.A, HKU\S-1-5-21-3709121103-697001368-1351868520-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{425ED333-6083-428A-92C9-0CFC28B9D1BF}, , [c5e5b62b5733ae883087a7e1ea1a41bf],

Hodnoty registru: 11
PUP.Optional.CertifiedToolBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURI|(Default), http://search.certified-toolbar.com?si= ... 63529&q=%s, , [5555f1f01b6f1521b7a276bc3ac9857b]
PUP.Optional.V9.A, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{425ED333-6083-428a-92C9-0CFC28B9D1BF}|URL, http://www.v9.com/web?type=ds&ts=143383 ... earchTerms}, , [8c1e479a5e2cbe78f4c39deba361639d]
PUP.Optional.V9.A, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{425ED333-6083-428a-92C9-0CFC28B9D1BF}|FaviconURL, http://www.v9.com/favicon.ico?t=1, , [c0eaa1405238c571b9fe7a0e2ed637c9]
PUP.Optional.V9.A, HKU\S-1-5-19\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{425ED333-6083-428a-92C9-0CFC28B9D1BF}|URL, http://www.v9.com/web?type=ds&ts=143383 ... earchTerms}, , [7535657c3654be78764153359e66df21]
PUP.Optional.V9.A, HKU\S-1-5-19\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{425ED333-6083-428a-92C9-0CFC28B9D1BF}|FaviconURL, http://www.v9.com/favicon.ico?t=1, , [f3b7924f7416c274684f16727e86b848]
PUP.Optional.V9.A, HKU\S-1-5-20\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{425ED333-6083-428a-92C9-0CFC28B9D1BF}|URL, http://www.v9.com/web?type=ds&ts=143383 ... earchTerms}, , [66448b567b0f3afc0caba0e8877d728e]
PUP.Optional.V9.A, HKU\S-1-5-20\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{425ED333-6083-428a-92C9-0CFC28B9D1BF}|FaviconURL, http://www.v9.com/favicon.ico?t=1, , [f2b84c957218bb7ba512bfc954b0f30d]
PUP.Optional.V9.A, HKU\S-1-5-21-3709121103-697001368-1351868520-1000\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{425ED333-6083-428a-92C9-0CFC28B9D1BF}|URL, http://www.v9.com/web?type=ds&ts=143383 ... earchTerms}, , [8822cb169feb62d4595e53356c9841bf]
PUP.Optional.V9.A, HKU\S-1-5-21-3709121103-697001368-1351868520-1000\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{425ED333-6083-428a-92C9-0CFC28B9D1BF}|FaviconURL, http://www.v9.com/favicon.ico?t=1, , [e8c25e83622870c6793e4b3d0ff5768a]
PUP.Optional.V9.A, HKU\S-1-5-21-3709121103-697001368-1351868520-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{425ED333-6083-428a-92C9-0CFC28B9D1BF}|URL, http://www.v9.com/web?type=ds&ts=143383 ... earchTerms}, , [c5e5b62b5733ae883087a7e1ea1a41bf]
PUP.Optional.V9.A, HKU\S-1-5-21-3709121103-697001368-1351868520-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{425ED333-6083-428a-92C9-0CFC28B9D1BF}|FaviconURL, http://www.v9.com/favicon.ico?t=1, , [d5d5c120c5c5cd693087226691731ae6]

Data registru: 8
PUP.Optional.SimplyTech.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\ABOUTURLS|newtab, %appdata%\SimplyTech\home\home.htm, Dobré: (www.google.com), Špatné: (%appdata%\SimplyTech\home\home.htm),,[d8d2da077d0df640397311130df84db3]
PUP.Optional.V9.A, HKU\S-1-5-19\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.v9.com?type=hp&ts=1433835434 ... 4c2w9z8c5m, Dobré: (www.google.com), Špatné: (http://www.v9.com?type=hp&ts=1433835434 ... 4c2w9z8c5m),,[5258d60bb0da9c9a8c5f66be34d15ea2]
PUP.Optional.V9.A, HKU\S-1-5-19\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.v9.com?type=hp&ts=1433835434 ... 4c2w9z8c5m, Dobré: (www.google.com), Špatné: (http://www.v9.com?type=hp&ts=1433835434 ... 4c2w9z8c5m),,[8822de03a0ea62d4cd1e8a9af0158e72]
PUP.Optional.V9.A, HKU\S-1-5-20\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.v9.com?type=hp&ts=1433835434 ... 4c2w9z8c5m, Dobré: (www.google.com), Špatné: (http://www.v9.com?type=hp&ts=1433835434 ... 4c2w9z8c5m),,[b7f3845d147642f4915a30f4a065a45c]
PUP.Optional.V9.A, HKU\S-1-5-20\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.v9.com?type=hp&ts=1433835434 ... 4c2w9z8c5m, Dobré: (www.google.com), Špatné: (http://www.v9.com?type=hp&ts=1433835434 ... 4c2w9z8c5m),,[a8024998bbcfc96df8f35aca689d827e]
PUP.Optional.SearchCertifiedTB.A, HKU\S-1-5-21-3709121103-697001368-1351868520-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURI|(Default), http://search.certified-toolbar.com?si= ... 63529&q=%s, Dobré: (www.google.com), Špatné: (http://search.certified-toolbar.com?si= ... 63529&q=%s),,[62484b96d0baac8a42eeed42cc3941bf]
PUP.Optional.V9.A, HKU\S-1-5-21-3709121103-697001368-1351868520-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.v9.com?type=hp&ts=1433835434 ... 4c2w9z8c5m, Dobré: (www.google.com), Špatné: (http://www.v9.com?type=hp&ts=1433835434 ... 4c2w9z8c5m),,[3c6ea63bbdcd6ec8feed31f307fe2bd5]
PUP.Optional.V9.A, HKU\S-1-5-21-3709121103-697001368-1351868520-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.v9.com?type=hp&ts=1433835434 ... 4c2w9z8c5m, Dobré: (www.google.com), Špatné: (http://www.v9.com?type=hp&ts=1433835434 ... 4c2w9z8c5m),,[8624a839e6a49b9b707ba57ff1140df3]

Složky: 4
PUP.Optional.Everything.A, C:\Users\Michal\AppData\Everything, , [9a107968ec9e2e08c918669b1ee550b0],
PUP.Optional.Everything.A, C:\Users\Michal\AppData\Everything\net_search, , [9a107968ec9e2e08c918669b1ee550b0],
PUP.Optional.Everything.A, C:\Users\Michal\AppData\Everything\skin, , [9a107968ec9e2e08c918669b1ee550b0],
PUP.Optional.BrowserUpdater.A, C:\Windows\System32\Tasks\Browser Updater, , [dcce568b2d5d4fe7fbdda453fd05728e],

Soubory: 49
PUP.Optional.Browserwatch, C:\AdwCleaner\Quarantine\C\Program Files (x86)\miuitab\BrowerWatchCH.dll.vir, , [3d6d2bb6bdcddd59072192860ef754ac],
PUP.Optional.Browserwatch, C:\AdwCleaner\Quarantine\C\Program Files (x86)\miuitab\BrowerWatchFF.dll.vir, , [5f4b32af4e3c83b3101867b153b2ab55],
PUP.Optional.SearchProtect, C:\AdwCleaner\Quarantine\C\Program Files (x86)\miuitab\BrowserAction.dll.vir, , [377335ac2961c472b5869cef9c650ff1],
PUP.Optional.XTab.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\miuitab\ProtectService.exe.vir, , [5555bb266e1c86b00c42e37849b8a35d],
PUP.Optional.Everything.A, C:\Users\Michal\AppData\Everything\uninst.exe, , [ddcda1404e3c2e0827668b282bd6fe02],
PUP.Optional.Everything.A, C:\Users\Michal\AppData\Everything\update.exe, , [b8f227baa0ead660bad3268dc63b38c8],
PUP.Optional.SkyTech.A, C:\Users\Michal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MQ14FWCQ\1[1].zip, , [cfdb3ba695f540f6aeff5ef5fc05916f],
PUP.Optional.IStartSurf.A, C:\Users\Michal\AppData\Local\Temp\is386526232\2C2C9FB5_stp\June3_3899_cornl_istartsurf.exe, , [f2b813ce8208b086d948015ffb0af10f],
PUP.Optional.Somoto, C:\Users\Michal\Documents\Downloads\Easy_ScreenShot_Recording.exe, , [6e3c449dcebcb2848a78470d85809c64],
PUP.Optional.InstallCore.SID.C, C:\Users\Michal\Documents\Downloads\CamStudio_Setup_2-7_r316.exe, , [baf036ab335792a45ce2f36fd431916f],
PUP.Optional.APNToolBar.A, C:\Users\Michal\Documents\Downloads\SopCast.zip, , [9b0f49982e5c7cbaf50106a0b34e956b],
PUP.Optional.APNToolBar.A, C:\Users\Michal\Documents\Downloads\bordel\Setup-SopCast-3.9.6-2014-12-12.exe, , [5b4f726fa8e28aac24d2f0b60af714ec],
PUP.Optional.APNToolBar.A, C:\Users\Michal\Documents\Downloads\bordel\SopCast.zip, , [0d9d7b6617737cba45b13e68c23f4eb2],
PUP.Optional.OpenCandy, C:\Users\Michal\Documents\Downloads\bordel\DTLite4491-0356.exe, , [dcce5c8531592c0aa822dd774cb99c64],
PUP.Optional.APNToolBar.A, C:\Users\Michal\Documents\Downloads\SopCast\Setup-SopCast-3.9.6-2014-12-12.exe, , [00aa68799befb482629406a03ac7e41c],
PUP.Optional.Everything.A, C:\Users\Michal\AppData\Everything\config.ini, , [9a107968ec9e2e08c918669b1ee550b0],
PUP.Optional.Everything.A, C:\Users\Michal\AppData\Everything\everything.dll, , [9a107968ec9e2e08c918669b1ee550b0],
PUP.Optional.Everything.A, C:\Users\Michal\AppData\Everything\everything.exe, , [9a107968ec9e2e08c918669b1ee550b0],
PUP.Optional.Everything.A, C:\Users\Michal\AppData\Everything\helper.dll, , [9a107968ec9e2e08c918669b1ee550b0],
PUP.Optional.Everything.A, C:\Users\Michal\AppData\Everything\Patch.dll, , [9a107968ec9e2e08c918669b1ee550b0],
PUP.Optional.Everything.A, C:\Users\Michal\AppData\Everything\SearchBase.db, , [9a107968ec9e2e08c918669b1ee550b0],
PUP.Optional.Everything.A, C:\Users\Michal\AppData\Everything\SearchBase.exe, , [9a107968ec9e2e08c918669b1ee550b0],
PUP.Optional.Everything.A, C:\Users\Michal\AppData\Everything\SearchHand.dll, , [9a107968ec9e2e08c918669b1ee550b0],
PUP.Optional.Everything.A, C:\Users\Michal\AppData\Everything\SFKEX.dll, , [9a107968ec9e2e08c918669b1ee550b0],
PUP.Optional.Everything.A, C:\Users\Michal\AppData\Everything\SFKEX.exe, , [9a107968ec9e2e08c918669b1ee550b0],
PUP.Optional.Everything.A, C:\Users\Michal\AppData\Everything\SFKEX64.dll, , [9a107968ec9e2e08c918669b1ee550b0],
PUP.Optional.Everything.A, C:\Users\Michal\AppData\Everything\SFKEX64.exe, , [9a107968ec9e2e08c918669b1ee550b0],
PUP.Optional.Everything.A, C:\Users\Michal\AppData\Everything\net_search\bing.png, , [9a107968ec9e2e08c918669b1ee550b0],
PUP.Optional.Everything.A, C:\Users\Michal\AppData\Everything\net_search\google.png, , [9a107968ec9e2e08c918669b1ee550b0],
PUP.Optional.Everything.A, C:\Users\Michal\AppData\Everything\net_search\search_config.ini, , [9a107968ec9e2e08c918669b1ee550b0],
PUP.Optional.Everything.A, C:\Users\Michal\AppData\Everything\net_search\SFK.ini, , [9a107968ec9e2e08c918669b1ee550b0],
PUP.Optional.Everything.A, C:\Users\Michal\AppData\Everything\net_search\SFKEX.ini, , [9a107968ec9e2e08c918669b1ee550b0],
PUP.Optional.Everything.A, C:\Users\Michal\AppData\Everything\net_search\yahoo.png, , [9a107968ec9e2e08c918669b1ee550b0],
PUP.Optional.Everything.A, C:\Users\Michal\AppData\Everything\skin\bing.png, , [9a107968ec9e2e08c918669b1ee550b0],
PUP.Optional.Everything.A, C:\Users\Michal\AppData\Everything\skin\caret.png, , [9a107968ec9e2e08c918669b1ee550b0],
PUP.Optional.Everything.A, C:\Users\Michal\AppData\Everything\skin\FileListItem.xml, , [9a107968ec9e2e08c918669b1ee550b0],
PUP.Optional.Everything.A, C:\Users\Michal\AppData\Everything\skin\FileListItem_bing.xml, , [9a107968ec9e2e08c918669b1ee550b0],
PUP.Optional.Everything.A, C:\Users\Michal\AppData\Everything\skin\FileListItem_google.xml, , [9a107968ec9e2e08c918669b1ee550b0],
PUP.Optional.Everything.A, C:\Users\Michal\AppData\Everything\skin\frame.png, , [9a107968ec9e2e08c918669b1ee550b0],
PUP.Optional.Everything.A, C:\Users\Michal\AppData\Everything\skin\frame2.png, , [9a107968ec9e2e08c918669b1ee550b0],
PUP.Optional.Everything.A, C:\Users\Michal\AppData\Everything\skin\google.png, , [9a107968ec9e2e08c918669b1ee550b0],
PUP.Optional.Everything.A, C:\Users\Michal\AppData\Everything\skin\guide.png, , [9a107968ec9e2e08c918669b1ee550b0],
PUP.Optional.Everything.A, C:\Users\Michal\AppData\Everything\skin\icon_search.png, , [9a107968ec9e2e08c918669b1ee550b0],
PUP.Optional.Everything.A, C:\Users\Michal\AppData\Everything\skin\mainpanel.png, , [9a107968ec9e2e08c918669b1ee550b0],
PUP.Optional.Everything.A, C:\Users\Michal\AppData\Everything\skin\MainPannel.xml, , [9a107968ec9e2e08c918669b1ee550b0],
PUP.Optional.Everything.A, C:\Users\Michal\AppData\Everything\skin\panel_base.xml, , [9a107968ec9e2e08c918669b1ee550b0],
PUP.Optional.Everything.A, C:\Users\Michal\AppData\Everything\skin\search_content_list.png, , [9a107968ec9e2e08c918669b1ee550b0],
PUP.Optional.Everything.A, C:\Users\Michal\AppData\Everything\skin\WndMask.xml, , [9a107968ec9e2e08c918669b1ee550b0],
PUP.Optional.Everything.A, C:\Users\Michal\AppData\Everything\skin\yahoo.png, , [9a107968ec9e2e08c918669b1ee550b0],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

Vsechny nalezy nechte odstranit. Po odstraneni a restartu pc test zopakujte, at vime, jestli se to nevraci. Napiste vysledek testu a podle nej zvolim dalsi postup.

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 14.7.2015
Čas skenování: 20:16
Protokol: mal2.txt
Správce: Ano

Verze: 2.1.8.1057
Databáze malwaru: v2015.07.14.05
Databáze rootkitů: v2015.07.14.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Michal

Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 645785
Uplynulý čas: 3 hod, 52 min, 4 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Zapnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 0
(Nenalezeny žádné škodlivé položky)

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

MBAM odinstalujte.

Dejte novy log z RSIT

a k tomu

Dejte logy podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100 - vypnete na chvili antivir, je mozne, ze to bude blokovat jako skodnou, ale pouzivame to porad, jedna se o falesny poplach

Logfile of random's system information tool 1.10 (written by random/random)
Run by Michal at 2015-07-15 10:07:45
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 136 GB (30%) free of 454 GB
Total RAM: 3978 MB (34% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:07:48, on 15.7.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16659)
Boot mode: Normal

Running processes:
C:\Users\Michal\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Michal\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\ScreenshotCaptor\ScreenshotCaptor.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\LibreOffice 4\program\swriter.exe
C:\Program Files (x86)\LibreOffice 4\program\soffice.exe
C:\Program Files (x86)\LibreOffice 4\program\soffice.bin
C:\Program Files\trend micro\Michal.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: 137.56.127.10 vpn.uvt.nl ###Cisco AnyConnect VPN client modified this file. Please do not modify contents until this comment is removed.
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Users\Michal\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Dropbox Update] "C:\Users\Michal\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-21-3709121103-697001368-1351868520-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [Octoshape Streaming Services] "C:\Users\Michal\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun (User '?')
O4 - HKUS\S-1-5-21-3709121103-697001368-1351868520-1004\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'postgres')
O4 - HKUS\S-1-5-21-3709121103-697001368-1351868520-1004\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'postgres')
O4 - HKUS\S-1-5-21-3709121103-697001368-1351868520-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-21-3709121103-697001368-1351868520-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')
O4 - S-1-5-21-3709121103-697001368-1351868520-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 Startup: Dropbox.lnk = Michal\AppData\Roaming\Dropbox\bin\Dropbox.exe (User '?')
O4 - Startup: Dropbox.lnk = Michal\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (file missing)
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (file missing)
O9 - Extra button: (no name) - {537675de-6231-4c94-a204-c14207cd8f6f} - (no file)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{350719A6-CA5E-4B1C-B313-121017B2C3C7}: NameServer = 10.128.120.81
O17 - HKLM\System\CCS\Services\Tcpip\..\{9FD75074-C9C3-414D-A68C-4F6CE983914B}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{350719A6-CA5E-4B1C-B313-121017B2C3C7}: NameServer = 10.128.120.81
O17 - HKLM\System\CS2\Services\Tcpip\..\{350719A6-CA5E-4B1C-B313-121017B2C3C7}: NameServer = 10.128.120.81
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel® Centrino® Wireless Bluetooth® + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Power Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Connection Manager 4 Service (hpCMSrv) - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
O23 - Service: hpHotkeyMonitor - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: Úložná technologie Intel(R) Rapid (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: postgresql-8.4 - PostgreSQL Server 8.4 (postgresql-8.4) - PostgreSQL Global Development Group - C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RdnaoFlSvc - Unknown owner - C:\Program Files (x86)\rnamfler\naofsvc.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10122 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: ArcCapture (uArcCapture) - ArcSoft, Inc. - C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Cisco AnyConnect Secure Mobility Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Broadcom Corporation - C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

--
End of file - 13837 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
"C:\Program Files\IDT\WDM\STacSV64.exe"
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\vcsFPService.exe
"C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe"
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe 29847248
\??\C:\Windows\system32\conhost.exe "171810672-976729630-1875267355116687441800879341-947458313-20871302311775454053
"C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE" "C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe"
C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\Explorer.EXE
"C:\Windows\system32\Dwm.exe"
"taskhost.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe"
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
C:\Windows\system32\IProsetMonitor.exe
"C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe"
"C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe"
"C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe" runservice -N "postgresql-8.4" -D "C:/Program Files (x86)/PostgreSQL/8.4/data" -w
"C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe
"C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe"
"C:/Program Files (x86)/PostgreSQL/8.4/bin/postgres.exe" -D "C:/Program Files (x86)/PostgreSQL/8.4/data"
\??\C:\Windows\system32\conhost.exe "1061205685543033894355823941-473432382-1776345967-1323592364-336054432-510792361
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
"C:/Program Files (x86)/PostgreSQL/8.4/bin/postgres.exe" "--forkboot" "840" "-x3"
"C:/Program Files (x86)/PostgreSQL/8.4/bin/postgres.exe" "--forkboot" "864" "-x4"
"C:/Program Files (x86)/PostgreSQL/8.4/bin/postgres.exe" "--forkavlauncher" "840"
"C:/Program Files (x86)/PostgreSQL/8.4/bin/postgres.exe" "--forkcol" "868"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-1c8f72be-bf86-42cf-9645-a5b462214f74 -SystemEventPortName:HostProcess-b1931d7b-7a1d-4ba2-b218-b90164664b3b -IoCancelEventPortName:HostProcess-99744c1d-82ab-4c42-bda1-bf507efb6f84 -NonStateChangingEventPortName:HostProcess-65426e7e-6040-4094-bccf-35bfa627664b -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:ce7156f6-5e00-4d0b-8f71-2923f4f67b42 -DeviceGroupId:
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\Users\Michal\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Users\Michal\AppData\Roaming\Dropbox\bin\Dropbox.exe" /systemstartup
"C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe"
"C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe"
"C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe" /hidden
"C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe" -Embedding
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe"
C:\Windows\system32\igfxext.exe -Embedding
"C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe" -auto
"C:\Program Files (x86)\ScreenshotCaptor\ScreenshotCaptor.exe"
"taskhost.exe"
"C:\Windows\system32\notepad.exe"
"C:\Windows\system32\notepad.exe"
"C:\Program Files (x86)\uTorrent\uTorrent.exe"
"C:\Users\Michal\AppData\Local\Hola\firefox\app\hola_plugin.exe" --no-root --no-kernel --workdir C:\Users\Michal\AppData\Local\Hola\firefox --firefox
"C:\Program Files (x86)\LibreOffice 4\program\\swriter.exe" -o "C:\Users\Michal\Documents\bordel\žužu.docx"
"C:\Program Files (x86)\LibreOffice 4\program\\swriter.exe" -o "C:\Users\Michal\Documents\bordel\žužu.docx" --writer
"C:\Program Files (x86)\LibreOffice 4\program\\swriter.exe" "-o" "C:\Users\Michal\Documents\bordel\žužu.docx" "--writer" "-env:OOO_CWD=2C:\\Users\\Michal\\Documents\\bordel"
taskeng.exe {A47683BB-5921-4C91-A8FA-0DE8078B7DBE}

"C:\Program Files (x86)\CCleaner\CCleaner64.exe"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe12_ Global\UsGthrCtrlFltPipeMssGthrPipe12 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 520 524 532 65536 528
"C:\Users\Michal\Documents\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-3709121103-697001368-1351868520-1000Core.job - C:\Users\Michal\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c
C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-3709121103-697001368-1351868520-1000UA.job - C:\Users\Michal\AppData\Local\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3709121103-697001368-1351868520-1000Core.job - C:\Users\Michal\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3709121103-697001368-1351868520-1000UA.job - C:\Users\Michal\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\HPCeeScheduleForMichal.job - C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForMichal (null)

=========Mozilla firefox=========

ProfilePath - C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\5j1q229b.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "https://www.google.cz/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 18.0.0.203 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_203.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.40.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.40.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.0]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 18.0.0.203 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_203.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.72.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.72.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll


C:\Program Files (x86)\Mozilla Firefox\plugins\
np-mswmp.dll
nppdf32.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\5j1q229b.default\extensions\
jid1-4P0kohSJxU1qGg@jetpack
{5384767E-00D9-40E9-B72F-9CC39D655D6F}
{dd3d7613-0246-469d-bc65-2a3cc1668adc}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2014-11-14 553896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-01 662672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-11-14 211880]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-20 460712]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-01 565304]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-20 172968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HPPowerAssistant"=C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe [2012-03-14 15232]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2014-11-14 171504]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2014-11-14 399856]
"Persistence"=C:\Windows\system32\igfxpers.exe [2014-11-14 442352]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2014-11-14 1703424]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Octoshape Streaming Services"=C:\Users\Michal\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [2011-03-24 107800]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2014-03-04 3696912]
"Dropbox Update"=C:\Users\Michal\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19 134512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21 959176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe [2012-09-29 7173632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2014-03-04 3696912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeAC]
C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe [2011-11-22 1327440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPConnectionManager]
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [2012-06-12 184736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NCPluginUpdater]
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [2015-06-30 21304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QLBController]
C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [2012-03-14 319360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-03-09 2887440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]
C:\Program Files\IDT\WDM\sttray64.exe [2014-11-14 1703424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files (x86)\Winamp\winampa.exe [2011-12-09 74752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe [2012-02-01 1380128]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe [2012-03-01 56088]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21 959176]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2015-07-02 5515496]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-03-07 335232]
"Cisco AnyConnect Secure Mobility Agent for Windows"=C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [2015-02-19 708496]

C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\Michal\AppData\Roaming\Dropbox\bin\Dropbox.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2014-11-14 441856]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=DPPassFilter
scecli
C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2015-07-14 13:24:44 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-13 14:42:27 ----D---- C:\Users\Michal\AppData\Roaming\LibreOffice
2015-07-13 14:36:18 ----D---- C:\Program Files (x86)\LibreOffice 4
2015-07-07 12:55:53 ----D---- C:\Users\Michal\AppData\Roaming\DonationCoder
2015-07-07 12:55:53 ----A---- C:\Windows\SYSWOW64\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2015-07-07 12:55:46 ----D---- C:\ProgramData\DonationCoder
2015-07-07 12:55:46 ----D---- C:\Program Files (x86)\ScreenshotCaptor
2015-07-07 12:46:40 ----A---- C:\Users\Michal\AppData\Roaming\CamShapes.ini
2015-07-07 12:46:40 ----A---- C:\Users\Michal\AppData\Roaming\CamLayout.ini
2015-07-07 12:46:40 ----A---- C:\Users\Michal\AppData\Roaming\Camdata.ini
2015-07-07 12:40:04 ----D---- C:\Users\Michal\AppData\Roaming\OBS
2015-07-07 12:39:56 ----D---- C:\Program Files\OBS
2015-07-07 12:39:55 ----D---- C:\Program Files (x86)\OBS
2015-07-07 10:27:09 ----D---- C:\Program Files\CamStudio 2.7
2015-07-07 10:25:56 ----D---- C:\Users\Michal\AppData\Roaming\Nico Mak Computing
2015-07-04 22:26:19 ----D---- C:\Program Files (x86)\SopCast
2015-07-01 18:01:25 ----A---- C:\Windows\system32\aswBoot.exe
2015-07-01 18:01:12 ----A---- C:\Windows\avastSS.scr
2015-06-28 18:57:37 ----SHD---- C:\found.000
2015-06-24 07:02:52 ----A---- C:\Windows\SYSWOW64\vccorlib110.dll
2015-06-24 07:02:52 ----A---- C:\Windows\SYSWOW64\msvcr110.dll
2015-06-24 07:02:52 ----A---- C:\Windows\SYSWOW64\msvcp110.dll
2015-06-19 11:12:02 ----D---- C:\ProgramData\Dropbox

======List of files/folders modified in the last 1 month======

2015-07-15 10:07:47 ----D---- C:\Windows\Temp
2015-07-15 10:07:47 ----D---- C:\Program Files\trend micro
2015-07-15 10:07:01 ----D---- C:\Windows\system32\drivers
2015-07-15 10:06:37 ----D---- C:\Users\Michal\AppData\Roaming\uTorrent
2015-07-14 23:34:42 ----D---- C:\Users\Michal\AppData\Roaming\Skype
2015-07-14 20:25:55 ----D---- C:\Windows\system32\config
2015-07-14 20:11:47 ----D---- C:\Users\Michal\AppData\Roaming\Dropbox
2015-07-14 20:05:34 ----D---- C:\Windows\system32\Tasks
2015-07-14 13:24:44 ----RD---- C:\Program Files (x86)
2015-07-14 13:24:44 ----D---- C:\ProgramData\Malwarebytes
2015-07-14 13:14:36 ----D---- C:\AdwCleaner
2015-07-14 13:14:17 ----D---- C:\Windows\Tasks
2015-07-14 13:14:15 ----D---- C:\Windows\system32\log
2015-07-14 13:14:15 ----D---- C:\Windows\System32
2015-07-14 13:13:32 ----D---- C:\Program Files
2015-07-14 13:13:27 ----HD---- C:\ProgramData
2015-07-14 08:47:47 ----SHD---- C:\System Volume Information
2015-07-13 17:00:48 ----D---- C:\Windows\Microsoft.NET
2015-07-13 17:00:47 ----RSD---- C:\Windows\assembly
2015-07-13 14:39:19 ----D---- C:\Windows\winsxs
2015-07-13 14:39:14 ----SHD---- C:\Windows\Installer
2015-07-13 14:39:14 ----SHD---- C:\Config.Msi
2015-07-13 14:38:31 ----D---- C:\Windows\SysWOW64
2015-07-13 14:37:28 ----RSD---- C:\Windows\Fonts
2015-07-13 14:26:00 ----SD---- C:\Users\Michal\AppData\Roaming\Microsoft
2015-07-13 14:23:50 ----D---- C:\Windows\SYSWOW64\drivers
2015-07-13 14:23:43 ----D---- C:\Windows
2015-07-13 14:22:32 ----D---- C:\Windows\Prefetch
2015-07-13 14:12:57 ----D---- C:\ProgramData\Microsoft Help
2015-07-13 14:11:51 ----SD---- C:\ProgramData\Microsoft
2015-07-13 14:11:51 ----D---- C:\Program Files\Microsoft Office
2015-07-13 14:11:51 ----D---- C:\Program Files\Common Files\Microsoft Shared
2015-07-13 14:11:51 ----D---- C:\Program Files (x86)\Microsoft.NET
2015-07-13 14:10:10 ----D---- C:\Windows\ShellNew
2015-07-13 14:10:07 ----D---- C:\Program Files (x86)\MSBuild
2015-07-13 14:10:03 ----D---- C:\Program Files\Common Files
2015-07-13 14:07:31 ----D---- C:\Program Files\Common Files\System
2015-07-13 14:07:29 ----A---- C:\Windows\win.ini
2015-07-13 13:58:17 ----D---- C:\Program Files (x86)\Pinnacle
2015-07-13 13:57:17 ----D---- C:\Program Files (x86)\Common Files
2015-07-09 17:47:12 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-07-08 20:41:45 ----D---- C:\Users\Michal\AppData\Roaming\Audacity
2015-07-04 22:04:23 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-04 22:04:23 ----D---- C:\Program Files (x86)\Mozilla Firefox
2015-06-30 18:34:54 ----D---- C:\Windows\system32\drivers\etc
2015-06-29 23:24:04 ----D---- C:\ProgramData\Skype
2015-06-23 13:30:20 ----N---- C:\Windows\system32\MpSigStub.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2015-07-01 65736]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2015-07-01 272248]
R0 hpdskflt;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2014-11-14 31040]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iaStor.sys [2012-02-02 568600]
R0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2012-03-27 19224]
R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [2012-03-08 58000]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2015-07-01 93528]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2015-07-01 1047320]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2015-07-02 442264]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2015-03-03 283064]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver; \??\C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [2015-01-01 26528]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2015-07-01 29168]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2015-07-01 89944]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2015-07-01 137288]
R3 Accelerometer;HP Mobile Data Protection Sensor; C:\Windows\system32\DRIVERS\Accelerometer.sys [2014-11-14 43328]
R3 AMPPAL;Virtuální adaptér Intel® Centrino® Wireless Bluetooth® + High Speed; C:\Windows\system32\DRIVERS\AMPPAL.sys [2012-01-09 195584]
R3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver; C:\Windows\system32\DRIVERS\ArcSoftVCapture.sys [2012-02-03 42816]
R3 BCM42RLY;BCM42RLY; C:\Windows\system32\drivers\BCM42RLY.sys [2012-09-29 22592]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl664.sys [2014-11-14 4749008]
R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C; C:\Windows\system32\DRIVERS\e1c62x64.sys [2014-05-02 495376]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2011-07-18 25912]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2014-11-14 5343584]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2014-11-14 454416]
R3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hub.sys [2012-03-27 356632]
R3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2014-11-14 792560]
R3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2014-11-14 176880]
R3 johci;JMicron 1394 Filter Driver; C:\Windows\system32\DRIVERS\johci.sys [2014-11-14 26208]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys []
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [2015-02-12 129312]
R3 SPUVCbv;SPUVCb Driver Service; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [2014-11-14 1522976]
R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10322; C:\Windows\system32\DRIVERS\stwrt64.sys [2014-11-14 551936]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2012-03-09 425232]
R3 TotRec8;Total Recorder WDM audio filter driver; \??\C:\Windows\system32\drivers\TotRec8.sys [2014-04-30 126152]
R3 TPM;Čip TPM; C:\Windows\system32\drivers\tpm.sys [2009-07-14 38400]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\drivers\usbfilter.sys [2011-12-13 56448]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S1 chtqeqec;chtqeqec; \??\C:\Windows\system32\drivers\chtqeqec.sys []
S3 acsock;acsock; C:\Windows\system32\DRIVERS\acsock64.sys [2015-02-19 112496]
S3 amdhub30;AMD USB 3.0 Hub Driver; C:\Windows\system32\drivers\amdhub30.sys [2012-01-04 103552]
S3 amdxhc;AMD USB 3.0 Host Controller Driver; C:\Windows\system32\drivers\amdxhc.sys [2012-01-04 220288]
S3 AMPPALP;Protokol Intel® Centrino® Wireless Bluetooth® + High Speed; C:\Windows\system32\DRIVERS\amppal.sys [2012-01-09 195584]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter; C:\Windows\system32\drivers\bcbtums.sys [2014-11-14 172760]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 btwampfl;btwampfl Bluetooth filter driver; \??\C:\Windows\system32\drivers\btwampfl.sys [2012-02-02 615976]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2012-02-02 184360]
S3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\DRIVERS\btwavdt.sys [2012-02-02 211496]
S3 BTWDPAN;Bluetooth Personal Area Network; C:\Windows\system32\DRIVERS\btwdpan.sys [2012-02-02 89640]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2012-02-02 39976]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2012-02-02 21544]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2014-01-22 108800]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 esgiguard;esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys []
S3 EsgScanner;EsgScanner; C:\Windows\system32\DRIVERS\EsgScanner.sys []
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\Windows\system32\drivers\nusb3hub.sys [2010-07-27 78848]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\drivers\nusb3xhc.sys [2010-07-27 180224]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2010-11-21 109056]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2014-01-22 206080]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 tap0901;TAP-Windows Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2013-08-22 40664]
S3 taphss6;Anchorfree HSS VPN Adapter; C:\Windows\system32\DRIVERS\taphss6.sys [2014-05-17 42184]
S3 tapse01;SurfEasy TAP-Windows Adapter V9; C:\Windows\system32\DRIVERS\tapse01.sys [2014-12-02 39096]
S3 tap-tb-0901;TunnelBear Adapter V9; C:\Windows\system32\DRIVERS\tap-tb-0901.sys [2014-08-12 38656]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2013-02-12 19968]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 vpnva;Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64; C:\Windows\system32\DRIVERS\vpnva64-6.sys [2015-02-19 52592]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-09-04 64704]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service; C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-01-09 659968]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-07-01 343336]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service; C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-01-17 135952]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2012-02-01 945440]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DpHost;@C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [2012-03-27 493904]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2012-02-26 626960]
R2 HP Power Assistant Service;HP Power Assistant Service; C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2012-03-14 152992]
R2 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2015-05-19 99128]
R2 hpHotkeyMonitor;hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [2012-03-14 365440]
R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2014-11-14 33600]
R2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-03-01 13592]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-03-07 629984]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe [2014-09-23 261896]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2014-04-03 154584]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2014-04-03 398296]
R2 postgresql-8.4;postgresql-8.4 - PostgreSQL Server 8.4; C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files (x86)/PostgreSQL/8.4/data -w []
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2012-02-26 148752]
R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10122; C:\Program Files\IDT\WDM\STacSV64.exe [2014-11-14 340480]
R2 uArcCapture;ArcCapture; C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe [2012-02-03 498352]
R2 vcsFPService;Validity VCS Fingerprint Service; C:\Windows\system32\vcsFPService.exe [2012-03-20 2694224]
R2 vpnagent;Cisco AnyConnect Secure Mobility Agent; C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2015-02-19 562576]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2013-05-13 1129760]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-12 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-19 116648]
S2 RdnaoFlSvc;RdnaoFlSvc; C:\Program Files (x86)\rnamfler\naofsvc.exe []
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-02-18 315488]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-09 268976]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2014-11-14 277488]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-19 116648]
S3 hpCMSrv;HP Connection Manager 4 Service; C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2012-06-12 1421728]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-07-01 148136]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-02-26 273168]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 PdiService;Portrait Displays SDK Service; C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2012-03-09 117552]

-----------------EOF-----------------

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015
Ran by Michal (administrator) on MICHAL-PC on 15-07-2015 10:21:07
Running from C:\Users\Michal\Desktop
Loaded Profiles: Michal & postgres & (Available Profiles: Michal & postgres)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\BCMWLTRY.EXE
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(ArcSoft, Inc.) C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Octoshape ApS) C:\Users\Michal\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Users\Michal\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSDKHelperx64.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(DonationCoder) C:\Program Files (x86)\ScreenshotCaptor\ScreenshotCaptor.exe
(BitTorrent, Inc.) C:\Program Files (x86)\uTorrent\uTorrent.exe
(Hola Networks Ltd.) C:\Users\Michal\AppData\Local\Hola\firefox\app\hola_plugin.exe
(The Document Foundation) C:\Program Files (x86)\LibreOffice 4\program\swriter.exe
(The Document Foundation) C:\Program Files (x86)\LibreOffice 4\program\soffice.exe
(The Document Foundation) C:\Program Files (x86)\LibreOffice 4\program\soffice.bin
(Piriform Ltd) C:\Program Files (x86)\CCleaner\CCleaner64.exe
(forum.viry.cz) C:\Users\Michal\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [3488640 2012-03-14] (Hewlett-Packard Company)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2014-11-14] (IDT, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-03-01] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-07-02] (Avast Software s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-03-07] (Oracle Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [708496 2015-02-19] (Cisco Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3709121103-697001368-1351868520-1000\...\Run: [Octoshape Streaming Services] => C:\Users\Michal\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [107800 2011-03-24] (Octoshape ApS)
HKU\S-1-5-21-3709121103-697001368-1351868520-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3709121103-697001368-1351868520-1000\...\Run: [Dropbox Update] => C:\Users\Michal\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-19] (Dropbox, Inc.)
HKU\S-1-5-21-3709121103-697001368-1351868520-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3709121103-697001368-1351868520-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3709121103-697001368-1351868520-1000\...\MountPoints2: G - G:\_AUTORUN\AUTORUN.EXE
HKU\S-1-5-21-3709121103-697001368-1351868520-1000\...\MountPoints2: {6e67a960-e9a3-11e2-a9b0-a0b3cc26c927} - I:\SETUP.EXE
HKU\S-1-5-21-3709121103-697001368-1351868520-1000\...\MountPoints2: {8b0301a5-82cc-11e3-b5da-e006e6af0fab} - G:\_AUTORUN\AUTORUN.EXE
HKU\S-1-5-21-3709121103-697001368-1351868520-1000\...\MountPoints2: {cf8614ec-8daf-11e2-8ec9-a0b3cc26c927} - G:\SETUP.EXE
HKU\S-1-5-21-3709121103-697001368-1351868520-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Octoshape Streaming Services] => C:\Users\Michal\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [107800 2011-03-24] (Octoshape ApS)
HKU\S-1-5-21-3709121103-697001368-1351868520-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3709121103-697001368-1351868520-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Dropbox Update] => C:\Users\Michal\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-19] (Dropbox, Inc.)
HKU\S-1-5-21-3709121103-697001368-1351868520-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3709121103-697001368-1351868520-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3709121103-697001368-1351868520-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: G - G:\_AUTORUN\AUTORUN.EXE
HKU\S-1-5-21-3709121103-697001368-1351868520-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {6e67a960-e9a3-11e2-a9b0-a0b3cc26c927} - I:\SETUP.EXE
HKU\S-1-5-21-3709121103-697001368-1351868520-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {8b0301a5-82cc-11e3-b5da-e006e6af0fab} - G:\_AUTORUN\AUTORUN.EXE
HKU\S-1-5-21-3709121103-697001368-1351868520-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {cf8614ec-8daf-11e2-8ec9-a0b3cc26c927} - G:\SETUP.EXE
Lsa: [Notification Packages] DPPassFilter scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-04-16]
ShortcutTarget: Dropbox.lnk -> C:\Users\Michal\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michal\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michal\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michal\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michal\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michal\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michal\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michal\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michal\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-01] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michal\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michal\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michal\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michal\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michal\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michal\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michal\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michal\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michal\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michal\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michal\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michal\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michal\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michal\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michal\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michal\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
GroupPolicyScripts: Group Policy detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3709121103-697001368-1351868520-1004 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL =
SearchScopes: HKU\S-1-5-21-3709121103-697001368-1351868520-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-11-14] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-01] (Avast Software s.r.o.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-11-14] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-20] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-01] (Avast Software s.r.o.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-20] (Oracle Corporation)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Hosts: 137.56.127.10 vpn.uvt.nl ###Cisco AnyConnect VPN client modified this file. Please do not modify contents until this comment is removed.
Tcpip\..\Interfaces\{350719A6-CA5E-4B1C-B313-121017B2C3C7}: [NameServer] 10.128.120.81
Tcpip\..\Interfaces\{9FD75074-C9C3-414D-A68C-4F6CE983914B}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{D03125B1-40A3-4A5A-A573-151818EB3434}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{E2B58660-7516-4BFD-B1B9-9C79A6DFCCAD}: [DhcpNameServer] 192.168.42.129
StartMenuInternet: IEXPLORE.EXE -

FireFox:
========
FF ProfilePath: C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\5j1q229b.default
FF Homepage: https://www.google.cz/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_203.dll [2015-07-09] ()
FF Plugin: @java.com/DTPlugin,version=10.72.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-11-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.72.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-11-14] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_203.dll [2015-07-09] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-04-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-04-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-04-03] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-20] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-09-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-09-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3709121103-697001368-1351868520-1000: @acestream.net/acestreamplugin,version=2.1.5 -> C:\Users\Michal\AppData\Roaming\ACEStream\player\npace_plugin.dll [2014-10-01] (Innovative Digital Technologies)
FF Plugin HKU\S-1-5-21-3709121103-697001368-1351868520-1000: @acestream.net/acestreamplugin,version=3.0.2 -> C:\Users\Michal\AppData\Roaming\ACEStream\player\npace_plugin.dll [2014-10-01] (Innovative Digital Technologies)
FF Plugin HKU\S-1-5-21-3709121103-697001368-1351868520-1000: @hola.org/vlc,version=1.8.649 -> C:\Users\Michal\AppData\Local\Hola\firefox\app\vlc [2015-07-14] ()
FF Plugin HKU\S-1-5-21-3709121103-697001368-1351868520-1000: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\Michal\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1312180-0-npoctoshape.dll [2013-12-18] (Octoshape ApS)
FF Plugin HKU\S-1-5-21-3709121103-697001368-1351868520-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Michal\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-3709121103-697001368-1351868520-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Michal\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-3709121103-697001368-1351868520-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @acestream.net/acestreamplugin,version=2.1.5 -> C:\Users\Michal\AppData\Roaming\ACEStream\player\npace_plugin.dll [2014-10-01] (Innovative Digital Technologies)
FF Plugin HKU\S-1-5-21-3709121103-697001368-1351868520-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @acestream.net/acestreamplugin,version=3.0.2 -> C:\Users\Michal\AppData\Roaming\ACEStream\player\npace_plugin.dll [2014-10-01] (Innovative Digital Technologies)
FF Plugin HKU\S-1-5-21-3709121103-697001368-1351868520-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @hola.org/vlc,version=1.8.649 -> C:\Users\Michal\AppData\Local\Hola\firefox\app\vlc [2015-07-14] ()
FF Plugin HKU\S-1-5-21-3709121103-697001368-1351868520-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\Michal\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1312180-0-npoctoshape.dll [2013-12-18] (Octoshape ApS)
FF Plugin HKU\S-1-5-21-3709121103-697001368-1351868520-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\Michal\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-3709121103-697001368-1351868520-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\Michal\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-09-04] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Michal\AppData\Roaming\mozilla\plugins\npoctoshape.dll [2014-05-25] (Octoshape ApS)
FF Extension: Hola Better Internet - C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\5j1q229b.default\Extensions\jid1-4P0kohSJxU1qGg@jetpack [2015-05-28]
FF Extension: EPUBReader - C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\5j1q229b.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2015-06-01]
FF Extension: Block site - C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\5j1q229b.default\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2015-06-01]
FF Extension: Distill Web Monitor (formerly AlertBox) - C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\5j1q229b.default\Extensions\alertbox@ajitk.com.xpi [2014-05-02]
FF Extension: Adblock Plus - C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\5j1q229b.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-01]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-03-19]

Chrome:
=======
CHR Profile: C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avast Online Security) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-10-08]
CHR Extension: (Google Wallet) - C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-16]
CHR HKU\S-1-5-21-3709121103-697001368-1351868520-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Michal\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [Not Found]
CHR HKU\S-1-5-21-3709121103-697001368-1351868520-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Michal\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-01]
CHR HKLM-x32\...\Chrome\Extension: [ochbjojkpcmlfeagbaahkofepalngihg] - No Path Or update_url value
CHR HKLM-x32\...\Chrome\Extension: [pbigfkbippnoeffniighecdghnbnmced] - C:\Program Files (x86)\HomeTab\chrome\HomeTab.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-07-01] (Avast Software s.r.o.)
R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [493904 2012-03-27] (DigitalPersona, Inc.)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [365440 2012-03-14] (Hewlett-Packard Company)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-04-03] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-02-26] ()
R2 postgresql-8.4; C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe [66048 2011-01-28] (PostgreSQL Global Development Group) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [340480 2014-11-14] (IDT, Inc.) [File not signed]
R2 uArcCapture; C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe [498352 2012-02-03] (ArcSoft, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe [5858304 2012-09-29] (Broadcom Corporation) [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-02-26] (Intel® Corporation)
S2 RdnaoFlSvc; C:\Program Files (x86)\rnamfler\naofsvc.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [42816 2012-02-03] (ArcSoft, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-07-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-07-01] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-01] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-07-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-07-01] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-07-02] (Avast Software s.r.o.)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-07-01] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-07-01] ()
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [172760 2014-11-14] (Broadcom Corporation.)
S3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2012-02-02] (Broadcom Corporation.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2015-03-03] (Disc Soft Ltd)
S3 EsgScanner; C:\Windows\SysWOW64\DRIVERS\EsgScanner.sys [19984 2012-06-22] ()
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-01-01] (REALiX(tm))
R3 johci; C:\Windows\System32\DRIVERS\johci.sys [26208 2014-11-14] (JMicron Technology Corp.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2015-02-12] (Intel Corporation)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1522976 2014-11-14] (Sunplus)
S3 tap-tb-0901; C:\Windows\System32\DRIVERS\tap-tb-0901.sys [38656 2014-08-12] (The OpenVPN Project)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
S3 tapse01; C:\Windows\System32\DRIVERS\tapse01.sys [39096 2014-12-02] (The OpenVPN Project)
R3 TotRec8; C:\Windows\system32\drivers\TotRec8.sys [126152 2014-04-30] (High Criteria inc.)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2015-02-19] (Cisco Systems, Inc.)
S1 chtqeqec; \??\C:\Windows\system32\drivers\chtqeqec.sys [X]
S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X]
R3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-15 10:21 - 2015-07-15 10:23 - 00030862 _____ C:\Users\Michal\Desktop\FRST.txt
2015-07-15 10:20 - 2015-07-15 10:21 - 00000000 ____D C:\FRST
2015-07-15 10:17 - 2015-07-15 10:17 - 00112640 _____ (forum.viry.cz) C:\Users\Michal\Desktop\FRSTLauncher.exe
2015-07-15 10:06 - 2015-07-15 10:06 - 02133504 _____ (Farbar) C:\Users\Michal\Desktop\FRST64.exe
2015-07-15 00:13 - 2015-07-15 00:13 - 00001156 _____ C:\Users\Michal\Desktop\mal2.txt
2015-07-14 18:47 - 2015-07-14 19:23 - 00001557 _____ C:\Users\Michal\Desktop\sdčko.txt
2015-07-14 16:28 - 2015-07-14 16:28 - 00015146 _____ C:\Users\Michal\Desktop\mal.txt
2015-07-14 13:24 - 2015-07-15 10:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-14 13:19 - 2015-07-14 13:19 - 00000000 ____D C:\Users\Michal\AppData\Local\Hola
2015-07-14 13:06 - 2015-07-14 13:06 - 02248704 _____ C:\Users\Michal\Desktop\adwcleaner_4.208.exe
2015-07-14 13:05 - 2015-07-14 13:05 - 00000139 _____ C:\Users\Michal\Desktop\dulezite.txt
2015-07-14 13:04 - 2015-07-14 13:04 - 00000273 _____ C:\Users\Michal\Desktop\hmhgjhgjh.txt
2015-07-13 14:42 - 2015-07-13 14:42 - 00000000 ____D C:\Users\Michal\AppData\Roaming\LibreOffice
2015-07-13 14:38 - 2015-07-13 14:39 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.4
2015-07-13 14:36 - 2015-07-13 14:38 - 00000000 ____D C:\Program Files (x86)\LibreOffice 4
2015-07-13 14:27 - 2015-07-13 14:27 - 00000004 _____ C:\Users\Michal\Desktop\sdfsd.txt
2015-07-13 14:18 - 2015-07-13 14:18 - 00001337 _____ C:\Users\Michal\Desktop\nbmnbnmm.txt
2015-07-13 14:18 - 2015-07-13 14:18 - 00000125 _____ C:\Users\Michal\Desktop\mnbmbbn.txt
2015-07-13 08:04 - 2015-07-13 08:04 - 00000000 ____D C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-08 21:21 - 2015-07-14 13:05 - 00000000 ____D C:\Users\Michal\Desktop\byt
2015-07-07 12:55 - 2015-07-07 12:59 - 00000000 ____D C:\Program Files (x86)\ScreenshotCaptor
2015-07-07 12:55 - 2015-07-07 12:55 - 00000058 _____ C:\Windows\SysWOW64\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2015-07-07 12:55 - 2015-07-07 12:55 - 00000058 _____ C:\Users\Michal\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2015-07-07 12:55 - 2015-07-07 12:55 - 00000000 ____D C:\Users\Michal\Documents\DonationCoder
2015-07-07 12:55 - 2015-07-07 12:55 - 00000000 ____D C:\Users\Michal\AppData\Roaming\DonationCoder
2015-07-07 12:55 - 2015-07-07 12:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScreenshotCaptor
2015-07-07 12:55 - 2015-07-07 12:55 - 00000000 ____D C:\ProgramData\DonationCoder
2015-07-07 12:46 - 2015-07-07 12:46 - 00000408 _____ C:\Users\Michal\AppData\Roaming\CamShapes.ini
2015-07-07 12:46 - 2015-07-07 12:46 - 00000408 _____ C:\Users\Michal\AppData\Roaming\CamLayout.ini
2015-07-07 12:46 - 2015-07-07 12:46 - 00000046 _____ C:\Users\Michal\AppData\Roaming\Camdata.ini
2015-07-07 12:40 - 2015-07-07 12:41 - 00000000 ____D C:\Users\Michal\AppData\Roaming\OBS
2015-07-07 12:39 - 2015-07-13 13:53 - 00000000 ____D C:\Program Files\OBS
2015-07-07 12:39 - 2015-07-13 13:53 - 00000000 ____D C:\Program Files (x86)\OBS
2015-07-07 10:35 - 2015-07-07 12:46 - 00004510 _____ C:\Users\Michal\AppData\Roaming\CamStudio.cfg
2015-07-07 10:27 - 2015-07-13 13:48 - 00000000 ____D C:\Program Files\CamStudio 2.7
2015-07-07 10:25 - 2015-07-13 13:49 - 00000000 ____D C:\Users\Michal\AppData\Roaming\Nico Mak Computing
2015-07-06 15:35 - 2015-07-07 12:47 - 00000055 _____ C:\Users\Michal\Desktop\friday.txt
2015-07-04 22:26 - 2015-07-04 22:26 - 00000000 ____D C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SopCast
2015-07-04 22:26 - 2015-07-04 22:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SopCast
2015-07-04 22:26 - 2015-07-04 22:26 - 00000000 ____D C:\Program Files (x86)\SopCast
2015-07-03 16:40 - 2015-07-03 16:47 - 00000000 ____D C:\Users\Michal\Documents\Thesis Latex
2015-07-03 15:02 - 2015-07-03 15:02 - 00000000 ____D C:\Users\Michal\Documents\Thesis Latex – záloha
2015-07-02 21:19 - 2015-07-02 21:22 - 00000000 ____D C:\Users\Michal\Documents\Zkouška
2015-07-02 21:01 - 2015-07-02 21:01 - 00005140 _____ C:\Users\Michal\Documents\Thesis Bc.lnk
2015-07-02 20:53 - 2015-07-02 20:53 - 00000000 ____D C:\Users\Michal\AppData\Local\MiKTeX
2015-07-01 18:01 - 2015-07-01 18:01 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-07-01 18:01 - 2015-07-01 18:01 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-06-28 18:57 - 2015-06-28 18:57 - 00000000 __SHD C:\found.000
2015-06-27 18:13 - 2015-06-27 18:17 - 04271041 _____ C:\Users\Michal\Documents\data.xlsx
2015-06-24 07:02 - 2015-06-24 07:02 - 00875472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr110.dll
2015-06-24 07:02 - 2015-06-24 07:02 - 00535008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp110.dll
2015-06-24 07:02 - 2015-06-24 07:02 - 00252400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vccorlib110.dll
2015-06-19 11:12 - 2015-07-15 10:17 - 00000922 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3709121103-697001368-1351868520-1000UA.job
2015-06-19 11:12 - 2015-07-14 12:02 - 00000870 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3709121103-697001368-1351868520-1000Core.job
2015-06-19 11:12 - 2015-06-19 11:12 - 00003898 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3709121103-697001368-1351868520-1000UA
2015-06-19 11:12 - 2015-06-19 11:12 - 00003502 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3709121103-697001368-1351868520-1000Core
2015-06-19 11:12 - 2015-06-19 11:12 - 00000000 ____D C:\Users\Michal\AppData\Local\Dropbox
2015-06-19 11:12 - 2015-06-19 11:12 - 00000000 ____D C:\ProgramData\Dropbox
2015-06-15 23:45 - 2015-06-15 23:45 - 00000058 _____ C:\Users\Michal\Documents\gfghfghfh.txt
2015-06-15 23:19 - 2015-07-13 15:55 - 00000000 ____D C:\Users\Michal\Documents\Jazyky

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-15 10:21 - 2013-09-26 09:37 - 01049411 _____ C:\Windows\WindowsUpdate.log
2015-07-15 10:21 - 2013-04-05 14:20 - 00000000 ____D C:\Users\Michal\AppData\Roaming\uTorrent
2015-07-15 10:07 - 2013-05-21 13:25 - 00000000 ____D C:\Program Files\trend micro
2015-07-15 10:01 - 2014-11-14 21:43 - 00011718 _____ C:\Windows\SysWOW64\Gms.log
2015-07-15 10:01 - 2013-07-04 13:53 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-15 10:01 - 2013-06-12 19:47 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-15 00:34 - 2014-02-14 01:04 - 00000000 ____D C:\Users\Michal\Documents\bordel
2015-07-14 23:34 - 2014-06-09 19:14 - 00000000 ____D C:\Users\Michal\AppData\Roaming\Skype
2015-07-14 20:19 - 2009-07-14 06:45 - 00027568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-14 20:19 - 2009-07-14 06:45 - 00027568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-14 20:11 - 2012-10-14 20:51 - 00000000 ___RD C:\Users\Michal\Dropbox
2015-07-14 20:11 - 2012-10-14 20:48 - 00000000 ____D C:\Users\Michal\AppData\Roaming\Dropbox
2015-07-14 20:09 - 2014-07-10 03:28 - 00217394 _____ C:\Windows\PFRO.log
2015-07-14 20:09 - 2014-05-24 13:04 - 00031226 _____ C:\Windows\setupact.log
2015-07-14 20:09 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-14 13:24 - 2013-06-30 23:05 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-14 13:16 - 2009-07-14 06:45 - 00492152 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-14 13:14 - 2015-06-04 22:49 - 00000000 ____D C:\Windows\system32\log
2015-07-14 13:14 - 2013-11-09 01:10 - 00000000 ____D C:\AdwCleaner
2015-07-13 19:18 - 2012-10-01 20:13 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2015-07-13 15:55 - 2014-04-16 18:19 - 00130280 _____ C:\Users\Michal\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-13 14:12 - 2012-09-29 21:20 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-13 14:11 - 2014-08-24 10:36 - 00000000 ____D C:\Program Files\Microsoft Office
2015-07-13 14:11 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-07-13 14:10 - 2010-11-21 09:17 - 00000000 ____D C:\Windows\ShellNew
2015-07-13 14:10 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-07-13 14:07 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\System
2015-07-13 14:07 - 2009-07-14 04:34 - 00000450 _____ C:\Windows\win.ini
2015-07-13 13:58 - 2015-05-19 22:58 - 00000000 ____D C:\Program Files (x86)\Pinnacle
2015-07-13 08:01 - 2013-12-23 03:51 - 00003192 _____ C:\Windows\System32\Tasks\HPCeeScheduleForMichal
2015-07-13 08:01 - 2013-12-21 02:50 - 00000336 _____ C:\Windows\Tasks\HPCeeScheduleForMichal.job
2015-07-09 17:47 - 2012-09-29 16:05 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-09 17:47 - 2012-09-29 16:05 - 00003852 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-09 17:47 - 2012-09-29 16:04 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-08 21:14 - 2012-09-29 19:43 - 00000000 ____D C:\Users\Michal\Documents\Škola
2015-07-08 20:41 - 2015-02-12 19:05 - 00000000 ____D C:\Users\Michal\AppData\Roaming\Audacity
2015-07-04 22:26 - 2012-12-09 15:37 - 00000991 _____ C:\Users\postgres\Desktop\SopCast.lnk
2015-07-04 22:05 - 2013-03-19 19:09 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-07-04 22:04 - 2015-06-03 12:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-04 22:04 - 2012-09-29 16:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-03 16:45 - 2015-06-11 12:16 - 00000000 ____D C:\Users\Michal\Documents\Ecox
2015-07-03 11:14 - 2012-09-29 16:27 - 00001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-07-03 11:05 - 2014-04-18 19:58 - 00000000 ____D C:\Users\Michal\AppData\Local\Adobe
2015-07-02 02:01 - 2013-03-19 19:10 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswsp.sys
2015-07-01 18:01 - 2014-10-03 14:01 - 00137288 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-07-01 18:01 - 2014-10-03 14:01 - 00029168 _____ C:\Windows\system32\Drivers\aswHwid.sys
2015-07-01 18:01 - 2013-03-19 19:10 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-07-01 18:01 - 2013-03-19 19:09 - 00272248 _____ C:\Windows\system32\Drivers\aswVmm.sys
2015-07-01 18:01 - 2013-03-19 19:09 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-07-01 18:01 - 2013-03-19 19:09 - 00065736 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2015-07-01 18:00 - 2013-03-19 19:10 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-06-29 23:24 - 2012-12-12 23:04 - 00000000 ____D C:\ProgramData\Skype
2015-06-23 13:30 - 2010-11-21 05:27 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-06-20 12:49 - 2012-11-14 00:05 - 00000000 ____D C:\Users\postgres
2015-06-15 00:49 - 2015-06-03 17:00 - 00000000 ____D C:\Users\Michal\Documents\Thesis

==================== Files in the root of some directories =======

2012-11-14 00:06 - 2012-11-14 00:06 - 0069291 _____ () C:\Program Files (x86)\hminstalllog.txt
2015-07-07 12:46 - 2015-07-07 12:46 - 0000046 _____ () C:\Users\Michal\AppData\Roaming\Camdata.ini
2015-07-07 12:46 - 2015-07-07 12:46 - 0000408 _____ () C:\Users\Michal\AppData\Roaming\CamLayout.ini
2015-07-07 12:46 - 2015-07-07 12:46 - 0000408 _____ () C:\Users\Michal\AppData\Roaming\CamShapes.ini
2015-07-07 10:35 - 2015-07-07 12:46 - 0004510 _____ () C:\Users\Michal\AppData\Roaming\CamStudio.cfg
2002-08-29 19:33 - 2002-08-29 19:33 - 0319488 ____R () C:\Users\Michal\AppData\Roaming\MafiaSetup.exe
2015-05-06 12:33 - 2015-05-06 12:33 - 0004608 _____ () C:\Users\Michal\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-07-07 12:55 - 2015-07-07 12:55 - 0000058 _____ () C:\Users\Michal\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat

Some files in TEMP:
====================
C:\Users\Michal\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpio3o5q.dll
C:\Users\Michal\AppData\Local\Temp\Extract.exe
C:\Users\Michal\AppData\Local\Temp\guninst.exe
C:\Users\Michal\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.103.exe
C:\Users\Michal\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.143.exe
C:\Users\Michal\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.164.exe
C:\Users\Michal\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.183.exe
C:\Users\Michal\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.201.exe
C:\Users\Michal\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.204.exe
C:\Users\Michal\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.277.exe
C:\Users\Michal\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.308.exe
C:\Users\Michal\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.328.exe
C:\Users\Michal\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.369.exe
C:\Users\Michal\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.595.exe
C:\Users\Michal\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.649.exe
C:\Users\Michal\AppData\Local\Temp\Quarantine.exe
C:\Users\Michal\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3709121103-697001368-1351868520-1000Core.job => C:\Users\Michal\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3709121103-697001368-1351868520-1000UA.job => C:\Users\Michal\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3709121103-697001368-1351868520-1000Core.job => C:\Users\Michal\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3709121103-697001368-1351868520-1000UA.job => C:\Users\Michal\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForMichal.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Michal\Desktop" je 1668 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI
C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeAC
C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe -autorun [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPConnectionManager
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NCPluginUpdater
"C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QLBController
C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe /start [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh
%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp
C:\Program Files\IDT\WDM\sttray64.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent
"C:\Program Files (x86)\Winamp\winampa.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by Michal at 2015-07-15 10:23:49
Running from C:\Users\Michal\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3709121103-697001368-1351868520-500 - Administrator - Disabled)
Guest (S-1-5-21-3709121103-697001368-1351868520-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3709121103-697001368-1351868520-1008 - Limited - Enabled)
Michal (S-1-5-21-3709121103-697001368-1351868520-1000 - Administrator - Enabled) => C:\Users\Michal
postgres (S-1-5-21-3709121103-697001368-1351868520-1004 - Limited - Enabled) => C:\Users\postgres

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3709121103-697001368-1351868520-1000\...\uTorrent) (Version: 3.4.2.34024 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-3709121103-697001368-1351868520-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\uTorrent) (Version: 3.4.2.34024 - BitTorrent Inc.)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.191 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.203 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Anki (HKLM-x32\...\Anki) (Version: - )
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Webcam Sharing Manager (HKLM-x32\...\{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}) (Version: 2.0.0.38 - ArcSoft)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.2.2218 - AVAST Software)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: - Broadcom Corporation)
Broadcom Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.2300 - Broadcom Corporation)
Broadcom Wireless Utility (HKLM\...\Broadcom Wireless Utility) (Version: - Broadcom Corporation)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.66.1075 - AB Team, d.o.o.)
CCleaner (HKLM\...\CCleaner) (Version: 4.03 - Piriform)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.07021 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.07021 - Cisco Systems, Inc.) Hidden
CountAnything (HKLM-x32\...\CountAnything_is1) (Version: 2.1 - Ginstrom IT Solutions (GITS))
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Daum PotPlayer 1.5.28025 (HKLM-x32\...\PotPlayer) (Version: - )
Defraggler (HKLM\...\Defraggler) (Version: 2.13 - Piriform)
DjVuLibre+DjView (HKLM-x32\...\DjVuLibre+DjView) (Version: 3.5.25.3+4.9 - DjVuZone)
Dropbox (HKU\S-1-5-21-3709121103-697001368-1351868520-1000\...\Dropbox) (Version: 3.6.8 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-3709121103-697001368-1351868520-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dropbox) (Version: 3.6.8 - Dropbox, Inc.)
EAX Unified (HKLM-x32\...\EAX Unified) (Version: - )
Estelar PDF Security Removal (HKLM-x32\...\{F5E02016-3371-4958-985B-96F5A7A4691A}_is1) (Version: 4.2 - Estelar Software Inc.)
Free Alarm Clock 2.5.0 (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 2.5 - Comfort Software Group)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.)
Google Chrome (HKU\S-1-5-21-3709121103-697001368-1351868520-1000\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Chrome (HKU\S-1-5-21-3709121103-697001368-1351868520-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{5809F3E0-6638-46B4-A2FF-464131961117}) (Version: 5.0.9.0 - Hewlett-Packard Company)
HP Connection Manager (HKLM-x32\...\{AB4CC828-05EE-4A9B-9097-E0308C27ECCB}) (Version: 4.3.8.1 - Hewlett-Packard Company)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{6357258D-2BF9-49E7-A9EF-0C609D52C46D}) (Version: 2.0.6.1 - Hewlett-Packard Company)
HP HD Webcam Driver (HKLM-x32\...\Sunplus SPUVCb) (Version: 3.3.8.12 - SunplusIT)
HP Hotkey Support (HKLM-x32\...\{C97CC14E-4789-4FC5-BC75-79191F7CE009}) (Version: 4.5.9.1 - Hewlett-Packard Company)
HP Power Assistant (HKLM\...\{BBDDFD86-E8E5-42FA-85E4-373FAE1DC731}) (Version: 2.5.0.16 - Hewlett-Packard Company)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 7.0.1.1191 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{E7530589-81AA-40B4-8A7A-56B22DCF62EC}) (Version: 4.5.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP System Default Settings (HKLM-x32\...\{C4E9E8A4-EEC4-4F9E-B140-520A8B75F430}) (Version: 2.4.1.2 - Hewlett-Packard Company)
HP Webcam (HKLM-x32\...\{1D61E881-43CD-447B-9E6B-D2C6138B2862}) (Version: 1.0.27.17 - Roxio)
Chinese Simplified Fonts Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-2447-0000-A00000000003}) (Version: 10.0.0 - Adobe Systems Incorporated)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6392.0 - IDT)
Image Grabber II (HKLM-x32\...\Image Grabber II) (Version: - )
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.1.1000 - Intel Corporation)
Intel(R) Network Connections 19.5.300.2 (HKLM\...\PROSetDX) (Version: 19.5.300.2 - Intel)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{37EC048A-81A2-452A-8D1F-3BE2018E767D}) (Version: 15.1.0.0096 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
JabRef 2.9.2 (HKLM-x32\...\JabRef 2.9.2) (Version: 2.9.2 - JabRef Team)
Java 7 Update 72 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417072FF}) (Version: 7.0.720 - Oracle)
Java 7 Update 72 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217072FF}) (Version: 7.0.720 - Oracle)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
JMicron 1394 Filter Driver (HKLM-x32\...\{13C96625-28E4-4c58-ADE0-CDAFC64752EB}) (Version: 1.00.23.01 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.68.0 - JMicron Technology Corp.)
LibreOffice 4.4.4.3 (HKLM-x32\...\{5B6D82BB-CC1A-431E-8991-3E57855F99C5}) (Version: 4.4.4.3 - The Document Foundation)
LONGMAN Dictionary of Contemporary English (HKLM-x32\...\ldoce4v2) (Version: - )
Longman iBT (HKLM-x32\...\Longman iBT) (Version: - )
MediaInfo 0.7.69 (HKLM\...\MediaInfo) (Version: 0.7.69 - MediaArea.net)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Mozilla Firefox 39.0 (x86 cs) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 cs)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 39.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Octoshape Streaming Services (HKU\S-1-5-21-3709121103-697001368-1351868520-1000\...\Octoshape Streaming Services) (Version: - Octoshape ApS)
Octoshape Streaming Services (HKU\S-1-5-21-3709121103-697001368-1351868520-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Octoshape Streaming Services) (Version: - Octoshape ApS)
PostgreSQL 8.4 (HKLM-x32\...\PostgreSQL 8.4) (Version: 8.4 - PostgreSQL Global Development Group)
Screenshot Captor 4.8 (HKLM-x32\...\ScreenshotCaptor_is1) (Version: - )
SDK (x32 Version: 2.30.042 - Portrait Displays, Inc.) Hidden
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)
Slovník Verdict Free (HKU\S-1-5-21-3709121103-697001368-1351868520-1000\...\Verdict Free) (Version: - )
Slovník Verdict Free (HKU\S-1-5-21-3709121103-697001368-1351868520-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Verdict Free) (Version: - )
Software Intel® PROSet/Wireless WiFi (HKLM\...\{E2D0B67F-8032-4E11-87C6-C8C721D331B3}) (Version: 15.01.0500.0903 - Intel Corporation)
SopCast 3.9.6 (HKLM-x32\...\SopCast) (Version: 3.9.6 - www.sopcast.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.3.0 - Synaptics Incorporated)
Texmaker (HKLM-x32\...\Texmaker) (Version: - )
Total Recorder 8.5 Professional Edition (HKLM-x32\...\TotalRecorder) (Version: - )
Validity Fingerprint Sensor Driver (HKLM\...\{93581599-ECF1-4DCD-BE36-BD969A6C8DB5}) (Version: 4.4.213.0 - Validity Sensors, Inc.)
VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.623 - Nullsoft, Inc)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3709121103-697001368-1351868520-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Michal\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3709121103-697001368-1351868520-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Michal\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3709121103-697001368-1351868520-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michal\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3709121103-697001368-1351868520-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michal\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3709121103-697001368-1351868520-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michal\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3709121103-697001368-1351868520-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michal\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3709121103-697001368-1351868520-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michal\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3709121103-697001368-1351868520-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michal\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3709121103-697001368-1351868520-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michal\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3709121103-697001368-1351868520-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michal\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3709121103-697001368-1351868520-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Michal\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3709121103-697001368-1351868520-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Michal\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3709121103-697001368-1351868520-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michal\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3709121103-697001368-1351868520-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michal\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3709121103-697001368-1351868520-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michal\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3709121103-697001368-1351868520-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michal\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3709121103-697001368-1351868520-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michal\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3709121103-697001368-1351868520-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michal\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3709121103-697001368-1351868520-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michal\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3709121103-697001368-1351868520-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michal\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)

==================== Restore Points =========================

07-07-2015 10:13:38 Windows Update
10-07-2015 18:16:34 Windows Update
13-07-2015 13:50:29 Removed Video Edit Master
13-07-2015 13:53:29 Removed Pinnacle VideoSpin.
13-07-2015 14:03:26 Removed Microsoft Office Professional Plus 2010
13-07-2015 14:35:02 Installed LibreOffice 4.4.4.3
14-07-2015 08:47:08 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-06-01 21:05 - 2015-06-01 21:05 - 00000142 ____A C:\Windows\system32\Drivers\etc\hosts


137.56.127.10 vpn.uvt.nl ###Cisco AnyConnect VPN client modified this file. Please do not modify contents until this comment is removed.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {307AFD32-3693-4039-8F2B-664862C18D23} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-09] (Adobe Systems Incorporated)
Task: {3F86EF45-A10C-4C02-AD8C-E38215501B99} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-19] (Google Inc.)
Task: {41DC76B9-315F-489E-8B9F-AC7726AB01BF} - \ProtectedSearch\Protected Search No Task File <==== ATTENTION
Task: {5190EB90-9EBD-4FBC-9B42-1A2D5F93FDF8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
Task: {5599878B-E213-47A3-BCD7-879AD46FCD02} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3709121103-697001368-1351868520-1000Core => C:\Users\Michal\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {7F62EF4E-1D05-4CD6-AB17-E65D8FFA1533} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3709121103-697001368-1351868520-1000UA => C:\Users\Michal\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)
Task: {802105DE-53FD-4312-8D63-CA547339BBC2} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-01] (Avast Software s.r.o.)
Task: {866F6600-F425-45A8-B57E-F86DD029C836} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {8FA354C4-EB8E-48B5-9AA7-9FE37D82C25A} - System32\Tasks\{4D6EF59B-0E26-4A0D-96A4-7EF13082F3AF} => pcalua.exe -a C:\Users\Michal\Documents\Downloads\win64_153318.exe -d C:\Users\Michal\Documents\Downloads
Task: {96BBF11D-0C27-4776-B2BD-AB50A3B094DD} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3709121103-697001368-1351868520-1000Core => C:\Users\Michal\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)
Task: {A1C422B6-CBEA-4E7C-B51F-F8875B96800F} - \Browser Updater\Browser Updater No Task File <==== ATTENTION
Task: {CA008B78-8403-4953-9947-4BEFD666FC7B} - System32\Tasks\{153C5890-0CD9-44AD-99FD-CB4797657D91} => pcalua.exe -a "C:\Quake III Arena\Setup.exe" -d "C:\Quake III Arena"
Task: {D58B516D-516D-43B6-B587-10C0D595769B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-19] (Google Inc.)
Task: {D5A503DE-16F7-469B-9A4B-8DB235E5E686} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {E00A4FF3-57B5-4606-8EA5-895AA8AAD66B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {F083044A-E1CD-44CE-9CB4-B638219FA46D} - System32\Tasks\Driver Booster SkipUAC (Michal) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {F19C0C2E-1FFE-4423-8B28-858C3961BE2D} - System32\Tasks\avastBCLRestartS-1-5-21-3709121103-697001368-1351868520-1000 => Firefox.exe
Task: {FFA2D5DC-882E-4DBA-AA33-B3CC9184D74C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3709121103-697001368-1351868520-1000UA => C:\Users\Michal\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {FFD1AEA2-DD42-47CB-B602-3E1D8436E861} - System32\Tasks\HPCeeScheduleForMichal => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3709121103-697001368-1351868520-1000Core.job => C:\Users\Michal\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3709121103-697001368-1351868520-1000UA.job => C:\Users\Michal\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3709121103-697001368-1351868520-1000Core.job => C:\Users\Michal\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3709121103-697001368-1351868520-1000UA.job => C:\Users\Michal\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForMichal.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (Whitelisted) ==============

Vypnete trvale Windows Defender



Otevrete si poznamkovy blok a zkopirujte do nej tento skript Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev fixlist a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte FRST jako spravce, kliknete na napis Fix a program vykona prikazy.
Po restartu pc by se mel objevit novy log - s nazvem fixlog, ten mi sem zase zkopirujte.

Fix result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by Michal at 2015-07-15 12:49:54 Run:1
Running from C:\Users\Michal\Desktop
Loaded Profiles: Michal & postgres & (Available Profiles: Michal & postgres)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-03-07] (Oracle Corporation)
HKU\S-1-5-21-3709121103-697001368-1351868520-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3709121103-697001368-1351868520-1000\...\Run: [Dropbox Update] => C:\Users\Michal\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-19] (Dropbox, Inc.)
HKU\S-1-5-21-3709121103-697001368-1351868520-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3709121103-697001368-1351868520-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Dropbox Update] => C:\Users\Michal\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-19] (Dropbox, Inc.)
GroupPolicyScripts: Group Policy detected <======= ATTENTION

SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3709121103-697001368-1351868520-1004 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL =
SearchScopes: HKU\S-1-5-21-3709121103-697001368-1351868520-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL =
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File

FF Plugin HKU\S-1-5-21-3709121103-697001368-1351868520-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\Michal\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-3709121103-697001368-1351868520-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\Michal\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll No File
FF Extension: Block site - C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\5j1q229b.default\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2015-06-01]

CHR HKU\S-1-5-21-3709121103-697001368-1351868520-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Michal\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [Not Found]
CHR HKU\S-1-5-21-3709121103-697001368-1351868520-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Michal\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [ochbjojkpcmlfeagbaahkofepalngihg] - No Path Or update_url value
CHR HKLM-x32\...\Chrome\Extension: [pbigfkbippnoeffniighecdghnbnmced] - C:\Program Files (x86)\HomeTab\chrome\HomeTab.crx [Not Found]

S2 RdnaoFlSvc; C:\Program Files (x86)\rnamfler\naofsvc.exe [X]
S3 EsgScanner; C:\Windows\SysWOW64\DRIVERS\EsgScanner.sys [19984 2012-06-22] ()
S1 chtqeqec; \??\C:\Windows\system32\drivers\chtqeqec.sys [X]
S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X]
R3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-09-04 64704]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-19 116648]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-02-18 315488]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-09 268976]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-19 116648]

2015-07-14 13:24 - 2015-07-15 10:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-14 13:24 - 2013-06-30 23:05 - 00000000 ____D C:\ProgramData\Malwarebytes

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3709121103-697001368-1351868520-1000Core.job => C:\Users\Michal\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3709121103-697001368-1351868520-1000UA.job => C:\Users\Michal\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3709121103-697001368-1351868520-1000Core.job => C:\Users\Michal\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3709121103-697001368-1351868520-1000UA.job => C:\Users\Michal\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {41DC76B9-315F-489E-8B9F-AC7726AB01BF} - \ProtectedSearch\Protected Search No Task File <==== ATTENTION
Task: {A1C422B6-CBEA-4E7C-B51F-F8875B96800F} - \Browser Updater\Browser Updater No Task File <==== ATTENTION

REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeAC" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NCPluginUpdater" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent" /f

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
HKU\S-1-5-21-3709121103-697001368-1351868520-1000\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite => value removed successfully
HKU\S-1-5-21-3709121103-697001368-1351868520-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Dropbox Update => value removed successfully
HKU\S-1-5-21-3709121103-697001368-1351868520-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite => value removed successfully
HKU\S-1-5-21-3709121103-697001368-1351868520-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run\\Dropbox Update => value removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully.
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-3709121103-697001368-1351868520-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-21-3709121103-697001368-1351868520-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value removed successfully
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => key removed successfully
"HKU\S-1-5-21-3709121103-697001368-1351868520-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\MozillaPlugins\@tools.google.com/Google Update;version=3" => key removed successfully
C:\Users\Michal\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll not found.
"HKU\S-1-5-21-3709121103-697001368-1351868520-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\MozillaPlugins\@tools.google.com/Google Update;version=9" => key removed successfully
C:\Users\Michal\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll not found.
C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\5j1q229b.default\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} => moved successfully.
"HKU\S-1-5-21-3709121103-697001368-1351868520-1000\SOFTWARE\Google\Chrome\Extensions\apdfllckaahabafndbhieahigkjlhalf" => key removed successfully
"HKU\S-1-5-21-3709121103-697001368-1351868520-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\apdfllckaahabafndbhieahigkjlhalf" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ochbjojkpcmlfeagbaahkofepalngihg" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pbigfkbippnoeffniighecdghnbnmced" => key removed successfully
RdnaoFlSvc => Service removed successfully
EsgScanner => Service removed successfully
chtqeqec => Service removed successfully
esgiguard => Service removed successfully
MBAMSwissArmy => Service stopped successfully.
MBAMSwissArmy => Service removed successfully
AdobeARMservice => Service removed successfully
gupdate => Service removed successfully
SkypeUpdate => Service removed successfully
AdobeFlashPlayerUpdateSvc => Service removed successfully
gupdatem => Service removed successfully
C:\Program Files (x86)\Malwarebytes Anti-Malware => moved successfully.

"C:\ProgramData\Malwarebytes" folder move:

Could not move "C:\ProgramData\Malwarebytes" folder => Scheduled to move on reboot.

C:\Windows\Tasks\Adobe Flash Player Updater.job => moved successfully.
C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3709121103-697001368-1351868520-1000Core.job => moved successfully.
C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3709121103-697001368-1351868520-1000UA.job => moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3709121103-697001368-1351868520-1000Core.job => moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3709121103-697001368-1351868520-1000UA.job => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{41DC76B9-315F-489E-8B9F-AC7726AB01BF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{41DC76B9-315F-489E-8B9F-AC7726AB01BF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProtectedSearch\Protected Search" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A1C422B6-CBEA-4E7C-B51F-F8875B96800F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A1C422B6-CBEA-4E7C-B51F-F8875B96800F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Browser Updater\Browser Updater" => key removed successfully

========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM" /f =========

Operace byla dokonźena ŁspŘçnŘ.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite" /f =========

Operace byla dokonźena ŁspŘçnŘ.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeAC" /f =========

Operace byla dokonźena ŁspŘçnŘ.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NCPluginUpdater" /f =========

Operace byla dokonźena ŁspŘçnŘ.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent" /f =========

Operace byla dokonźena ŁspŘçnŘ.



========= End of Reg: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.
EmptyTemp: => 1.5 GB temporary data Removed.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-07-15 12:55:23)<=

C:\ProgramData\Malwarebytes => Is moved successfully

==== End of Fixlog 12:55:23 ====

JujuBrasil píše:***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Michal\Desktop" je 1668 MB.

Velikost plochy by nemela presahovat 200 - 300 MB! Brzdi to chod pc. Cili ji trosku uklidte a na plochu dejte jen zastupce. Jen pozor na obcasnou chybu, ze uzivatele maji na plose slozku, v ni dalsi a v ni dalsi a do te to schovaji. To je sice hezke, ale plochu to nezmensi, jen je to v jinem supliku




Vsechny tyto programy - vcetne pripadne instalace - spoustejte jako spravce (kliknete na ne pravym mysidlem a zvolte - Spustit jako spravce)

vyosek píše: DelFix https://toolslib.net/downloads/finish/2/

• Stahnete a spustte
• Ponechte zatrzitkou pouze u volby Remove disinfection tools
• Kliknete na Run

Stahnete Ccleaner http://www.filehippo.com/download_ccleaner a spustte.
Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!
(Pokud je v pc vice uzivatelskych uctu, pouzijte program i v nich)

Defragmentujte disk(y) (SSD Disky ne!)
Stahnete program Defraggler https://www.piriform.com/defraggler/download/standard
Pri instalaci opet pozor na toolbar a dalsi nesmysly.
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.




Pak napiste, jak to s pc vypada.

PC šlape v pořádku, děkuji.

Nemate zac!

Mejte se a treba zase nekdy