VIRY.CZ

Zdravím, prosím o kontrolu pc. Děkuji moc

Logfile of random's system information tool 1.10 (written by random/random)
Run by Marek at 2015-10-13 17:23:15
Microsoft Windows 8.1
System drive C: has 363 GB (39%) free of 934 GB
Total RAM: 7642 MB (75% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:23:16, on 13. 10. 2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal

Running processes:
C:\Users\Marek\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\Users\Marek\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\Marek\AppData\Local\Dropbox\Update\DropboxUpdate.exe
C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Marek.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=HPNTDFJS
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O4 - HKLM\..\Run: [BtTray] "C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe"
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe
O4 - HKLM\..\Run: [YouCam Service] "C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe" /s
O4 - HKLM\..\Run: [HPMessageService] C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [EPSON SX100 Series] C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIEDE.EXE /FU "C:\WINDOWS\TEMP\E_S1647.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Marek\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [sosopa] "C:\Users\Marek\Documents\Notes\sosopa.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Marek\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Dropbox Update] "C:\Users\Marek\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
O4 - HKCU\..\Run: [beja] wscript.exe //B "C:\Users\Marek\AppData\Local\Temp\beja.vbs"
O4 - Startup: beja.vbs
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: AdaptiveSleepService - Unknown owner - C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service: BlueSoleilCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BsHelpCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
O23 - Service: CyberLink PowerDVD 12 Media Server Monitor Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
O23 - Service: CyberLink PowerDVD 12 Media Server Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Freemake Improver - Freemake - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: @oem15.inf,%hpservice_desc%;HP Service (hpsrv) - Unknown owner - C:\WINDOWS\system32\Hpservice.exe (file missing)
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11865 bytes

======Listing Processes======





wininit.exe


winlogon.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
"dwm.exe"
C:\WINDOWS\system32\atiesrxx.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
atieclxx
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\Hpservice.exe
"C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /SRSPS
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
C:\WINDOWS\system32\svchost.exe -k apphost
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe"
C:\WINDOWS\System32\svchost.exe -k utcsvc
dashost.exe {87112b3e-71e9-4bc6-a4816faa12132fd4}
"C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE"
"C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE"
"C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe"
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe"
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
taskhostex.exe
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
C:\Windows\System32\skydrive.exe -Embedding
C:\WINDOWS\system32\wbem\wmiprvse.exe
"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
"C:\Users\Marek\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
"C:\Users\Marek\AppData\Local\Google\Update\GoogleUpdate.exe" /c
C:\WINDOWS\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Users\Marek\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
"C:\Windows\System32\wscript.exe" //B "C:\Users\Marek\AppData\Local\Temp\beja.vbs"
"C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow
"C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" /byrunkey
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\core-static\CCC.exe" 0
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"C:\WINDOWS\system32\GWX\GWX.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe"
"C:\Windows\System32\SettingSyncHost.exe" -Embedding
"C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --profile-directory="Profile 1"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="1428.0.1688447686\783752564" --supports-dual-gpus=false --gpu-driver-bug-workarounds=2,20,45 --gpu-vendor-id=0x1002 --gpu-device-id=0x9830 --gpu-driver-vendor="Advanced Micro Devices, Inc." --gpu-driver-version=13.251.9001.1001 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AffiliationBasedMatching/Enabled/AudioProcessing48kHzSupport/Default/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Default/ChromotingQUIC/Disabled/*ClientSideDetectionModel/Model0/*DomRel-Enable/enable/*EmbeddedSearch/Group7 pct:10g stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Enabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/*IntelligentSessionRestore/Disabled/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/Unused_2/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/*PluginPowerSaver/Enabled/*PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledNoId/RefreshTokenDeviceId/Enabled/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingSocialEngineeringStrings/Disabled/*SdchPersistence/Enabled/SessionRestoreBackgroundLoading/Restore/*SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=2 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --channel="1428.7.1787602858\25364838" --font-cache-shared-handle=3008 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AffiliationBasedMatching/Enabled/AudioProcessing48kHzSupport/Default/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Default/ChromotingQUIC/Disabled/*ClientSideDetectionModel/Model0/*DomRel-Enable/enable/*EmbeddedSearch/Group7 pct:10g stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Enabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/*IntelligentSessionRestore/Disabled/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/Unused_2/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/*PluginPowerSaver/Enabled/*PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledNoId/RefreshTokenDeviceId/Enabled/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingSocialEngineeringStrings/Disabled/*SdchPersistence/Enabled/SessionRestoreBackgroundLoading/Restore/*SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=2 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --channel="1428.12.1873327176\1365295520" --font-cache-shared-handle=2960 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AffiliationBasedMatching/Enabled/AudioProcessing48kHzSupport/Default/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Default/ChromotingQUIC/Disabled/*ClientSideDetectionModel/Model0/*DomRel-Enable/enable/*EmbeddedSearch/Group7 pct:10g stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Enabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/*IntelligentSessionRestore/Disabled/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/Unused_2/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/*PluginPowerSaver/Enabled/*PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledNoId/RefreshTokenDeviceId/Enabled/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingSocialEngineeringStrings/Disabled/*SdchPersistence/Enabled/SessionRestoreBackgroundLoading/Restore/*SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=2 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --channel="1428.15.606583370\1902923663" --font-cache-shared-handle=5648 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AffiliationBasedMatching/Enabled/AudioProcessing48kHzSupport/Default/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Default/ChromotingQUIC/Disabled/*ClientSideDetectionModel/Model0/*DomRel-Enable/enable/*EmbeddedSearch/Group7 pct:10g stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Enabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/*IntelligentSessionRestore/Disabled/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/Unused_2/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/*PluginPowerSaver/Enabled/*PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledNoId/RefreshTokenDeviceId/Enabled/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingSocialEngineeringStrings/Disabled/*SdchPersistence/Enabled/SessionRestoreBackgroundLoading/Restore/*SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=2 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --channel="1428.18.1463459791\1931999246" --font-cache-shared-handle=6624 /prefetch:673131151
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
"C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AffiliationBasedMatching/Enabled/AudioProcessing48kHzSupport/Default/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Default/ChromotingQUIC/Disabled/*ClientSideDetectionModel/Model0/*DomRel-Enable/enable/*EmbeddedSearch/Group7 pct:10g stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Enabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/*IntelligentSessionRestore/Disabled/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/Unused_2/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/*PluginPowerSaver/Enabled/*PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledNoId/RefreshTokenDeviceId/Enabled/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingSocialEngineeringStrings/Disabled/*SdchPersistence/Enabled/SessionRestoreBackgroundLoading/Restore/*SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_04/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=2 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --channel="1428.46.1387596005\273192362" --font-cache-shared-handle=4348 /prefetch:673131151
"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe8_ Global\UsGthrCtrlFltPipeMssGthrPipe8 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\WINDOWS\system32\SearchFilterHost.exe" 0 576 580 588 65536 584
"C:\Users\Marek\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\tasks\DropboxUpdateTaskUserS-1-5-21-3667591875-3836627966-1938915227-1002Core.job - C:\Users\Marek\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c
C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-3667591875-3836627966-1938915227-1002Core.job - C:\Users\Marek\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3667591875-3836627966-1938915227-1002Core.job - C:\Users\Marek\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3667591875-3836627966-1938915227-1002Core1d0791bc7afe311.job - C:\Users\Marek\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3667591875-3836627966-1938915227-1002Core1d08f36ff8454c7.job - C:\Users\Marek\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3667591875-3836627966-1938915227-1002Core1d0bf82c13d83bc.job - C:\Users\Marek\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3667591875-3836627966-1938915227-1002Core1d0e2f75b5b3dbf.job - C:\Users\Marek\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3667591875-3836627966-1938915227-1002Core1d0f0aa35a8cc3e.job - C:\Users\Marek\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\Synaptics TouchPad Enhancements.job - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\fp376ucg.default

prefs.js - "browser.startup.homepage" - "https://www.seznam.cz/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe� Flash� Player 19.0.0.185 Plugin
"Path"=C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe� Flash� Player 19.0.0.185 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2012-07-09 351136]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2013-06-18 7191768]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-06-05 2994928]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2012-11-05 108144]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EPSON SX100 Series"=C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIEDE.EXE [2008-02-05 221696]
"Facebook Update"=C:\Users\Marek\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-10-22 138096]
"sosopa"=C:\Users\Marek\Documents\Notes\sosopa.exe [2007-09-28 274432]
"Google Update"=C:\Users\Marek\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30 144200]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2015-02-27 5583120]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2015-05-08 8322328]
"Dropbox Update"=C:\Users\Marek\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-08-25 136048]
"beja"=wscript.exe //B C:\Users\Marek\AppData\Local\Temp\beja.vbs []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"BtTray"=C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [2013-05-14 387832]
"AccelerometerSysTrayApplet"=C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [2013-03-01 77088]
"YouCam Service"=C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2013-05-22 267224]
"HPMessageService"=C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [2013-05-03 1045304]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [2014-07-04 766688]

C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
beja.vbs

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"PromptOnSecureDesktop"=0
"SoftwareSASGeneration"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 2 months======

2015-10-13 17:16:52 ----D---- C:\rsit
2015-10-13 17:16:52 ----D---- C:\Program Files\trend micro
2015-10-09 18:21:45 ----SD---- C:\WINDOWS\SYSWOW64\Microsoft
2015-09-09 11:26:17 ----A---- C:\WINDOWS\system32\WUSettingsProvider.dll
2015-09-09 11:26:17 ----A---- C:\WINDOWS\system32\wucltux.dll
2015-09-09 11:26:17 ----A---- C:\WINDOWS\system32\wuaueng.dll
2015-09-09 11:26:17 ----A---- C:\WINDOWS\system32\wuauclt.exe
2015-09-09 11:26:16 ----A---- C:\WINDOWS\SYSWOW64\wuwebv.dll
2015-09-09 11:26:16 ----A---- C:\WINDOWS\SYSWOW64\wudriver.dll
2015-09-09 11:26:16 ----A---- C:\WINDOWS\SYSWOW64\wuapp.exe
2015-09-09 11:26:16 ----A---- C:\WINDOWS\SYSWOW64\wuapi.dll
2015-09-09 11:26:16 ----A---- C:\WINDOWS\system32\wuwebv.dll
2015-09-09 11:26:16 ----A---- C:\WINDOWS\system32\wudriver.dll
2015-09-09 11:26:16 ----A---- C:\WINDOWS\system32\wuapp.exe
2015-09-09 11:26:16 ----A---- C:\WINDOWS\system32\wuapi.dll
2015-09-09 11:25:32 ----A---- C:\WINDOWS\SYSWOW64\InkEd.dll
2015-09-09 11:25:32 ----A---- C:\WINDOWS\system32\InkEd.dll
2015-09-09 11:25:30 ----A---- C:\WINDOWS\system32\consent.exe
2015-09-09 11:25:29 ----A---- C:\WINDOWS\SYSWOW64\tdh.dll
2015-09-09 11:25:29 ----A---- C:\WINDOWS\system32\UtcResources.dll
2015-09-09 11:25:29 ----A---- C:\WINDOWS\system32\tdh.dll
2015-09-09 11:25:29 ----A---- C:\WINDOWS\system32\diagtrack.dll
2015-09-09 11:25:27 ----A---- C:\WINDOWS\SYSWOW64\msxml6.dll
2015-09-09 11:25:27 ----A---- C:\WINDOWS\system32\msxml6.dll
2015-09-09 11:25:27 ----A---- C:\WINDOWS\system32\msxml3.dll
2015-09-09 11:25:26 ----A---- C:\WINDOWS\SYSWOW64\msxml3.dll
2015-09-09 11:25:22 ----A---- C:\WINDOWS\system32\mshtml.dll
2015-09-09 11:25:20 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll
2015-09-09 11:25:17 ----A---- C:\WINDOWS\system32\ieframe.dll
2015-09-09 11:25:16 ----A---- C:\WINDOWS\SYSWOW64\ieframe.dll
2015-09-09 11:25:10 ----A---- C:\WINDOWS\system32\jscript9.dll
2015-09-09 11:24:55 ----A---- C:\WINDOWS\SYSWOW64\jscript9.dll
2015-09-09 11:24:54 ----A---- C:\WINDOWS\system32\iertutil.dll
2015-09-09 11:24:53 ----A---- C:\WINDOWS\SYSWOW64\wininet.dll
2015-09-09 11:24:53 ----A---- C:\WINDOWS\SYSWOW64\vbscript.dll
2015-09-09 11:24:53 ----A---- C:\WINDOWS\SYSWOW64\jscript.dll
2015-09-09 11:24:53 ----A---- C:\WINDOWS\SYSWOW64\iertutil.dll
2015-09-09 11:24:53 ----A---- C:\WINDOWS\system32\wininet.dll
2015-09-09 11:24:53 ----A---- C:\WINDOWS\system32\urlmon.dll
2015-09-09 11:24:53 ----A---- C:\WINDOWS\system32\jscript.dll
2015-09-09 11:24:53 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2015-09-09 11:24:53 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2015-09-09 11:24:52 ----A---- C:\WINDOWS\SYSWOW64\webcheck.dll
2015-09-09 11:24:52 ----A---- C:\WINDOWS\SYSWOW64\urlmon.dll
2015-09-09 11:24:52 ----A---- C:\WINDOWS\SYSWOW64\msfeeds.dll
2015-09-09 11:24:52 ----A---- C:\WINDOWS\SYSWOW64\iedkcs32.dll
2015-09-09 11:24:52 ----A---- C:\WINDOWS\system32\webcheck.dll
2015-09-09 11:24:52 ----A---- C:\WINDOWS\system32\vbscript.dll
2015-09-09 11:24:52 ----A---- C:\WINDOWS\system32\msfeeds.dll
2015-09-09 11:24:52 ----A---- C:\WINDOWS\system32\inetcomm.dll
2015-09-09 11:24:51 ----A---- C:\WINDOWS\SYSWOW64\inetcomm.dll
2015-09-09 11:24:51 ----A---- C:\WINDOWS\SYSWOW64\ieapfltr.dll
2015-09-09 11:24:51 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2015-09-09 11:24:39 ----A---- C:\WINDOWS\SYSWOW64\gdi32.dll
2015-09-09 11:24:39 ----A---- C:\WINDOWS\system32\SettingsHandlers.dll
2015-09-09 11:24:39 ----A---- C:\WINDOWS\system32\gdi32.dll
2015-09-09 11:24:38 ----A---- C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-09-09 11:24:37 ----A---- C:\WINDOWS\system32\SettingSync.dll
2015-09-09 11:24:37 ----A---- C:\WINDOWS\system32\authui.dll
2015-09-09 11:24:36 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Immersive.dll
2015-09-09 11:24:36 ----A---- C:\WINDOWS\SYSWOW64\SettingSync.dll
2015-09-09 11:24:36 ----A---- C:\WINDOWS\SYSWOW64\authui.dll
2015-09-09 11:24:35 ----A---- C:\WINDOWS\SYSWOW64\shacct.dll
2015-09-09 11:24:35 ----A---- C:\WINDOWS\SYSWOW64\atmlib.dll
2015-09-09 11:24:35 ----A---- C:\WINDOWS\SYSWOW64\atmfd.dll
2015-09-09 11:24:35 ----A---- C:\WINDOWS\system32\win32k.sys
2015-09-09 11:24:35 ----A---- C:\WINDOWS\system32\shacct.dll
2015-09-09 11:24:35 ----A---- C:\WINDOWS\system32\atmlib.dll
2015-09-09 11:24:35 ----A---- C:\WINDOWS\system32\atmfd.dll
2015-09-09 11:24:34 ----A---- C:\WINDOWS\SYSWOW64\taskeng.exe
2015-09-09 11:24:34 ----A---- C:\WINDOWS\SYSWOW64\schtasks.exe
2015-09-09 11:24:34 ----A---- C:\WINDOWS\system32\taskeng.exe
2015-09-09 11:24:34 ----A---- C:\WINDOWS\system32\schtasks.exe
2015-09-09 11:24:34 ----A---- C:\WINDOWS\system32\schedsvc.dll
2015-09-09 11:24:33 ----A---- C:\WINDOWS\system32\profsvc.dll
2015-09-09 11:24:33 ----A---- C:\WINDOWS\system32\drivers\bthpan.sys
2015-09-09 11:24:31 ----A---- C:\WINDOWS\system32\tzsync.exe
2015-09-09 11:24:30 ----A---- C:\WINDOWS\SYSWOW64\appidapi.dll
2015-09-09 11:24:30 ----A---- C:\WINDOWS\system32\appidsvc.dll
2015-09-09 11:24:30 ----A---- C:\WINDOWS\system32\appidapi.dll
2015-08-31 15:31:39 ----AS---- C:\WINDOWS\SYSWOW64\nircmdc.exe
2015-08-31 15:22:36 ----D---- C:\WINDOWS\AutoKMS
2015-08-25 16:58:27 ----D---- C:\ProgramData\Dropbox
2015-08-21 21:36:45 ----RD---- C:\Program Files (x86)\Skype
2015-08-21 21:30:56 ----D---- C:\Users\Marek\AppData\Roaming\WinRAR
2015-08-21 21:30:49 ----D---- C:\Program Files\WinRAR
2015-08-19 15:55:28 ----D---- C:\ProgramData\AVAST Software
2015-08-17 10:38:55 ----D---- C:\WINDOWS\SYSWOW64\ivtMobCache

======List of files/folders modified in the last 2 months======

2015-10-13 17:22:26 ----D---- C:\WINDOWS\Prefetch
2015-10-13 17:16:52 ----RD---- C:\Program Files
2015-10-13 17:00:03 ----D---- C:\WINDOWS\system32\sru
2015-10-13 16:52:18 ----D---- C:\WINDOWS\Temp
2015-10-13 16:18:34 ----D---- C:\WINDOWS\System32
2015-10-13 16:18:34 ----D---- C:\WINDOWS\Inf
2015-10-13 16:18:34 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-13 16:17:14 ----A---- C:\WINDOWS\SYSWOW64\LOCALSERVICE.INI
2015-10-13 16:17:07 ----A---- C:\WINDOWS\SYSWOW64\bscs.ini
2015-10-13 16:14:59 ----D---- C:\WINDOWS\system32\Tasks
2015-10-13 16:13:16 ----D---- C:\Windows
2015-10-13 16:13:15 ----D---- C:\WINDOWS\system32\drivers
2015-10-13 15:10:01 ----SHD---- C:\WINDOWS\Installer
2015-10-13 15:10:01 ----SHD---- C:\Config.Msi
2015-10-12 18:35:28 ----D---- C:\uTorrent
2015-10-12 04:59:29 ----D---- C:\Users\Marek\AppData\Roaming\vlc
2015-10-11 18:32:14 ----D---- C:\WINDOWS\Microsoft.NET
2015-10-11 14:42:11 ----D---- C:\Program Files (x86)\Steam
2015-10-10 21:29:38 ----D---- C:\Users\Marek\AppData\Roaming\Skype
2015-10-09 18:23:26 ----D---- C:\WINDOWS\system32\DriverStore
2015-10-09 18:21:45 ----D---- C:\WINDOWS\SysWOW64
2015-10-09 18:21:26 ----SHD---- C:\System Volume Information
2015-10-09 11:10:53 ----HD---- C:\ProgramData
2015-10-09 10:02:30 ----D---- C:\WINDOWS\system32\FxsTmp
2015-10-08 18:09:08 ----D---- C:\Program Files (x86)\Google
2015-10-07 10:43:06 ----D---- C:\WINDOWS\system32\config
2015-10-06 19:23:49 ----SD---- C:\WINDOWS\system32\GWX
2015-10-06 17:18:11 ----D---- C:\WINDOWS\CbsTemp
2015-10-06 17:18:10 ----D---- C:\WINDOWS\WinSxS
2015-10-06 17:18:07 ----SD---- C:\WINDOWS\SYSWOW64\GWX
2015-10-03 13:24:06 ----D---- C:\Users\Marek\AppData\Roaming\Dropbox
2015-09-24 17:36:34 ----D---- C:\WINDOWS\system32\catroot2
2015-09-19 13:05:16 ----D---- C:\WINDOWS\rescache
2015-09-16 20:05:02 ----D---- C:\WINDOWS\Tasks
2015-09-15 05:01:56 ----RD---- C:\Program Files (x86)
2015-09-15 03:18:38 ----A---- C:\WINDOWS\SYSWOW64\FlashPlayerApp.exe
2015-09-13 11:27:46 ----D---- C:\WINDOWS\SYSWOW64\inetsrv
2015-09-13 11:27:46 ----D---- C:\WINDOWS\system32\inetsrv
2015-09-13 11:27:45 ----D---- C:\WINDOWS\system32\cs-CZ
2015-09-13 11:27:44 ----D---- C:\Program Files\Windows Journal
2015-09-13 11:27:44 ----D---- C:\Program Files\Internet Explorer
2015-09-13 11:27:44 ----D---- C:\Program Files (x86)\Internet Explorer
2015-09-13 11:27:43 ----D---- C:\WINDOWS\PolicyDefinitions
2015-09-11 11:52:16 ----D---- C:\WINDOWS\AppReadiness
2015-09-09 18:11:26 ----RSD---- C:\WINDOWS\assembly
2015-09-09 12:02:55 ----D---- C:\ProgramData\Microsoft Help
2015-09-09 11:52:15 ----D---- C:\WINDOWS\system32\MRT
2015-09-09 11:31:48 ----D---- C:\WINDOWS\SYSWOW64\cs-CZ
2015-09-01 13:21:50 ----D---- C:\WINDOWS\system32\NDF
2015-08-31 15:32:39 ----A---- C:\WINDOWS\AutoKMS.ini
2015-08-31 15:21:59 ----D---- C:\ProgramData\Microsoft Toolkit
2015-08-27 19:25:32 ----DC---- C:\WINDOWS\Panther
2015-08-27 19:18:59 ----HD---- C:\$Windows.~BT
2015-08-26 18:37:02 ----A---- C:\WINDOWS\system32\MRT.exe
2015-08-21 21:36:53 ----D---- C:\ProgramData\Skype
2015-08-21 21:36:46 ----D---- C:\Program Files (x86)\Common Files
2015-08-21 21:35:00 ----D---- C:\totalcmd
2015-08-17 10:38:09 ----A---- C:\WINDOWS\SYSWOW64\LOCALDEVICE.INI
2015-08-16 17:54:50 ----A---- C:\WINDOWS\SYSWOW64\REMOTEDEVICE.INI
2015-08-16 13:51:59 ----D---- C:\Program Files\Microsoft Silverlight
2015-08-16 13:51:58 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2015-08-16 13:49:49 ----D---- C:\WINDOWS\system32\drivers\cs-CZ
2015-08-16 13:49:47 ----D---- C:\Program Files\Windows Defender
2015-08-16 13:49:47 ----D---- C:\Program Files (x86)\Windows Defender
2015-08-15 17:53:39 ----D---- C:\ProgramData\YTD Video Downloader

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amdkmpfd;@oem25.inf,%AMDKMPFD_svcdesc%;AMD PCI Root Bus Lower Filter; C:\WINDOWS\System32\drivers\amdkmpfd.sys [2013-02-14 37472]
R0 hpdskflt;@oem15.inf,%service_desc%;HP Filter; C:\WINDOWS\system32\DRIVERS\hpdskflt.sys [2013-03-01 30520]
R1 CLVirtualDrive;CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [2013-03-05 91712]
R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\WINDOWS\system32\DRIVERS\vwififlt.sys [2014-04-30 71680]
R3 Accelerometer;@oem15.inf,%accelerometer_desc%;HP Mobile Data Protection Sensor; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [2013-03-01 43320]
R3 AmdAS4;@oem27.inf,%AmdAS4.SVCDESC%;AmdAS4 service; C:\WINDOWS\System32\drivers\AmdAS4.sys [2013-02-08 17504]
R3 amdkmdag;amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [2014-07-21 13209088]
R3 amdkmdap;amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [2014-07-21 626688]
R3 AtiHDAudioService;@oem23.inf,%ATIHdAudioDriver.SvcDesc%;AMD Function Driver for HD Audio Service; C:\WINDOWS\system32\drivers\AtihdW86.sys [2013-04-24 98744]
R3 BtAudioBusSrv;@oem10.inf,%SvcDesc%;Ralink Bluetooth Audio Bus Service; C:\WINDOWS\System32\Drivers\BtAudioBus.sys [2012-06-15 23136]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2014-10-29 81920]
R3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service; C:\WINDOWS\System32\Drivers\IvtUrbBtFlt.sys [2013-03-25 49584]
R3 clwvd;@oem16.inf,%clwvd.DeviceDesc%;CyberLink WebCam Virtual Driver; C:\WINDOWS\system32\DRIVERS\clwvd.sys [2013-03-05 41408]
R3 dtlitescsibus;@oem33.inf,%DTLITESCSIBUS.DeviceDesc%;DAEMON Tools Lite Virtual SCSI Bus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [2015-05-24 30352]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RTKVHD64.sys [2013-06-20 3454552]
R3 netr28x;@oem18.inf,%Generic.Service.DispName%;Ralink 802.11n Extensible Wireless Driver; C:\WINDOWS\system32\DRIVERS\netr28x.sys [2013-12-04 2505904]
R3 RSP2STOR;@oem3.inf,%Rts5229%;Realtek PCIE CardReader Driver - P2; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [2013-04-11 288840]
R3 rtbth;@oem17.inf,%General.Service.DispName%;RTBTH Bluetooth Device Driver; C:\WINDOWS\System32\drivers\rtbth.sys [2013-12-02 1204424]
R3 RTL8168;@oem5.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\WINDOWS\system32\DRIVERS\Rt630x64.sys [2013-04-10 801864]
R3 SynTP;@oem30.inf,%SynTP.SvcDesc%;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2013-06-05 533232]
R3 usbfilter;AMD USB Filter Driver; C:\WINDOWS\system32\DRIVERS\usbfilter.sys [2012-08-29 58536]
R3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2014-06-21 212736]
R3 vwifimp;@%SystemRoot%\System32\drivers\vwifimp.sys,-261; C:\WINDOWS\system32\DRIVERS\vwifimp.sys [2014-04-30 38912]
S0 amd_sata;amd_sata; C:\WINDOWS\System32\drivers\amd_sata.sys [2012-12-01 80552]
S0 amd_xata;amd_xata; C:\WINDOWS\System32\drivers\amd_xata.sys [2012-12-01 26280]
S3 androidusb;@oem53.inf,%SAMSUNG.Adb.SvcDesc%;SAMSUNG Android Composite ADB Interface Driver; C:\WINDOWS\System32\Drivers\ssadadb.sys [2013-05-02 38080]
S3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Služba Bluetooth Enumerator; C:\WINDOWS\System32\drivers\BthEnum.sys [2014-10-29 53248]
S3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service; C:\WINDOWS\System32\Drivers\BtL2caScoIf.sys [2013-04-26 54064]
S3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Ovladač úspory energie technologie Bluetooth; C:\WINDOWS\system32\DRIVERS\BthLEEnum.sys [2014-03-18 226304]
S3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\WINDOWS\System32\drivers\bthpan.sys [2015-07-10 118272]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2015-05-11 1201664]
S3 dg_ssudbus;@oem70.inf,%ssud.Service.DeviceDesc%;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudbus.sys [2014-01-22 108800]
S3 iaStorA;iaStorA; C:\WINDOWS\System32\drivers\iaStorA.sys [2013-04-30 677360]
S3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\System32\drivers\rfcomm.sys [2015-01-30 167424]
S3 RTL8192su;@net8192su64.inf,%RTL8192su.DeviceDesc.DispName%;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter; C:\WINDOWS\system32\DRIVERS\RTL8192su.sys [2013-06-18 694856]
S3 SmbDrv;SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [2013-06-05 29424]
S3 SmbDrvI;SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [2013-06-05 33008]
S3 ssadbus;@oem52.inf,%SAMSUNG.Service.Desc%;SAMSUNG Android USB Composite Device driver (WDM); C:\WINDOWS\System32\drivers\ssadbus.sys [2013-05-02 169288]
S3 ssadmdfl;@oem54.inf,%Samsung.Filter.Name%;SAMSUNG Android USB Modem (Filter); C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys [2013-05-02 21320]
S3 ssadmdm;@oem54.inf,%Samsung.Service.Name%;SAMSUNG Android USB Modem Drivers; C:\WINDOWS\system32\DRIVERS\ssadmdm.sys [2013-05-02 188232]
S3 ssadserd;@oem56.inf,%Samsung.Service.Name%;SAMSUNG Android USB Diagnostic Serial Port (WDM); C:\WINDOWS\system32\DRIVERS\ssadserd.sys [2013-05-02 158024]
S3 ssudmdm;@oem71.inf,%ssud.Service.Name%;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [2014-01-22 206080]
S3 usbscan;@sti.inf,%usbscan.SvcDesc%;Ovladač skeneru USB; C:\WINDOWS\System32\drivers\usbscan.sys [2014-10-29 44544]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdaptiveSleepService;AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [2013-04-16 103424]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-09-14 82128]
R2 AMD External Events Utility;AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [2014-07-21 239616]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-04-16 361984]
R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\WINDOWS\system32\svchost.exe [2014-10-29 38792]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
R2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [2013-06-26 77576]
R2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [2013-06-26 294664]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\WINDOWS\System32\svchost.exe [2014-10-29 38792]
R2 EPSON_EB_RPCV4_01;EPSON V5 Service4(01); C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE [2007-12-17 163840]
R2 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE [2007-01-11 126464]
R2 Freemake Improver;Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2013-03-01 101888]
R2 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2013-06-07 92160]
R2 hpsrv;@oem15.inf,%hpservice_desc%;HP Service; C:\WINDOWS\system32\Hpservice.exe [2013-03-01 43320]
R2 HPWMISVC;HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [2013-05-03 1039160]
R2 RtkAudioService;Realtek Audio Service; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2013-06-19 246488]
R3 BsHelpCS;BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [2013-05-14 145656]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [2013-06-07 1129760]
R3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S2 BlueSoleilCS;BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [2013-06-07 1630456]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29 144200]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-07-09 327296]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-21 269000]
S3 aspnet_state;@%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_rc.dll,-1; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-08-10 50784]
S3 BEService;BattlEye Service; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2015-07-21 1141248]
S3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [2015-02-27 1272592]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2014-10-20 1044816]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2013-08-03 43696]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29 144200]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-06-15 148080]
S3 NBService;NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-15 774144]
S3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [2007-03-12 271920]
S3 SolidWorks Licensing Service;SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [2014-10-20 79360]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2015-10-09 838224]
S3 w3logsvc;@%windir%\system32\inetsrv\iisres.dll,-30014; C:\WINDOWS\system32\svchost.exe [2014-10-29 38792]
S3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\WINDOWS\system32\svchost.exe [2014-10-29 38792]
S4 BthAvrcpTg;@bthaudhid.inf,%BthAvrcpTg_SvcDesc%;Bluetooth Audio/Video Remote Control HID; C:\WINDOWS\System32\drivers\BthAvrcpTg.sys [2013-08-22 36992]
S4 BthHFEnum;@bthhfenum.inf,%BthHFEnum.SVCDESC%;Bluetooth Hands-Free Audio and Call Control HID Enumerator; C:\WINDOWS\System32\drivers\bthhfenum.sys [2015-03-09 57856]
S4 bthhfhid;@bthaudhid.inf,%BthAudioHFHid.SVCDESC%;Bluetooth Hands-Free Call Control HID; C:\WINDOWS\System32\drivers\BthHFHid.sys [2013-08-22 30720]
S4 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\WINDOWS\System32\svchost.exe [2014-10-29 38792]

-----------------EOF-----------------

Krasny den Vam preju



Otestujte na virustotal.com C:\Users\Marek\Documents\Notes\sosopa.exe - pokud uz byl soubor otestovany, zvolte Reanalyse. Do pristiho prispevku dejte link (odkaz) s vysledky analyzy.


Soubor C:\Users\Marek\AppData\Local\Temp\beja.vbs prosim zazipujte a uploadnete na leteckaposta.cz/ulozto a odkaz pro jejich stazeni vlozte do pristi odpovedi, dekuji.


V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose).


Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )

• ukoncete vsechny programy
• kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
• kliknete na Scan, pote na Cleaning
• po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner[Cx].txt), jehoz obsah mi zkopirujte do pristi odpovedi

Tak jsem to snad zvládl dobře.

1.
sosopa.exe - jsem si vědom tohoto programu

2.
http://leteckaposta.cz/995762991

3.
# AdwCleaner v5.013 - Logfile created 14/10/2015 at 16:29:28
# Updated 09/10/2015 by Xplode
# Database : 2015-10-13.2 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Marek - MAREK
# Running from : C:\Users\Marek\Downloads\adwcleaner_5.013.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\GreenTree Applications
[-] Folder Deleted : C:\ProgramData\ytd video downloader
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
[-] Folder Deleted : C:\Users\Marek\AppData\Roaming\OpenCandy
[-] Folder Deleted : C:\Users\Marek\AppData\Roaming\RHEng
[-] Folder Deleted : C:\Users\Public\Documents\GreenTree Applications

***** [ Files ] *****

[-] File Deleted : C:\Users\Public\Desktop\YTD Video Downloader.lnk

***** [ DLLs ] *****


***** [ Shortcuts ] *****

[-] Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Start Now Technology.lnk

***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}

***** [ Web browsers ] *****


*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1336 bytes] ##########

Dejte log FRST.txt, prilozte i Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101

FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:14-10-2015 01
Ran by Marek (administrator) on MAREK (15-10-2015 18:11:43)
Running from C:\Users\Marek\Desktop
Loaded Profiles: Marek (Available Profiles: Marek)
Platform: Windows 8.1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Facebook Inc.) C:\Users\Marek\AppData\Local\Facebook\Update\FacebookUpdate.exe
(Google Inc.) C:\Users\Marek\AppData\Local\Google\Update\GoogleUpdate.exe
(Dropbox, Inc.) C:\Users\Marek\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\core-static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\core-static\CCC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7191768 2013-06-18] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2994928 2013-06-05] (Synaptics Incorporated)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [387832 2013-05-14] (IVT Corporation)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-03-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-05-22] (CyberLink Corp.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-05-03] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-3667591875-3836627966-1938915227-1002\...\Run: [EPSON SX100 Series] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIEDE.EXE [221696 2008-02-05] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3667591875-3836627966-1938915227-1002\...\Run: [Facebook Update] => C:\Users\Marek\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-10-22] (Facebook Inc.)
HKU\S-1-5-21-3667591875-3836627966-1938915227-1002\...\Run: [sosopa] => C:\Users\Marek\Documents\Notes\sosopa.exe [274432 2007-09-28] ()
HKU\S-1-5-21-3667591875-3836627966-1938915227-1002\...\Run: [Google Update] => C:\Users\Marek\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.)
HKU\S-1-5-21-3667591875-3836627966-1938915227-1002\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5583120 2015-02-27] (Disc Soft Ltd)
HKU\S-1-5-21-3667591875-3836627966-1938915227-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd)
HKU\S-1-5-21-3667591875-3836627966-1938915227-1002\...\Run: [Dropbox Update] => C:\Users\Marek\AppData\Local\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-25] (Dropbox, Inc.)
HKU\S-1-5-21-3667591875-3836627966-1938915227-1002\...\Run: [beja] => wscript.exe //B "C:\Users\Marek\AppData\Local\Temp\beja.vbs" <===== ATTENTION
HKU\S-1-5-21-3667591875-3836627966-1938915227-1002\...\MountPoints2: {14fa8d7b-ffa0-11e4-befc-a0481c0b54dd} - "F:\setup.exe"
HKU\S-1-5-21-3667591875-3836627966-1938915227-1002\...\MountPoints2: {1e7b9674-34fc-11e4-bea5-a0481c0b54dd} - "F:\Setup.exe"
HKU\S-1-5-21-3667591875-3836627966-1938915227-1002\...\MountPoints2: {3dc6cd56-aecb-11e4-bed1-a0481c0b54dd} - "G:\setup.exe"
HKU\S-1-5-21-3667591875-3836627966-1938915227-1002\...\MountPoints2: {3dc6cd8d-aecb-11e4-bed1-a0481c0b54dd} - "G:\setup.exe"
HKU\S-1-5-21-3667591875-3836627966-1938915227-1002\...\MountPoints2: {58eeca03-4d9e-11e5-bf29-a0481c0b54dd} - "F:\setup.exe"
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marek\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-10-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marek\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-10-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marek\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-10-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marek\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-10-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marek\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-10-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marek\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-10-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marek\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-10-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marek\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-10-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
Startup: C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\beja.vbs [2015-10-08] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.101.1
Tcpip\..\Interfaces\{1AA36AE4-FEDA-4B2D-AC5D-263CA6C2FB9C}: [DhcpNameServer] 192.168.101.1
Tcpip\..\Interfaces\{889FEBDD-31E0-4CBE-83F0-FD68B350E1AF}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HPNTDFJS
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS
HKU\S-1-5-21-3667591875-3836627966-1938915227-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/
HKU\S-1-5-21-3667591875-3836627966-1938915227-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS
SearchScopes: HKLM -> {6911C177-B3CD-4D6E-A045-B77C8A2BF5FC} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKLM-x32 -> {6911C177-B3CD-4D6E-A045-B77C8A2BF5FC} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKU\S-1-5-21-3667591875-3836627966-1938915227-1002 -> {6911C177-B3CD-4D6E-A045-B77C8A2BF5FC} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2012-07-09] (Hewlett-Packard)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\fp376ucg.default
FF Homepage: hxxps://www.seznam.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_207.dll [2015-10-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_207.dll [2015-10-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll [2014-04-15] (Adobe Systems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3667591875-3836627966-1938915227-1002: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Marek\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-3667591875-3836627966-1938915227-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Marek\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-3667591875-3836627966-1938915227-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Marek\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-3667591875-3836627966-1938915227-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Marek\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-06-11] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3667591875-3836627966-1938915227-1002: google.com/WidevineMediaOptimizer -> C:\Users\Marek\AppData\Roaming\IDM\bin\npwidevinemediaoptimizer.dll [2014-06-09] (Google Inc.)

Chrome:
=======
CHR HomePage: Profile 1 -> hxxp://seznam.cz/
CHR StartupUrls: Profile 1 -> "hxxp://www.seznam.cz/"
CHR Profile: C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Překladač Google) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2015-03-14]
CHR Extension: (Disk Google) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-13]
CHR Extension: (YouTube) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-13]
CHR Extension: (Vyhledávání Google) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-13]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-13]
CHR Extension: (Gmail) - C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-13]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [103424 2013-04-16] () [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-16] (Advanced Micro Devices, Inc.) [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1141248 2015-07-21] ()
S2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1630456 2013-06-07] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [145656 2013-05-14] (IVT Corporation)
U4 BthAvrcpTg; C:\Windows\System32\drivers\BthAvrcpTg.sys [36992 2013-08-22] (Microsoft Corporation)
U4 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [57856 2015-03-09] (Microsoft Corporation)
U4 bthhfhid; C:\Windows\System32\drivers\BthHFHid.sys [30720 2013-08-22] (Microsoft Corporation)
U4 BthHFSrv; C:\Windows\System32\svchost.exe [38792 2014-10-29] (Microsoft Corporation)
U4 BthHFSrv; C:\Windows\SysWOW64\svchost.exe [33088 2014-10-29] (Microsoft Corporation)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-06-26] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [294664 2013-06-26] (CyberLink)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-27] (Disc Soft Ltd)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-03-01] (Freemake) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-06-07] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-05-03] (Hewlett-Packard Development Company, L.P.)
S3 NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [774144 2007-01-15] (Nero AG) [File not signed]
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [271920 2007-03-12] (Nero AG)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-19] (Realtek Semiconductor)
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2014-10-20] (SolidWorks) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-07-02] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17504 2013-02-08] (Advanced Micro Devices, INC.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [37472 2013-02-14] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98744 2013-04-24] (Advanced Micro Devices)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
S3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [54064 2013-04-26] (Ralink Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [49584 2013-03-25] (Ralink Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30352 2015-05-24] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [288840 2013-04-11] (Realtek Semiconductor Corp.)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-06-05] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [33008 2013-06-05] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-15 18:11 - 2015-10-15 18:12 - 00021299 _____ C:\Users\Marek\Desktop\FRST.txt
2015-10-15 18:11 - 2015-10-15 18:11 - 00000000 ____D C:\FRST
2015-10-15 18:10 - 2015-10-15 18:10 - 02196992 _____ (Farbar) C:\Users\Marek\Desktop\FRST64.exe
2015-10-15 05:22 - 2015-09-19 05:18 - 00035384 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-10-15 05:22 - 2015-09-18 15:42 - 01290752 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-10-15 05:22 - 2015-09-18 15:42 - 01163776 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-10-15 05:22 - 2015-09-18 15:42 - 00766464 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-10-15 05:22 - 2015-09-18 15:42 - 00699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-10-15 05:22 - 2015-09-18 15:42 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-10-15 05:22 - 2015-09-18 15:42 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-10-14 20:06 - 2015-10-14 20:07 - 00000000 ____D C:\Users\Marek\Downloads\Kobra 11
2015-10-14 16:24 - 2015-10-14 16:29 - 00000000 ____D C:\AdwCleaner
2015-10-14 04:07 - 2015-09-29 14:31 - 07457624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-10-14 04:07 - 2015-09-29 14:31 - 01658536 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-10-14 04:07 - 2015-09-29 14:31 - 01519592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-10-14 04:07 - 2015-09-29 14:31 - 01487008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-10-14 04:07 - 2015-09-29 14:31 - 01355848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-10-14 04:07 - 2015-09-24 18:42 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2015-10-14 04:07 - 2015-09-24 18:40 - 00737280 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-10-14 04:07 - 2015-09-10 20:02 - 25851392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-10-14 04:07 - 2015-08-27 04:43 - 22372152 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-10-14 04:07 - 2015-08-27 04:42 - 19795904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-10-14 04:07 - 2015-08-07 23:40 - 01736520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-10-14 04:07 - 2015-08-07 23:40 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-10-14 04:07 - 2015-08-07 23:40 - 01134752 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2015-10-14 04:07 - 2015-08-07 23:40 - 00686960 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2015-10-14 04:07 - 2015-08-07 23:40 - 00507176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2015-10-14 04:07 - 2015-08-07 16:13 - 00862720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2015-10-14 04:07 - 2015-08-06 19:05 - 00669184 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2015-10-14 04:07 - 2015-08-06 18:47 - 04710400 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2015-10-14 04:07 - 2015-08-06 18:37 - 00536576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2015-10-14 04:07 - 2015-08-06 18:18 - 04068352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2015-10-14 04:06 - 2015-09-29 14:29 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-10-14 04:06 - 2015-09-28 20:45 - 03705344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-10-14 04:06 - 2015-09-28 20:26 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-10-14 04:06 - 2015-09-28 20:25 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-10-14 04:06 - 2015-09-28 20:25 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-10-14 04:06 - 2015-09-28 20:25 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-10-14 04:06 - 2015-09-28 20:22 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-10-14 04:06 - 2015-09-28 20:22 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-10-14 04:06 - 2015-09-28 20:22 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-10-14 04:06 - 2015-09-28 20:15 - 02243072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-10-14 04:06 - 2015-09-28 20:13 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-10-14 04:06 - 2015-09-28 20:12 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-10-14 04:06 - 2015-09-10 19:19 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-10-14 04:06 - 2015-09-10 19:18 - 02886656 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-10-14 04:06 - 2015-09-10 19:18 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-10-14 04:06 - 2015-09-10 19:14 - 05990400 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-10-14 04:06 - 2015-09-10 19:09 - 20358144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-10-14 04:06 - 2015-09-10 19:06 - 00616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-10-14 04:06 - 2015-09-10 19:04 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-10-14 04:06 - 2015-09-10 18:51 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-10-14 04:06 - 2015-09-10 18:39 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-10-14 04:06 - 2015-09-10 18:37 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-10-14 04:06 - 2015-09-10 18:37 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-10-14 04:06 - 2015-09-10 18:35 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-10-14 04:06 - 2015-09-10 18:33 - 02279936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-10-14 04:06 - 2015-09-10 18:28 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-10-14 04:06 - 2015-09-10 18:28 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-10-14 04:06 - 2015-09-10 18:27 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-10-14 04:06 - 2015-09-10 18:24 - 14456832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-10-14 04:06 - 2015-09-10 18:21 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-10-14 04:06 - 2015-09-10 18:19 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-10-14 04:06 - 2015-09-10 18:19 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-10-14 04:06 - 2015-09-10 18:19 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-10-14 04:06 - 2015-09-10 18:17 - 02126336 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-10-14 04:06 - 2015-09-10 18:17 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-10-14 04:06 - 2015-09-10 18:07 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-10-14 04:06 - 2015-09-10 18:05 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-10-14 04:06 - 2015-09-10 18:02 - 04527616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-10-14 04:06 - 2015-09-10 18:01 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-10-14 04:06 - 2015-09-10 18:00 - 12853760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-10-14 04:06 - 2015-09-10 17:57 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-10-14 04:06 - 2015-09-10 17:57 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-10-14 04:06 - 2015-09-10 17:55 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-10-14 04:06 - 2015-09-10 17:55 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-10-14 04:06 - 2015-09-10 17:55 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-10-14 04:06 - 2015-09-10 17:45 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-10-14 04:06 - 2015-09-10 17:34 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-10-14 04:06 - 2015-09-10 17:31 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-10-14 04:06 - 2015-09-10 17:27 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-10-14 04:06 - 2015-09-10 17:26 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-10-14 04:06 - 2015-08-22 15:42 - 00901264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2015-10-14 04:06 - 2015-08-22 15:42 - 00066400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 04:06 - 2015-08-22 15:42 - 00022368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 04:06 - 2015-08-22 15:42 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 04:06 - 2015-08-22 15:42 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 04:06 - 2015-08-22 15:42 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 04:06 - 2015-08-22 15:42 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 04:06 - 2015-08-22 15:42 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 04:06 - 2015-08-22 15:42 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 04:06 - 2015-08-22 15:42 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 04:06 - 2015-08-22 15:42 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 04:06 - 2015-08-22 15:42 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 04:06 - 2015-08-22 15:42 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 04:06 - 2015-08-22 15:42 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 04:06 - 2015-08-22 15:42 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 04:06 - 2015-08-22 15:42 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 04:06 - 2015-08-22 15:35 - 00984448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2015-10-14 04:06 - 2015-08-22 15:35 - 00063840 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 04:06 - 2015-08-22 15:35 - 00020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 04:06 - 2015-08-22 15:35 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 04:06 - 2015-08-22 15:35 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 04:06 - 2015-08-22 15:35 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 04:06 - 2015-08-22 15:35 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 04:06 - 2015-08-22 15:35 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 04:06 - 2015-08-22 15:35 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 04:06 - 2015-08-22 15:35 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 04:06 - 2015-08-22 15:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 04:06 - 2015-08-22 15:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 04:06 - 2015-08-22 15:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 04:06 - 2015-08-22 15:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 04:06 - 2015-08-22 15:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 04:06 - 2015-08-22 15:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 04:06 - 2015-07-16 20:58 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NcdAutoSetup.dll
2015-10-13 17:16 - 2015-10-13 17:23 - 00000000 ____D C:\Program Files\trend micro
2015-10-13 17:16 - 2015-10-13 17:17 - 00000000 ____D C:\rsit
2015-10-12 17:04 - 2015-10-12 17:04 - 00015187 _____ C:\Users\Marek\Downloads\[CzT]Zeme_zitrka_Tomorrowland_2015_CZ_.torrent
2015-10-11 15:15 - 2015-10-11 18:10 - 00000000 ____D C:\Users\Marek\Downloads\Shofer.Race.Driver.Patch.Update.v1.0-BAT
2015-10-03 13:23 - 2015-10-03 13:23 - 00000000 ____D C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-09-27 17:54 - 2015-10-15 03:19 - 00003756 _____ C:\WINDOWS\System32\Tasks\AutoKMS
2015-09-16 20:05 - 2015-09-16 20:05 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3667591875-3836627966-1938915227-1002Core1d0f0aa35a8cc3e.job

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-15 18:06 - 2014-05-27 16:20 - 00000972 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-15 18:05 - 2015-05-31 16:30 - 00000000 ____D C:\Program Files (x86)\Steam
2015-10-15 18:05 - 2014-05-29 21:15 - 00000000 ____D C:\Users\Marek\AppData\Roaming\vlc
2015-10-15 18:05 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-10-15 17:00 - 2015-06-21 12:22 - 01582015 _____ C:\WINDOWS\WindowsUpdate.log
2015-10-15 16:50 - 2015-07-26 12:30 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-10-15 16:15 - 2014-08-07 20:56 - 00003958 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{52C8C741-9B6A-43E2-B952-D18B0802F1BB}
2015-10-15 11:54 - 2014-12-12 21:48 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-10-15 11:54 - 2014-08-08 23:35 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-10-15 11:54 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-10-15 06:22 - 2014-05-27 14:07 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3667591875-3836627966-1938915227-1002
2015-10-15 04:36 - 2015-02-11 11:27 - 00000000 ____D C:\uTorrent
2015-10-15 03:19 - 2014-08-07 20:25 - 00000000 ___RD C:\Users\Marek\OneDrive
2015-10-15 03:18 - 2013-08-30 18:51 - 00003620 _____ C:\WINDOWS\SysWOW64\LOCALSERVICE.INI
2015-10-15 03:17 - 2015-06-22 05:37 - 00018468 _____ C:\WINDOWS\setupact.log
2015-10-15 03:17 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-15 03:17 - 2013-06-07 09:40 - 00001017 _____ C:\WINDOWS\SysWOW64\bscs.ini
2015-10-14 16:40 - 2014-03-18 17:33 - 01934988 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-14 16:40 - 2014-03-18 16:54 - 00802206 _____ C:\WINDOWS\system32\perfh005.dat
2015-10-14 16:40 - 2014-03-18 16:54 - 00183700 _____ C:\WINDOWS\system32\perfc005.dat
2015-10-14 16:31 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-10-14 16:30 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-10-14 16:29 - 2013-08-30 18:34 - 00001381 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Start Now Technology.lnk
2015-10-14 16:14 - 2014-05-30 14:37 - 02265600 ___SH C:\Users\Marek\Desktop\Thumbs.db
2015-10-14 16:11 - 2014-09-11 18:21 - 00325632 ___SH C:\Users\Marek\Documents\Thumbs.db
2015-10-14 11:26 - 2014-12-08 19:40 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-10-14 11:18 - 2014-05-28 16:17 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-10-14 11:10 - 2014-05-28 16:17 - 143481208 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-10-14 06:50 - 2015-07-26 12:30 - 00003802 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-10-13 19:51 - 2014-08-30 18:28 - 00000000 ____D C:\Users\Marek\Downloads\Nemazat!!!
2015-10-13 18:05 - 2014-09-27 20:39 - 00000000 ____D C:\Users\Marek\AppData\Roaming\Skype
2015-10-13 16:13 - 2015-08-19 19:53 - 00356784 _____ C:\WINDOWS\PFRO.log
2015-10-13 16:13 - 2015-08-19 15:55 - 00000000 ____D C:\ProgramData\AVAST Software
2015-10-13 15:10 - 2014-12-24 09:17 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-10-12 17:41 - 2014-07-18 20:05 - 03390464 ___SH C:\Users\Marek\Downloads\Thumbs.db
2015-10-10 20:56 - 2014-09-27 20:39 - 00000000 ____D C:\ProgramData\Skype
2015-10-09 10:02 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2015-10-08 18:09 - 2014-05-27 16:20 - 00000000 ____D C:\Program Files (x86)\Google
2015-10-06 19:23 - 2015-04-04 11:01 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-10-06 17:18 - 2015-04-04 11:01 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-10-03 13:24 - 2014-10-23 14:10 - 00000000 ____D C:\Users\Marek\AppData\Roaming\Dropbox
2015-10-02 16:24 - 2015-03-12 21:12 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-10-02 16:24 - 2015-03-12 21:12 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-27 17:52 - 2014-08-07 19:11 - 00000000 ____D C:\Users\Marek
2015-09-19 13:05 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2015-09-16 20:05 - 2015-08-30 09:42 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3667591875-3836627966-1938915227-1002Core1d0e2f75b5b3dbf.job
2015-09-15 05:01 - 2014-05-27 16:20 - 00003944 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-15 05:01 - 2014-05-27 16:20 - 00003708 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-15 05:01 - 2014-05-27 16:20 - 00000968 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

==================== Files in the root of some directories =======

2015-06-17 14:59 - 2015-06-17 14:59 - 0000046 _____ () C:\Users\Marek\AppData\Roaming\Camdata.ini
2015-06-17 14:59 - 2015-06-17 14:59 - 0000408 _____ () C:\Users\Marek\AppData\Roaming\CamLayout.ini
2015-06-17 14:59 - 2015-06-17 14:59 - 0000408 _____ () C:\Users\Marek\AppData\Roaming\CamShapes.ini
2015-07-04 14:26 - 2015-07-04 14:27 - 0006144 _____ () C:\Users\Marek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-25 21:47 - 2014-12-25 21:47 - 0000000 ___SH () C:\Users\Marek\AppData\Local\LumaEmu
2015-08-17 10:38 - 2015-08-17 10:38 - 0000017 _____ () C:\Users\Marek\AppData\Local\resmon.resmoncfg
2015-04-16 22:03 - 2015-04-16 22:24 - 0000000 _____ () C:\Users\Marek\AppData\Local\Temptable.xml

Some files in TEMP:
====================
C:\Users\Marek\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpolys9x.dll
C:\Users\Marek\AppData\Local\Temp\sqlite3.dll
C:\Users\Marek\AppData\Local\Temp\Uninstall.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-15 06:22

==================== End of FRST.txt ============================

Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version:14-10-2015 01
Ran by Marek (2015-10-15 18:13:02)
Running from C:\Users\Marek\Desktop
Windows 8.1 (X64) (2014-08-07 18:19:30)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3667591875-3836627966-1938915227-500 - Administrator - Disabled)
Guest (S-1-5-21-3667591875-3836627966-1938915227-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3667591875-3836627966-1938915227-1014 - Limited - Enabled)
Marek (S-1-5-21-3667591875-3836627966-1938915227-1002 - Administrator - Enabled) => C:\Users\Marek

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.207 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{F196C498-5681-BCA2-8029-5BF070368F35}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD VISION Engine Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Call of Duty 4 - Modern Warfare verze 1.7 (HKLM-x32\...\{826D7727-6105-4C5D-A049-E4BADBC8BAAB}_is1) (Version: 1.7 - tomi2k9)
Call of Duty(R) 2 (HKLM-x32\...\InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}) (Version: 1.00.0000 - Activision)
Call of Duty(R) 2 (x32 Version: 1.00.0000 - Activision) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)
COD - Advanced Warfare (HKLM-x32\...\COD - Advanced Warfare_is1) (Version: 1.2.0.4107 - Activision)
CoD 2 čeština (HKLM-x32\...\CoD 2 čeština_is1) (Version: - #'Pan[S]al!er!)
Colin McRae Rally 2 (HKLM-x32\...\{19B72AA9-985A-11D4-9C8A-00D0B75D1498}) (Version: - )
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4.6515 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.4.2928 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.2.4128 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.4.3026 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.4.3021 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.1.3024 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.1.2922 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0406 - Disc Soft Ltd)
DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive)
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dropbox (HKU\S-1-5-21-3667591875-3836627966-1938915227-1002\...\Dropbox) (Version: 3.10.7 - Dropbox, Inc.)
EAX4 Unified Redist (HKLM-x32\...\{89661B04-C646-4412-B6D3-5E19F02F1F37}) (Version: 4.001 - Creative Labs)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
EPSON Stylus SX100_TX100 Manuál (HKLM-x32\...\EPSON Stylus SX100_TX100 Uživatelská příručka) (Version: - )
EPSON SX100 Series Printer Uninstall (HKLM\...\EPSON SX100 Series) (Version: - SEIKO EPSON Corporation)
Euro Truck Simulator 2 - v1.10.1.18s + 13xDLC (HKLM-x32\...\Euro Truck Simulator 2_is1) (Version: - )
Euro Truck Simulator 2 Gold Bundle verze v1.14.0.4s (HKLM-x32\...\Euro Truck Simulator 2 Gold Bundle_is1) (Version: v1.14.0.4s - R.G. Danik1B9)
Euro Truck Simulator 2 v1.19.0.10s (26 DLC) (HKLM-x32\...\Euro Truck Simulator 2 v1.19.0.10s (26 DLC)1.19.0.10s) (Version: 1.19.0.10s - Friends in War)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Farming Simulator 15 (HKLM-x32\...\Farming Simulator 15_is1) (Version: - )
Fotogaléria (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Freemake Video Converter verze 3.2.1 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 3.2.1 - Ellora Assets Corporation)
FreemakeVideoConverter_3.2.1.8 version for Windows (HKLM-x32\...\{96298315-D9E8-E670-A1D2-CA149B257626}_is1) (Version: for Windows - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.71 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Grand Prix 3 (HKLM-x32\...\{E4961DB6-A3F3-11D3-BE67-0000B4A81FC5}) (Version: - )
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
Hewlett-Packard ACLM.NET v1.2.2.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{AE2F1669-5B1F-47C5-B639-78D74DD0BCE4}) (Version: 6.0.9.1 - Název společnosti:)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-3667591875-3836627966-1938915227-1002\...\HPConnectedMusic) (Version: 1.1 (build 112) hp - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{59F8C5AA-91BD-423D-BF05-09A80F39898F}) (Version: 2.10.62 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{61245005-66F1-4001-AEE8-2E2D36F65C28}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Quick Start (HKLM-x32\...\{C001689B-4EAD-4CB4-B5F7-4A85A32785DC}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6838.4521 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{C88F84E5-AE23-44BD-922C-2ABEACACAF7A}) (Version: 7.2.23.56 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{1C5BBAD8-4079-4014-8803-751333FBC112}) (Version: 1.0.8 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{A48BD764-CFDF-40A5-A07A-710908044F5D}) (Version: 2.2.2 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 38.0.5 (x86 cs) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 cs)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.1 - Mozilla)
Need for Speed Most Wanted 2012 v1.0.0.0 (HKLM-x32\...\Need for Speed Most Wanted 2012_is1) (Version: 1.0.0.0 - EA Games)
Need for Speed Underground 2 (HKLM-x32\...\{909F8EBC-EC7F-48FF-0085-475D818F0F31}) (Version: - )
Nero 7 Ultra Edition (HKLM-x32\...\{4F2CE68F-EDBB-4592-BF07-5AC930A51029}) (Version: 7.02.6446 - Nero AG)
NVIDIA PhysX (HKLM-x32\...\{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}) (Version: 9.10.0514 - NVIDIA Corporation)
OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Název společnosti:)
PhotoFiltre 7 (HKU\S-1-5-21-3667591875-3836627966-1938915227-1002\...\PhotoFiltre 7) (Version: - )
Ralink Bluetooth Stack64 (HKLM\...\{931210CE-36BC-BB05-9559-D2320932312E}) (Version: 11.0.738.3 - Mediatek)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.27.0 - Mediatek)
Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 6.2.9200.29060 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.15.410.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6950 - Realtek Semiconductor Corp.)
Richard Burns Rally (HKLM-x32\...\InstallShield_{72CE541B-52BD-4FA1-8CD6-19341939AB21}) (Version: 1.00.000 - Název společnosti:)
Richard Burns Rally (x32 Version: 1.00.000 - Název společnosti:) Hidden
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.24.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
SHIFT 2 UNLEASHED™ (HKLM-x32\...\{E8C37E27-5205-4C8A-BECB-B00533045AAE}) (Version: 1.0.0.0 - Electronic Arts)
Skype™ 7.12 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.12.101 - Skype Technologies S.A.)
Sniper Elite III (HKLM-x32\...\Sniper Elite III_is1) (Version: 1.01 - Codemasters)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.6.5.1 - Synaptics Incorporated)
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 7.56a - Ghisler Software GmbH)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.50 - Ghisler Software GmbH)
Unity Web Player (HKU\S-1-5-21-3667591875-3836627966-1938915227-1002\...\UnityWebPlayer) (Version: 4.5.1f3 - Unity Technologies ApS)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Widevine Media Optimizer Chrome 6.0.0 (HKLM-x32\...\optimizer_chrome) (Version: 6.0.0.12757 - Widevine Technologies)
Widevine Media Optimizer Chrome 6.0.0 (HKU\S-1-5-21-3667591875-3836627966-1938915227-1002\...\optimizer_chrome) (Version: 6.0.0.12757 - Widevine Technologies)
Widevine Media Optimizer IE 6.0.0 (HKU\S-1-5-21-3667591875-3836627966-1938915227-1002\...\optimizer_ie) (Version: 6.0.0.12757 - Widevine Technologies)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WRC 4 FIA World Rally Championship (HKLM-x32\...\V1JDNEZJQVdvcmxkUmFsbHlDaGFtcGlvbnNoaXA=_is1) (Version: 1 - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3667591875-3836627966-1938915227-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Marek\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3667591875-3836627966-1938915227-1002_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Marek\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3667591875-3836627966-1938915227-1002_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Marek\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3667591875-3836627966-1938915227-1002_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Marek\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3667591875-3836627966-1938915227-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Marek\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3667591875-3836627966-1938915227-1002_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Marek\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3667591875-3836627966-1938915227-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marek\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3667591875-3836627966-1938915227-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marek\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3667591875-3836627966-1938915227-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marek\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3667591875-3836627966-1938915227-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marek\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3667591875-3836627966-1938915227-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marek\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3667591875-3836627966-1938915227-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marek\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3667591875-3836627966-1938915227-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marek\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3667591875-3836627966-1938915227-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marek\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3667591875-3836627966-1938915227-1002_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Marek\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)

==================== Restore Points =========================

22-09-2015 20:10:50 Windows Update
06-10-2015 17:17:08 Windows Update
09-10-2015 18:20:40 avast! antivirus system restore point
14-10-2015 11:04:47 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {107313E6-3F63-4F80-9EB2-5907420A699E} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-14] (Adobe Systems Incorporated)
Task: {14781F9C-61ED-48F5-BA48-8EE4AAC602C0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-05-08] (Piriform Ltd)
Task: {2EFBED16-2F7D-43A9-AFBD-7F5109DAEDA8} - System32\Tasks\{1735F4AD-762D-440D-9B86-D4296EA0F1E8} => Chrome.exe hxxp://ui.skype.com/ui/0/6.21.0.104/cs/abandoninstall?source=lightinstaller&page=tsMain
Task: {3A064C9C-5260-4183-99DE-1FE5E711CC72} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-06-05] (Synaptics Incorporated)
Task: {45382782-A3B0-40FF-A948-6FDAC08170AF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-11-29] (Hewlett-Packard Company)
Task: {66883DA1-9AD3-40E0-A137-BC6283D239B0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {722B01DD-411F-4F82-9B09-07CBBCFC71D8} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe [2015-08-31] ()
Task: {7A68C374-512F-4EE9-98E1-753C01AF8FD4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {7FD0BC8F-F942-4CA0-BBE0-28157E559298} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {9CC0C812-AC9E-40C3-A69C-C6CBE1A23D71} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-06-07] (Hewlett-Packard Development Company, L.P.)
Task: {A6F6CD3E-AE38-4DEB-B7FC-BFEE1FCA70E8} - System32\Tasks\{591A1263-B969-4D9C-9D44-F135AAF3919F} => pcalua.exe -a "C:\Program Files (x86)\Xilisoft\AVI to DVD Converter\Uninstall.exe"
Task: {ACA4744E-BB3F-4891-9B43-125FC253740D} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {C18E3277-BB14-4F8C-9432-81C193C17ECF} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\system32\CompatTelRunner.exe [2015-09-19] (Microsoft Corporation)
Task: {D013FF92-5506-4648-9A4A-A40CD14F4B5C} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-12] (CyberLink)
Task: {DBC88124-1366-4C43-BC16-B71E322D0E06} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-10-14] (Microsoft Corporation)
Task: {E5F46A69-819A-4D12-82C1-EE87A94F9F10} - System32\Tasks\{D56B2C96-8BFC-4EC7-A7F7-9D3FAE579526} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lig ... tError=404
Task: {FF02EB65-8AAA-46D4-9E02-3C0A97927C80} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-06-07] (Hewlett-Packard Company)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3667591875-3836627966-1938915227-1002Core.job => C:\Users\Marek\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3667591875-3836627966-1938915227-1002Core.job => C:\Users\Marek\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3667591875-3836627966-1938915227-1002Core.job => C:\Users\Marek\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3667591875-3836627966-1938915227-1002Core1d0791bc7afe311.job => C:\Users\Marek\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3667591875-3836627966-1938915227-1002Core1d08f36ff8454c7.job => C:\Users\Marek\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3667591875-3836627966-1938915227-1002Core1d0bf82c13d83bc.job => C:\Users\Marek\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3667591875-3836627966-1938915227-1002Core1d0e2f75b5b3dbf.job => C:\Users\Marek\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3667591875-3836627966-1938915227-1002Core1d0f0aa35a8cc3e.job => C:\Users\Marek\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (Whitelisted) ==============

2013-04-16 23:51 - 2013-04-16 23:51 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2013-04-16 23:50 - 2013-04-16 23:50 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-05-14 17:33 - 2013-05-14 17:33 - 00016632 _____ () C:\Windows\system32\BsHelpCSps.dll
2013-05-14 17:33 - 2013-05-14 17:33 - 00029432 _____ () C:\WINDOWS\system32\BsTrace.dll
2013-04-16 23:50 - 2013-04-16 23:50 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2015-05-08 20:50 - 2015-05-08 20:50 - 00047104 _____ () C:\Program Files\CCleaner\lang\lang-1029.dll
2013-08-30 19:06 - 2013-03-12 16:51 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-12 22:53 - 2013-03-12 22:53 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-05-14 17:33 - 2013-05-14 17:33 - 00029432 _____ () C:\Windows\SYSTEM32\BsTrace.dll
2015-10-15 04:07 - 2015-10-09 02:53 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\libglesv2.dll
2015-10-15 04:07 - 2015-10-09 02:53 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\libegl.dll
2015-10-15 04:07 - 2015-10-09 02:53 - 16493384 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:8927A071
AlternateDataStreams: C:\Users\Marek\OneDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3667591875-3836627966-1938915227-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Marek\Desktop\motorka12.jpg
DNS Servers: 192.168.101.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "SolidWorks 2014 Rychlé spuštění.lnk"
HKU\S-1-5-21-3667591875-3836627966-1938915227-1002\...\StartupApproved\Run: => "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"
HKU\S-1-5-21-3667591875-3836627966-1938915227-1002\...\StartupApproved\Run: => "EPSON SX100 Series"
HKU\S-1-5-21-3667591875-3836627966-1938915227-1002\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-3667591875-3836627966-1938915227-1002\...\StartupApproved\Run: => "sosopa"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{8A8D08EE-3F32-4A67-88D4-B083938CAC07}C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe] => (Allow) C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe
FirewallRules: [TCP Query User{5F4242D2-B01A-49E5-B29F-5B0EEACB5698}C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe] => (Allow) C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe
FirewallRules: [UDP Query User{E27FE41B-7677-4535-AC75-1209772E2710}C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe] => (Allow) C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe
FirewallRules: [TCP Query User{BDB4DB20-0FA5-4428-879E-3077185B477E}C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe] => (Allow) C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe
FirewallRules: [{F682CAF6-0621-4485-8DC0-1CA75CE18B5D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{A4043884-C41F-4356-A150-3970745E6701}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{D80DE9EC-5E09-4B52-BAFB-E13D4375D87B}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{917D985E-1FDB-4553-8186-7C2C401484D1}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{AB673595-2DA3-44CB-BFD8-0C8A5B02B6C3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{CBD07461-2C8F-4EC0-93D4-ECEDE5B26B94}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7F7ED232-9B3B-4D91-918B-B679002E6410}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{7110E112-4E5D-4D5B-A40F-36DAD64A39A1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{33F6D7D0-0110-47C3-BE1B-6E9C9B5BF6FE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{2B5CD133-3602-4132-A4C9-7CC272F78409}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{0C8C7297-3397-4C76-ABB1-D6589CE88BC4}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{06C2B56E-D3A6-4493-9456-33A7A992BF06}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{5C4E6E6F-3AB2-44B8-A2C3-E411273D1B20}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{ECF4525C-05F5-4DC5-A02D-1F310E50067C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B3B1CA02-ADD2-40CB-A481-6F05BEC01262}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E106567B-6848-47B3-B483-DD321AEC7696}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B49DDFEC-F5FF-4A91-9FB2-A809580B16EB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7746FA8F-07A7-48DB-AEBD-E63BE5B367A4}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{51CAF5FB-17BA-4403-BB5B-C44ED18AC185}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{9AE78F4E-09A7-4844-B5FB-7B5A68FD5D94}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{B2BAF3E2-3F2E-4294-B8DB-10458B1EEEEF}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{66D715B1-C054-461A-8A2F-46D04606D048}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{4EC9C887-09B5-468F-90D2-0E0FE9035DB8}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [TCP Query User{25C675D3-1A22-4159-AB38-338EBF8E970C}C:\program files (x86)\codemasters\colin mcrae rally 2\cmr2.exe] => (Allow) C:\program files (x86)\codemasters\colin mcrae rally 2\cmr2.exe
FirewallRules: [UDP Query User{83443620-1FB3-4025-8FCC-05BF8D8D750E}C:\program files (x86)\codemasters\colin mcrae rally 2\cmr2.exe] => (Allow) C:\program files (x86)\codemasters\colin mcrae rally 2\cmr2.exe
FirewallRules: [TCP Query User{A77D3101-F037-441B-91B4-58C45D90A259}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{9DAFE46D-6243-4B97-A5D3-F47AA7A898C6}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [TCP Query User{2C6C30DA-4AEB-4D20-A276-CE1C51C455EA}C:\program files (x86)\codemasters\colin mcrae rally 2\cmr2network.exe] => (Block) C:\program files (x86)\codemasters\colin mcrae rally 2\cmr2network.exe
FirewallRules: [UDP Query User{020A7FDB-0B6F-4D48-B17F-161B6B88CA33}C:\program files (x86)\codemasters\colin mcrae rally 2\cmr2network.exe] => (Block) C:\program files (x86)\codemasters\colin mcrae rally 2\cmr2network.exe
FirewallRules: [TCP Query User{F549AD40-F1A1-4B35-BC9A-42C90AD043AF}C:\program files\microprose\grand prix 3\gp3.exe] => (Allow) C:\program files\microprose\grand prix 3\gp3.exe
FirewallRules: [UDP Query User{3D162D00-B9A6-4308-8E5F-BC72406835CE}C:\program files\microprose\grand prix 3\gp3.exe] => (Allow) C:\program files\microprose\grand prix 3\gp3.exe
FirewallRules: [{BEFB10D4-06B7-4CE6-89B3-7DD205692187}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{3D8F5547-FADA-40C0-8330-9C36F5FD9332}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{05F91025-A8A6-4FC4-8158-C1B0886F1E58}] => (Allow) C:\Users\Marek\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{F45DF2A1-39C5-44F1-9AE9-D541C8AFC65B}] => (Allow) C:\Users\Marek\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{5FE542A5-0177-4996-90DE-6F7FA9348E7E}] => (Allow) C:\Users\Marek\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{46CA5F38-A28D-4E9D-9DF7-2610CE2F88A0}C:\program files (x86)\farming simulator 15\dedicatedserver.exe] => (Block) C:\program files (x86)\farming simulator 15\dedicatedserver.exe
FirewallRules: [UDP Query User{2F60832F-11B2-4E3E-95E2-F9D098A8CFB7}C:\program files (x86)\farming simulator 15\dedicatedserver.exe] => (Block) C:\program files (x86)\farming simulator 15\dedicatedserver.exe
FirewallRules: [TCP Query User{E8D3116D-146B-4020-87E8-E826DEB295E9}C:\program files (x86)\farming simulator 15\x64\farmingsimulator2015game.exe] => (Allow) C:\program files (x86)\farming simulator 15\x64\farmingsimulator2015game.exe
FirewallRules: [UDP Query User{956BFAD5-18CF-4663-8948-E4B9BB3AA077}C:\program files (x86)\farming simulator 15\x64\farmingsimulator2015game.exe] => (Allow) C:\program files (x86)\farming simulator 15\x64\farmingsimulator2015game.exe
FirewallRules: [TCP Query User{F03F8B81-1DD5-4D9A-8148-09CF29782219}C:\users\marek\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\marek\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{86A79F7C-6DD7-4BAE-8D4E-8FEF61A24957}C:\users\marek\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\marek\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{0F65A06C-4DB4-4EBC-AAD0-5E6F12155EDD}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{BDC1950D-6B86-4B07-966C-29CF4D820F65}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{93B86DB2-2D69-442C-AA34-4D44E4FF8D29}C:\program files (x86)\valve\hl.exe] => (Allow) C:\program files (x86)\valve\hl.exe
FirewallRules: [UDP Query User{5A5C3174-7F79-4F5F-9DF6-427FFE403935}C:\program files (x86)\valve\hl.exe] => (Allow) C:\program files (x86)\valve\hl.exe
FirewallRules: [TCP Query User{9E092D61-7D25-40C1-98CC-D4F0C4E67F8F}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{6514D0A1-8186-4B64-AAAE-BFA9A641930A}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{C3C3B0FD-F603-4D52-AF59-904BC21B7FB8}C:\program files (x86)\wrc 4 fia world rally championship\wrc4.exe] => (Allow) C:\program files (x86)\wrc 4 fia world rally championship\wrc4.exe
FirewallRules: [UDP Query User{B541BA36-291C-43B1-8739-368FD5DB1EA9}C:\program files (x86)\wrc 4 fia world rally championship\wrc4.exe] => (Allow) C:\program files (x86)\wrc 4 fia world rally championship\wrc4.exe
FirewallRules: [TCP Query User{BBC143E2-75F2-4C84-969D-48052AE32D66}C:\utorrent\utorrent.exe] => (Allow) C:\utorrent\utorrent.exe
FirewallRules: [UDP Query User{16DDCAE9-FCDB-4A2A-AE67-1861D31C007B}C:\utorrent\utorrent.exe] => (Allow) C:\utorrent\utorrent.exe
FirewallRules: [TCP Query User{2E272971-0ABA-4F71-B6E5-421A7DCABCE5}C:\program files (x86)\electronic arts\shift 2 unleashed\shift2u.exe] => (Allow) C:\program files (x86)\electronic arts\shift 2 unleashed\shift2u.exe
FirewallRules: [UDP Query User{919936A6-6DD5-4476-B5E8-553A4829FD10}C:\program files (x86)\electronic arts\shift 2 unleashed\shift2u.exe] => (Allow) C:\program files (x86)\electronic arts\shift 2 unleashed\shift2u.exe
FirewallRules: [TCP Query User{52E72752-A30D-419E-87CC-476DAA3C7833}C:\utorrent\utorrent.exe] => (Allow) C:\utorrent\utorrent.exe
FirewallRules: [UDP Query User{992FD928-7CDD-456A-A087-A10480EF9CC2}C:\utorrent\utorrent.exe] => (Allow) C:\utorrent\utorrent.exe
FirewallRules: [TCP Query User{F2464349-4392-4792-BF88-24364A5FC921}G:\crysis 2 cz\bin32\crysis2.exe] => (Allow) G:\crysis 2 cz\bin32\crysis2.exe
FirewallRules: [UDP Query User{DC13C31A-1666-4465-A9E2-3C54AD7AC39D}G:\crysis 2 cz\bin32\crysis2.exe] => (Allow) G:\crysis 2 cz\bin32\crysis2.exe
FirewallRules: [{583A79D2-5B3E-4967-BED2-BB0B3FC3E721}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4DDD2E5E-FDB7-487F-88DB-ADF47D334BEE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{A99CC048-ED43-4711-A117-13B9A9BCD4E8}C:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) C:\program files\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{B220CBC7-F5DB-4DB1-B731-F6C3679B1469}C:\program files\rockstar games\grand theft auto v\gta5.exe] => (Allow) C:\program files\rockstar games\grand theft auto v\gta5.exe
FirewallRules: [{358E0612-6F55-435C-89A2-59514D8F7D60}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{1683794E-12F5-4C69-8BAC-2F8A36CE5940}] => (Allow) LPort=2869
FirewallRules: [{CE1C7665-4D8A-46B5-ABEC-56D271810BFB}] => (Allow) LPort=1900
FirewallRules: [{80D016FA-590B-4E8A-B872-C017B587D2F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [{7B7C2565-AA9A-4D83-B7F9-9CEF4773D47C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [TCP Query User{840CBE75-1778-4C4F-9769-CF8C8915BBB3}C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [UDP Query User{7FEBEEC1-2F25-4043-BDD5-81B7D4DB5D2E}C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [TCP Query User{2B89899B-72D6-4766-B816-1C9A16E0B898}C:\windows\kmsemulator.exe] => (Block) C:\windows\kmsemulator.exe
FirewallRules: [UDP Query User{066F650B-C0DD-40FA-A1C8-987CF261C18B}C:\windows\kmsemulator.exe] => (Block) C:\windows\kmsemulator.exe
FirewallRules: [{99742DFC-C329-444D-A1A7-3427FCF5603B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/15/2015 09:46:49 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (10/15/2015 04:35:50 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program mmamain.exe verze 1.5.0.41 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: 11a4

Čas spuštění: 01d106f2277eebaa

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Program Files\WindowsApps\SymantecCorporation.NortonStudio_1.5.0.41_x86__v68kp9n051hdp\mmamain.exe

ID hlášení: 7051583f-72e5-11e5-bf37-a0481c0b54dd

Úplný název chybujícího balíčku: SymantecCorporation.NortonStudio_1.5.0.41_x86__v68kp9n051hdp

ID aplikace související s chybujícím balíčkem: App

Error: (10/15/2015 04:35:46 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: MAREK)
Description: Aplikace SymantecCorporation.NortonStudio_1.5.0.41_x86__v68kp9n051hdp+App se nespustila ve stanovenou dobu.

Error: (10/15/2015 03:18:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: BlueSoleilCS.exe, verze: 11.0.738.0, časové razítko: 0x51b135d8
Název chybujícího modulu: tl_filter.dll, verze: 0.0.0.0, časové razítko: 0x519ec946
Kód výjimky: 0xc0000094
Posun chyby: 0x0000d53d
ID chybujícího procesu: 0x684
Čas spuštění chybující aplikace: 0xBlueSoleilCS.exe0
Cesta k chybující aplikaci: BlueSoleilCS.exe1
Cesta k chybujícímu modulu: BlueSoleilCS.exe2
ID zprávy: BlueSoleilCS.exe3
Úplný název chybujícího balíčku: BlueSoleilCS.exe4
ID aplikace související s chybujícím balíčkem: BlueSoleilCS.exe5

Error: (10/14/2015 04:34:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: BlueSoleilCS.exe, verze: 11.0.738.0, časové razítko: 0x51b135d8
Název chybujícího modulu: tl_filter.dll, verze: 0.0.0.0, časové razítko: 0x519ec946
Kód výjimky: 0xc0000094
Posun chyby: 0x0000d53d
ID chybujícího procesu: 0x670
Čas spuštění chybující aplikace: 0xBlueSoleilCS.exe0
Cesta k chybující aplikaci: BlueSoleilCS.exe1
Cesta k chybujícímu modulu: BlueSoleilCS.exe2
ID zprávy: BlueSoleilCS.exe3
Úplný název chybujícího balíčku: BlueSoleilCS.exe4
ID aplikace související s chybujícím balíčkem: BlueSoleilCS.exe5

Error: (10/14/2015 04:11:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: BlueSoleilCS.exe, verze: 11.0.738.0, časové razítko: 0x51b135d8
Název chybujícího modulu: tl_filter.dll, verze: 0.0.0.0, časové razítko: 0x519ec946
Kód výjimky: 0xc0000094
Posun chyby: 0x0000d53d
ID chybujícího procesu: 0xc58
Čas spuštění chybující aplikace: 0xBlueSoleilCS.exe0
Cesta k chybující aplikaci: BlueSoleilCS.exe1
Cesta k chybujícímu modulu: BlueSoleilCS.exe2
ID zprávy: BlueSoleilCS.exe3
Úplný název chybujícího balíčku: BlueSoleilCS.exe4
ID aplikace související s chybujícím balíčkem: BlueSoleilCS.exe5

Error: (10/14/2015 04:11:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: Explorer.EXE, verze: 6.3.9600.17667, časové razítko: 0x54c6f7c2
Název chybujícího modulu: combase.dll, verze: 6.3.9600.17415, časové razítko: 0x545044f9
Kód výjimky: 0xc0000005
Posun chyby: 0x000000000003a02f
ID chybujícího procesu: 0xdec
Čas spuštění chybující aplikace: 0xExplorer.EXE0
Cesta k chybující aplikaci: Explorer.EXE1
Cesta k chybujícímu modulu: Explorer.EXE2
ID zprávy: Explorer.EXE3
Úplný název chybujícího balíčku: Explorer.EXE4
ID aplikace související s chybujícím balíčkem: Explorer.EXE5

Error: (10/14/2015 04:11:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: BlueSoleilCS.exe, verze: 11.0.738.0, časové razítko: 0x51b135d8
Název chybujícího modulu: tl_filter.dll, verze: 0.0.0.0, časové razítko: 0x519ec946
Kód výjimky: 0xc0000094
Posun chyby: 0x0000d53d
ID chybujícího procesu: 0x1054
Čas spuštění chybující aplikace: 0xBlueSoleilCS.exe0
Cesta k chybující aplikaci: BlueSoleilCS.exe1
Cesta k chybujícímu modulu: BlueSoleilCS.exe2
ID zprávy: BlueSoleilCS.exe3
Úplný název chybujícího balíčku: BlueSoleilCS.exe4
ID aplikace související s chybujícím balíčkem: BlueSoleilCS.exe5

Error: (10/14/2015 04:10:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: BlueSoleilCS.exe, verze: 11.0.738.0, časové razítko: 0x51b135d8
Název chybujícího modulu: tl_filter.dll, verze: 0.0.0.0, časové razítko: 0x519ec946
Kód výjimky: 0xc0000094
Posun chyby: 0x0000d53d
ID chybujícího procesu: 0x1428
Čas spuštění chybující aplikace: 0xBlueSoleilCS.exe0
Cesta k chybující aplikaci: BlueSoleilCS.exe1
Cesta k chybujícímu modulu: BlueSoleilCS.exe2
ID zprávy: BlueSoleilCS.exe3
Úplný název chybujícího balíčku: BlueSoleilCS.exe4
ID aplikace související s chybujícím balíčkem: BlueSoleilCS.exe5

Error: (10/14/2015 04:08:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: BlueSoleilCS.exe, verze: 11.0.738.0, časové razítko: 0x51b135d8
Název chybujícího modulu: tl_filter.dll, verze: 0.0.0.0, časové razítko: 0x519ec946
Kód výjimky: 0xc0000094
Posun chyby: 0x0000d53d
ID chybujícího procesu: 0x18b4
Čas spuštění chybující aplikace: 0xBlueSoleilCS.exe0
Cesta k chybující aplikaci: BlueSoleilCS.exe1
Cesta k chybujícímu modulu: BlueSoleilCS.exe2
ID zprávy: BlueSoleilCS.exe3
Úplný název chybujícího balíčku: BlueSoleilCS.exe4
ID aplikace související s chybujícím balíčkem: BlueSoleilCS.exe5


System errors:
=============
Error: (10/15/2015 05:06:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba CyberLink PowerDVD 12 Media Server Service byla neočekávaně ukončena. Tento stav nastal již 5krát.

Error: (10/15/2015 10:16:44 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba CyberLink PowerDVD 12 Media Server Service byla neočekávaně ukončena. Tento stav nastal již 4krát.

Error: (10/15/2015 08:03:16 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba CyberLink PowerDVD 12 Media Server Service byla neočekávaně ukončena. Tento stav nastal již 3krát.

Error: (10/15/2015 06:46:39 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba CyberLink PowerDVD 12 Media Server Service byla neočekávaně ukončena. Tento stav nastal již 2krát.

Error: (10/15/2015 04:46:54 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba CyberLink PowerDVD 12 Media Server Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (10/15/2015 03:18:20 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba BlueSoleilCS byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (10/15/2015 03:17:25 AM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT AUTHORITY)
Description: Byl spuštěn systémový časovač sledovacího zařízení.

Error: (10/14/2015 07:28:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba CyberLink PowerDVD 12 Media Server Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (10/14/2015 04:34:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba BlueSoleilCS byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (10/14/2015 04:29:56 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Správce služeb se pokusil o opravnou akci (Restartovat službu) po nečekaném ukončení služby Windows Search, ale tato akce selhala kvůli následující chybě:
%%1056


CodeIntegrity:
===================================
Date: 2015-08-17 15:59:35.517
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-13 17:19:38.831
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-13 17:19:38.052
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-13 17:13:09.249
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-13 17:13:08.749
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-11 20:32:51.093
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-11 16:59:10.161
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-09 20:59:53.383
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-08 17:24:00.791
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-07-31 19:45:14.590
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: AMD A6-5200 APU with Radeon(TM) HD Graphics
Percentage of memory in use: 21%
Total physical RAM: 7642.26 MB
Available physical RAM: 5962.18 MB
Total Virtual: 14810.26 MB
Available Virtual: 12263.66 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:912 GB) (Free:351.97 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:18.3 GB) (Free:1.85 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 376AE2FD)

Partition: GPT.

==================== End of Addition.txt ============================

Proc nepouzivate antivir? Jednu nepeknou breberku tam mate.


Pokud sosopa.exe znate, nechame jej byt (nedari se mi o tomto souboru cokoliv najit).

• Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
• ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
• znovu spustte FRST a kliknete na Fix
• po restartu bude na plose ulozen fixlog, jehoz obsah vlozte do pristi odpovedi

  Kód: Vybrat vše

  Start
  CreateRestorePoint:
  CloseProcesses:
  File: C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\beja.vbs
  HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
  HKU\S-1-5-21-3667591875-3836627966-1938915227-1002\...\Run: [Facebook Update] => C:\Users\Marek\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-10-22] (Facebook Inc.)
  HKU\S-1-5-21-3667591875-3836627966-1938915227-1002\...\Run: [Google Update] => C:\Users\Marek\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.)
  HKU\S-1-5-21-3667591875-3836627966-1938915227-1002\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5583120 2015-02-27] (Disc Soft Ltd)
  HKU\S-1-5-21-3667591875-3836627966-1938915227-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd)
  HKU\S-1-5-21-3667591875-3836627966-1938915227-1002\...\Run: [Dropbox Update] => C:\Users\Marek\AppData\Local\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-25] (Dropbox, Inc.)
  HKU\S-1-5-21-3667591875-3836627966-1938915227-1002\...\Run: [beja] => wscript.exe //B "C:\Users\Marek\AppData\Local\Temp\beja.vbs" <===== ATTENTION
  HKU\S-1-5-21-3667591875-3836627966-1938915227-1002\...\MountPoints2: {14fa8d7b-ffa0-11e4-befc-a0481c0b54dd} - "F:\setup.exe"
  HKU\S-1-5-21-3667591875-3836627966-1938915227-1002\...\MountPoints2: {1e7b9674-34fc-11e4-bea5-a0481c0b54dd} - "F:\Setup.exe"
  HKU\S-1-5-21-3667591875-3836627966-1938915227-1002\...\MountPoints2: {3dc6cd56-aecb-11e4-bed1-a0481c0b54dd} - "G:\setup.exe"
  HKU\S-1-5-21-3667591875-3836627966-1938915227-1002\...\MountPoints2: {3dc6cd8d-aecb-11e4-bed1-a0481c0b54dd} - "G:\setup.exe"
  HKU\S-1-5-21-3667591875-3836627966-1938915227-1002\...\MountPoints2: {58eeca03-4d9e-11e5-bf29-a0481c0b54dd} - "F:\setup.exe" 
  ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
  ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
  ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
  ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
  ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
  ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
  ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
  Startup: C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\beja.vbs [2015-10-08] ()
  2015-09-27 17:54 - 2015-10-15 03:19 - 00003756 _____ C:\WINDOWS\System32\Tasks\AutoKMS
  Task: {722B01DD-411F-4F82-9B09-07CBBCFC71D8} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe [2015-08-31] ()
  Task: {A6F6CD3E-AE38-4DEB-B7FC-BFEE1FCA70E8} - System32\Tasks\{591A1263-B969-4D9C-9D44-F135AAF3919F} => pcalua.exe -a "C:\Program Files (x86)\Xilisoft\AVI to DVD Converter\Uninstall.exe"
  Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3667591875-3836627966-1938915227-1002Core.job => C:\Users\Marek\AppData\Local\Dropbox\Update\DropboxUpdate.exe
  Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3667591875-3836627966-1938915227-1002Core.job => C:\Users\Marek\AppData\Local\Facebook\Update\FacebookUpdate.exe
  Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3667591875-3836627966-1938915227-1002Core.job => C:\Users\Marek\AppData\Local\Google\Update\GoogleUpdate.exe
  Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3667591875-3836627966-1938915227-1002Core1d0791bc7afe311.job => C:\Users\Marek\AppData\Local\Google\Update\GoogleUpdate.exe
  Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3667591875-3836627966-1938915227-1002Core1d08f36ff8454c7.job => C:\Users\Marek\AppData\Local\Google\Update\GoogleUpdate.exe
  Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3667591875-3836627966-1938915227-1002Core1d0bf82c13d83bc.job => C:\Users\Marek\AppData\Local\Google\Update\GoogleUpdate.exe
  Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3667591875-3836627966-1938915227-1002Core1d0e2f75b5b3dbf.job => C:\Users\Marek\AppData\Local\Google\Update\GoogleUpdate.exe
  Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3667591875-3836627966-1938915227-1002Core1d0f0aa35a8cc3e.job => C:\Users\Marek\AppData\Local\Google\Update\GoogleUpdate.exe
  AlternateDataStreams: C:\ProgramData\Temp:8927A071
  Hosts:
  EmptyTemp:
  End

1. Děkuji za připomenutí na ten jsem úplně zapomněl

2. sosopa.exe - má změněn název (je to keylogger)

fixlog

Fix result of Farbar Recovery Scan Tool (x64) Version:14-10-2015 01
Ran by Marek (2015-10-15 19:35:28) Run:1
Running from C:\Users\Marek\Desktop
Loaded Profiles: Marek (Available Profiles: Marek)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
File: C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\beja.vbs
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKU\S-1-5-21-3667591875-3836627966-1938915227-1002\...\Run: [Facebook Update] => C:\Users\Marek\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-10-22] (Facebook Inc.)
HKU\S-1-5-21-3667591875-3836627966-1938915227-1002\...\Run: [Google Update] => C:\Users\Marek\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.)
HKU\S-1-5-21-3667591875-3836627966-1938915227-1002\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5583120 2015-02-27] (Disc Soft Ltd)
HKU\S-1-5-21-3667591875-3836627966-1938915227-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd)
HKU\S-1-5-21-3667591875-3836627966-1938915227-1002\...\Run: [Dropbox Update] => C:\Users\Marek\AppData\Local\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-25] (Dropbox, Inc.)
HKU\S-1-5-21-3667591875-3836627966-1938915227-1002\...\Run: [beja] => wscript.exe //B "C:\Users\Marek\AppData\Local\Temp\beja.vbs" <===== ATTENTION
HKU\S-1-5-21-3667591875-3836627966-1938915227-1002\...\MountPoints2: {14fa8d7b-ffa0-11e4-befc-a0481c0b54dd} - "F:\setup.exe"
HKU\S-1-5-21-3667591875-3836627966-1938915227-1002\...\MountPoints2: {1e7b9674-34fc-11e4-bea5-a0481c0b54dd} - "F:\Setup.exe"
HKU\S-1-5-21-3667591875-3836627966-1938915227-1002\...\MountPoints2: {3dc6cd56-aecb-11e4-bed1-a0481c0b54dd} - "G:\setup.exe"
HKU\S-1-5-21-3667591875-3836627966-1938915227-1002\...\MountPoints2: {3dc6cd8d-aecb-11e4-bed1-a0481c0b54dd} - "G:\setup.exe"
HKU\S-1-5-21-3667591875-3836627966-1938915227-1002\...\MountPoints2: {58eeca03-4d9e-11e5-bf29-a0481c0b54dd} - "F:\setup.exe"
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
Startup: C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\beja.vbs [2015-10-08] ()
2015-09-27 17:54 - 2015-10-15 03:19 - 00003756 _____ C:\WINDOWS\System32\Tasks\AutoKMS
Task: {722B01DD-411F-4F82-9B09-07CBBCFC71D8} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe [2015-08-31] ()
Task: {A6F6CD3E-AE38-4DEB-B7FC-BFEE1FCA70E8} - System32\Tasks\{591A1263-B969-4D9C-9D44-F135AAF3919F} => pcalua.exe -a "C:\Program Files (x86)\Xilisoft\AVI to DVD Converter\Uninstall.exe"
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3667591875-3836627966-1938915227-1002Core.job => C:\Users\Marek\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3667591875-3836627966-1938915227-1002Core.job => C:\Users\Marek\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3667591875-3836627966-1938915227-1002Core.job => C:\Users\Marek\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3667591875-3836627966-1938915227-1002Core1d0791bc7afe311.job => C:\Users\Marek\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3667591875-3836627966-1938915227-1002Core1d08f36ff8454c7.job => C:\Users\Marek\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3667591875-3836627966-1938915227-1002Core1d0bf82c13d83bc.job => C:\Users\Marek\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3667591875-3836627966-1938915227-1002Core1d0e2f75b5b3dbf.job => C:\Users\Marek\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3667591875-3836627966-1938915227-1002Core1d0f0aa35a8cc3e.job => C:\Users\Marek\AppData\Local\Google\Update\GoogleUpdate.exe
AlternateDataStreams: C:\ProgramData\Temp:8927A071
Hosts:
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.

========================= File: C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\beja.vbs ========================

File not signed
MD5: 471D9E7528E16FEB829406538F1A6CEC
Creation and modification date: 2015-10-08 18:03 - 2015-10-08 17:11
Size: 0045269
Attributes: --ASH
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:

====== End of File: ======

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\BCSSync => value removed successfully
HKU\S-1-5-21-3667591875-3836627966-1938915227-1002\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update => value removed successfully
HKU\S-1-5-21-3667591875-3836627966-1938915227-1002\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update => value removed successfully
HKU\S-1-5-21-3667591875-3836627966-1938915227-1002\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite => value removed successfully
HKU\S-1-5-21-3667591875-3836627966-1938915227-1002\Software\Microsoft\Windows\CurrentVersion\Run\\CCleaner Monitoring => value removed successfully
HKU\S-1-5-21-3667591875-3836627966-1938915227-1002\Software\Microsoft\Windows\CurrentVersion\Run\\Dropbox Update => value removed successfully
HKU\S-1-5-21-3667591875-3836627966-1938915227-1002\Software\Microsoft\Windows\CurrentVersion\Run\\beja => value removed successfully
"HKU\S-1-5-21-3667591875-3836627966-1938915227-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{14fa8d7b-ffa0-11e4-befc-a0481c0b54dd}" => key removed successfully
HKCR\CLSID\{14fa8d7b-ffa0-11e4-befc-a0481c0b54dd} => key not found.
"HKU\S-1-5-21-3667591875-3836627966-1938915227-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e7b9674-34fc-11e4-bea5-a0481c0b54dd}" => key removed successfully
HKCR\CLSID\{1e7b9674-34fc-11e4-bea5-a0481c0b54dd} => key not found.
"HKU\S-1-5-21-3667591875-3836627966-1938915227-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3dc6cd56-aecb-11e4-bed1-a0481c0b54dd}" => key removed successfully
HKCR\CLSID\{3dc6cd56-aecb-11e4-bed1-a0481c0b54dd} => key not found.
"HKU\S-1-5-21-3667591875-3836627966-1938915227-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3dc6cd8d-aecb-11e4-bed1-a0481c0b54dd}" => key removed successfully
HKCR\CLSID\{3dc6cd8d-aecb-11e4-bed1-a0481c0b54dd} => key not found.
"HKU\S-1-5-21-3667591875-3836627966-1938915227-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{58eeca03-4d9e-11e5-bf29-a0481c0b54dd}" => key removed successfully
HKCR\CLSID\{58eeca03-4d9e-11e5-bf29-a0481c0b54dd} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found.
C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\beja.vbs => moved successfully
C:\WINDOWS\System32\Tasks\AutoKMS => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{722B01DD-411F-4F82-9B09-07CBBCFC71D8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{722B01DD-411F-4F82-9B09-07CBBCFC71D8}" => key removed successfully
C:\WINDOWS\System32\Tasks\AutoKMS => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A6F6CD3E-AE38-4DEB-B7FC-BFEE1FCA70E8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A6F6CD3E-AE38-4DEB-B7FC-BFEE1FCA70E8}" => key removed successfully
C:\WINDOWS\System32\Tasks\{591A1263-B969-4D9C-9D44-F135AAF3919F} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{591A1263-B969-4D9C-9D44-F135AAF3919F}" => key removed successfully
C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3667591875-3836627966-1938915227-1002Core.job => moved successfully
C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3667591875-3836627966-1938915227-1002Core.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3667591875-3836627966-1938915227-1002Core.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3667591875-3836627966-1938915227-1002Core1d0791bc7afe311.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3667591875-3836627966-1938915227-1002Core1d08f36ff8454c7.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3667591875-3836627966-1938915227-1002Core1d0bf82c13d83bc.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3667591875-3836627966-1938915227-1002Core1d0e2f75b5b3dbf.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3667591875-3836627966-1938915227-1002Core1d0f0aa35a8cc3e.job => moved successfully
C:\ProgramData\Temp => ":8927A071" ADS removed successfully.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 1.2 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 19:36:49 ====

Doufam, ze vite, co s tim keyloggerem delate...

• Stahnete a spustte DelFix - https://toolslib.net/downloads/viewdownload/2-delfix/
• Oznacte jen moznost "Remove disinfection tools"
• kliknete na Run

A pokud nejsou dotazy ci jine problemy, je to ode mne vse.

No poslední dobou nic a děkuji moc

Nemate zac, rad jsem pomohl


Mejte se krasne a treba zase nekdy