nevim jestli vir

[pepinojablo]

Dobrý den přeji trápim se se stim už par dní, najednou mi hlasi že mám nelagal win, přitomam legal, ano našel jsem crack, že mi je dede, jenže mi ne nefacha zvukovka. Mám problém, nefunguje mi dvd mechanika a zkoušel jsem snad vše co se dalo. Moc prosím o radu

[Márty84]

Zdravim

Jelikoz vesteni z kristalove koule mame zatim jen v rezimu testovani, dejte nejprve log z RSIT (pripadne RSITx64) http://forum.viry.cz/viewtopic.php?f=13&t=130786

[pepinojablo]

Logfile of random's system information tool 1.10 (written by random/random)
Run by pepa at 2015-01-09 18:09:57
WIN_7
System drive C: has 190 MB (0%) free of 82 GB
Total RAM: 2816 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:09:58, on 9.1.2015
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Free Download Manager\fdm.exe
C:\Downloads\Software\RSIT.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\pepa.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.daum.net/search?nil_profi ... de=ms&q=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8555;https=127.0.0.1:8555
O2 - BHO: (no name) - {036451d5-97b6-4882-a0cb-0f3b6de4df8d} - (no file)
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')
O4 - HKUS\S-1-5-21-3212254682-2827306355-880076791-1000\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun (User '?')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Stáhnout FDM - file://C:\Program Files (x86)\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout video FDM - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Stáhnout vybrané FDM - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše FDM - file://C:\Program Files (x86)\Free Download Manager\dlall.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: (no name) - {537675de-6231-4c94-a204-c14207cd8f6f} - (no file)
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\pepa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{1902284B-32DE-48D2-B015-C6172693EA55}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe (file missing)
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\Windows\system32\AstSrv.exe
O23 - Service: HauppaugeTVServer - Unknown owner - C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe (file missing)
O23 - Service: Hotspot Shield Service (hshld) - AnchorFree Inc. - C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Service KMSELDI - Unknown owner - C:\Program Files\KMSpico\Service_KMS.exe
O23 - Service: Seagate Scheduler2 Service (SgtSch2Svc) - Unknown owner - C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)

--
End of file - 8266 bytes

======Scheduled tasks folder======

C:\Windows\tasks\ABSIIDH.job - C:\Users\pepa\AppData\Roaming\ABSIIDH.exe /infocmdline=uNIw/7i1VEd6w19X60Cn5tbfb9zsX2wawie/oFV3lk2btelWDPPHRXW+uBLX+h9L3H0+BMBgXOiRz5amer1CKhD/KGI0nXWYIyOXIaf/Kv3/Ou4ZQlL8XFuPoK3SpkCe4bwD3tAI4JKFJS+4YXTmMBWZcWofdCCv02AnIRB7Hzo99ALzIXM2TKkuccF3tV2NB3X711QyDnJTXN9fE7W1u4H8bCekkjZZ3+62Aj72x02fuJQfsJz/knlIG+Xfig+EYvdQbMcT3vaFpThHn43+9E4RKDb8Wf5jul5vAKCv90k7lcwqqXI2G4GJ9Tc6Yms/QSPwp39bTaFnuzy3ctsKo2/gWuGoHxDRMmrd4oxlmlNU1/hhsrW3LleiqfSX/IPu1tUfrHI0fw49uXIpGIr3zqnTaYH2r8jsW3d9ByLN6ZLfxIAxlpahgRFG2Z/A5SdZmK63OWAWhCN5LUKa+YfStLXm7kF5uZCL3i6USOca5TnigVx5UOFBzHclze4gt8jp
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\BFF.job - C:\Users\pepa\AppData\Roaming\BFF.exe /infocmdline=KcrGZKHoR3YG9NE/n5u421vq0vywQGdoSPK0kx+AEdW8u0oyUbwjLxiENldX0qJnOKFVfvYzm6fjn5gOpe+OLFbAqEfav8IuMNnTAQ1BOyBOk3c2T8SDgxjNkxfBwtj9j6TnrL0170BDbxE9sYkhvRenA1kGLFWFvRkPYrxvXre+BfxqXk2K5IWnT/0l0Y0j15dY6Z17eXPadJ9l0iwmQqOKW2cXP10r2R/XHDnoZcLkzENVKighwzEP3qlQh7OUf/WHl9T6MhyBCBqk3C2hWCh8A/SwnawybU55Fb3jT8u1hfEQGJCMMcbo5oVwHwvP6e9ij6w+akWW1Piw0nvmSZjm+jmWFPKKljUD0Jss3/kyKHoIAHfi+l/bQBARmvMdftUVgm4+kZg2lbCvXSfej0Qrp9ADSBgpg7GHo0wlz5piiyIhQOnH5Z/Ftwa15e1kOdSdXH/tdBq+T/HDONJmStWJSRir4CCx5tvlXPWdu2uXPiI//fkGKG/qbwQAC3Fo
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3212254682-2827306355-880076791-1000Core.job - C:\Users\pepa\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3212254682-2827306355-880076791-1000UA.job - C:\Users\pepa\AppData\Local\Facebook\Update\FacebookUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\GUYGPP.job - C:\Users\pepa\AppData\Roaming\GUYGPP.exe /infocmdline=iS4sn+PAwquFzE66ImWBRPn5gXsIuHyl6wDklVN9Wa1BngyS/J3a3yYcvQqMYdqy8qRsdEFLC7IFPmjl/AqKBOC+8MQCNP2fM8FH0EEx0lC4NXpqi0UTzC6amrMd3nplzvtBSglEQINg1EtPcsbg7y+V3IIAEZ7d3FuggRT3YoFwQEnhLr1TtP4hkGYFhSGWe1tKoPjbqCNZ9h//JTZIvAYuD/I3Jp9ouJy9HK6pymJtkGo4SryimjbKBqveAtrhGo1zv33Vw3Mh+wJbsau4UfqbvTsAmunDztao62V4OmQgY+EsLMrbYb2mKAD6kBK5uIH7TxxpyejmRLtQSB6UUi4yD8C2jEWFx2n+8YLun2Hxn6CxnGsdjCds9TkxTGWFXrxaTAv4cnbOKWlFaqxh2+Lic2iwn8zyvJ5s4qV4h28zHYqxKo4wkIrm+3f1rWwZ/hVANp2hsfBMiyZFqkcRaWEda/nbfHOdXL2Vu7WhAidFywVUC1YX+iCoiXig66CB
C:\Windows\tasks\LRLWM.job - C:\Users\pepa\AppData\Roaming\LRLWM.exe /infocmdline=wm03ALV1mgPGbfWDk7WN9CtQ7lk6hyyCqSa2jViRvisqMSXd3zDZD4Md0s41I06qL8v49OLYi0+kyxgGFkzQKxNOBmsuvAnKmOz4mNEDzuEHZppt4qgPymQ1aefIsL8zwuOyH9PFWRwShloQMjTC9gidAFI/EGDe0H7n/8RvyfthwFgzYz+3OKIwYsF5oZ19whQVJJUgiawpAPSDHURiRBfCgUhTpxAbe8pxXqTYX7jWBgTgDoKMrvtFRtQv2rChO18+0k/K4yBwXqpKfKCEmeH4Xex1MSNKnAfqhny8t7lA4IVPVdczBzMSZgpS/4VOriLRXPuszeiYNtBQiWUo3hfzBDjhvz1FEzvUNIu/NxJpOwyBpbhK0ifIcUBjl9J2acDzh2VA7yhfJj81tf5U+ex9M1cCmPk2affEL7oscOjKvLfWSgd4ByQZAaXFsesr10bwNDD+8dQYyNI0vuRvNunzJg6Xp4KRBgwSZI0Wmxn9MvyBmeixQbaGEfx8vgM1
C:\Windows\tasks\Open Chrome.job - c:\program files (x86)\Google\Chrome\Application\chrome.exe --new-window
C:\Windows\tasks\ReclaimerUpdateFiles_pepa.job - C:\Users\pepa\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe /UpdateFiles
C:\Windows\tasks\ReclaimerUpdateXML_pepa.job - C:\Users\pepa\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe /UpdateXML
C:\Windows\tasks\RG.job - C:\Users\pepa\AppData\Roaming\RG.exe /infocmdline=UNXXqOyB3Bu7HGZh7vH00gsjnRxINJIB1lGmACkliK9+yihgWJDgglv2BYfcP71/DbHv7Bp4k15uOfVFw91gpxsmJt1bjFoWPwY1bHq34Qp6NNc4ASMeLGCQto+dNsxLtRmV8KKSQlIUFxpjXd96AEcN0IGXM+UkjWL5xzLfKTko05PY/RrhVurED6KMyChZHUhULbBtMrSJTDvQPZIuLn1ZKDRC7YS0Xijs4uPGfDouXtAh6lY6v25VDMWRPuaHKN4MhXdKZYiaNZ4q8Paj0RAg1qj6rmOcCgJKqegfF4k73VHjeHyBmLlUjp+o4/FjUSJlD+BYicB4eKVnQtTKbBsYzjCe/kAgEkjZCPtUEeh3TZVYvSmOKZkqVHRZD1oSmLSEBEdodg/nUCnvNUiygwcjoI/fEa30qtZxuCyR64MW8bZUapF11eV/D4w5z2QcYgL6kn6g8BrGzrHCq0Lwwa8XyAYc/CJo7xkpyyvg5AFw6wCZez7tb2uw7EFi+WHZ
C:\Windows\tasks\RNUpgradeHelperLogonPrompt_pepa.job - C:\Users\pepa\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe /prompt os_boot
C:\Windows\tasks\SmartDefrag.job - C:\Program Files (x86)\IObit\IObit SmartDefrag\IObit SmartDefrag.exe /Schedule
C:\Windows\tasks\UQUIIBY.job - C:\Users\pepa\AppData\Roaming\UQUIIBY.exe /infocmdline=xK0X+CCG7i16utjdLZzrf6W4DyTUt4bYhPv0eEbOB619ayPNGlupIVJ0Pq2Mh7LtxiRVaafSrKt1H9WmKPKC20BNDaze03LXZTdf5QgBJF7AZJ0Ov7xzottGhr2NrDrN2Jv4Kzff6g2puW2z6gUvicReYug+ElyX814D7EfPdyKMPNMIdCOGvF/d/Cy1jdaq1M4sGWttDW3R/2uXPpk2Tm1OnKMWEtQsbj8h9SN7wIh9GxxBWqmizcyDBcWb+1s1m1MJTE7o9ax0ak6rYfL4go1sAFVGwMTItu7chRFUelcwbLBOXg/jUM4TKDKMxFOP+ZGOtKJlwXZme1BT00+jHIx9Lb6tEiabZydB7lzlegcF4T6iik3AOWTIYO+Eljt9Q1MRrCCinOVoRYSlhf0xZk5wX0PfJUsxdyBgmTW1pJTeSbQ3paUtKm4O3C+GYuD5yx3t1ZSshBRf/eNHA3wk+/WMef6rXwkw8i7M85iYXqcT1djOSwmsy8sstEdhyGKsqA5POcZgiGcz88A0D/owDv2EW28VYmjIYUpcNAfwwBd8A7nOqSIXtDw3Vqe0JeZHQr6Yp/Ves+OqMM8587Ryv2iCkwpevi6rrr9x9A4crcJfU6S+2xTNAyYBSdpWy9qW1vh9vSUNyhCrdLSjq0PfHww9PoW/hIZdMw4hjfXxM70=

=========Mozilla firefox=========

ProfilePath - C:\Users\pepa\AppData\Roaming\Mozilla\Firefox\Profiles\tnoas01y.default

prefs.js - "browser.search.useDBForOrder" - false
prefs.js - "browser.startup.homepage" - "https://mysearch.avg.com?cid={62906999- ... 2014-09-06 11:42:27&v=18.1.9.786&pid=safeguard&sg=&sap=hp"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26, {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29, fdm_ffext@freedownloadmanager.org:1.6.0.6, radiobar@toolbar:1.0.0, {003D3EDC-99B9-4a34-9C20-60CB94F7E829}:2010.03, {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.2, videosurf_enhanced@videosurf.com:0.79, {33e0daa6-3af3-d8b5-6752-10e949c61516}:1.1, 50d25b3645cef@50d25b3645d29.com:2, {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.01, {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.3, {f65af8e3-60ed-4a06-9699-c361e87a3f01}:2.7, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.26"
prefs.js - "keyword.URL" - ""

"50d25b3645cef@50d25b3645d29.com"=C:\Users\pepa\AppData\Roaming\Mozilla\Firefox\Profiles\tnoas01y.default\extensions\50d25b3645cef@50d25b3645d29.com


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 15.0.0.246 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0]
"Description"=DivX® Player Plugin for VOD Content
"Path"=C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0]
"Description"=DivX Web Player
"Path"=C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.45.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669]
"Description"=RealJukebox Netscape Plugin
"Path"=c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669]
"Description"=RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In
"Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669]
"Description"=RealPlayer(tm) HTML5VideoShim Plug-In
"Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669]
"Description"=12.0.1.669
"Path"=c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=1.0.0]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=1.1.10]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browser.xpt
browsercomps.dll
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nppl3260.xpt
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsjsrealplayerplugin.xpt
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js

C:\Program Files (x86)\Mozilla Firefox\plugins\
npnul32.dll
nppl3260.dll
nprjplug.dll
nprpjplug.dll

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
yahoo.xml

C:\Users\pepa\AppData\Roaming\Mozilla\Firefox\Profiles\tnoas01y.default\extensions\
50d25b3645cef@50d25b3645d29.com
radiobar@toolbar
videosurf_enhanced@videosurf.com
{003D3EDC-99B9-4a34-9C20-60CB94F7E829}
{1018e4d6-728f-4b20-ad56-37578a4de76b}
{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
{e968fc70-8f95-4ab9-9e79-304de2a71ee1}

C:\Users\pepa\AppData\Roaming\Mozilla\Firefox\Profiles\tnoas01y.default\searchplugins\
firmycz.xml
inbox-hledn.xml
mapycz.xml
zbocz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{036451d5-97b6-4882-a0cb-0f3b6de4df8d}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\ProgramData\LangSoft\WebIE.dll [2011-01-28 798771]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
Free Download Manager - C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2013-10-25 365056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-12-15 171944]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-08-27 22041192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoWindowsUpdate"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"ForceActiveDesktopOn"=0
"NoActiveDesktopChanges"=0
"NoResolveTrack"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.cvid"=iccvid.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux2"=wdmaud.drv
"VIDC.FPS1"=frapsvid.dll
"msacm.lhacm"=lhacm.acm
"vidc.DIVX"=DivX.dll
"vidc.yv12"=DivX.dll
"wave5"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux3"=wdmaud.drv
"wave6"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux4"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave4"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux5"=wdmaud.drv
"wave7"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer7"=wdmaud.drv
"aux6"=wdmaud.drv
"wave8"=wdmaud.drv
"mixer8"=wdmaud.drv
"wave9"=wdmaud.drv
"mixer9"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2015-01-09 07:44:04 ----A---- C:\Windows\ntbtlog.txt
2015-01-08 20:30:50 ----D---- C:\Program Files (x86)\DriverGuide Toolkit
2015-01-08 18:35:58 ----D---- C:\Windows\SysWOW64\Hotspot Shield
2015-01-08 09:18:43 ----D---- C:\Users\pepa\AppData\Roaming\QuickScan
2015-01-08 09:15:25 ----D---- C:\Program Files (x86)\globalUpdate
2015-01-08 09:14:07 ----D---- C:\Program Files (x86)\Zrychleni Pocitace
2015-01-07 13:42:36 ----A---- C:\Windows\SysWOW64\Uninstal.exe
2015-01-07 13:29:12 ----D---- C:\Windows Activation Technologies
2015-01-07 11:24:20 ----A---- C:\Windows\SysWOW64\slmgr.vbs
2015-01-07 10:54:59 ----D---- C:\Windows\loader
2015-01-06 16:04:55 ----D---- C:\Users\pepa\AppData\Roaming\Faceless LLC
2015-01-06 14:40:51 ----D---- C:\ProgramData\Hotspot Shield
2015-01-06 14:40:38 ----D---- C:\Program Files (x86)\Hotspot Shield
2015-01-06 14:40:29 ----D---- C:\Users\pepa\AppData\Roaming\Hotspot Shield
2014-12-28 14:03:05 ----D---- C:\Program Files (x86)\34ab7eed-c1e3-43d9-8752-ff134add5231
2014-12-28 14:01:29 ----D---- C:\Program Files (x86)\Doctor PC
2014-12-28 14:00:44 ----D---- C:\Program Files (x86)\doctorpclab.com
2014-12-27 10:50:08 ----D---- C:\Users\pepa\AppData\Roaming\Softplicity

======List of files/folders modified in the last 1 month======

2015-01-09 18:08:07 ----D---- C:\Users\pepa\AppData\Roaming\Skype
2015-01-09 14:34:11 ----D---- C:\Users\pepa\AppData\Roaming\Seznam.cz
2015-01-09 07:44:04 ----AD---- C:\Windows
2015-01-09 07:39:36 ----D---- C:\Windows\ERUNT
2015-01-09 07:39:31 ----RD---- C:\Program Files (x86)
2015-01-09 07:39:30 ----D---- C:\Windows\Temp
2015-01-09 07:39:30 ----D---- C:\Windows\Tasks
2015-01-09 07:39:30 ----D---- C:\Windows\SysWOW64
2015-01-09 02:23:08 ----HD---- C:\Program Files (x86)\Temp
2015-01-08 20:35:40 ----D---- C:\Downloads
2015-01-08 18:37:18 ----D---- C:\Windows\System32
2015-01-08 18:35:02 ----D---- C:\DriveKey
2015-01-08 18:30:46 ----RD---- C:\Program Files
2015-01-08 11:11:20 ----D---- C:\Windows\pss
2015-01-08 09:15:41 ----D---- C:\Program Files (x86)\3D Live Pool
2015-01-08 03:43:40 ----D---- C:\Windows\Prefetch
2015-01-07 10:18:48 ----D---- C:\Windows\SysWOW64\cs-CZ
2015-01-07 08:49:24 ----SHD---- C:\System Volume Information
2015-01-07 08:29:34 ----D---- C:\Program Files (x86)\Opera
2015-01-07 06:24:12 ----D---- C:\Users\pepa\AppData\Roaming\DownloadNinja
2015-01-07 00:22:06 ----SHD---- C:\Windows\Installer
2015-01-07 00:21:39 ----D---- C:\ProgramData\ConMet
2015-01-07 00:20:06 ----D---- C:\Users\pepa\AppData\Roaming\ConMet
2015-01-06 16:28:43 ----D---- C:\Windows\Microsoft.NET
2015-01-06 15:33:29 ----D---- C:\Windows\inf
2015-01-06 15:13:24 ----D---- C:\ProgramData\Package Cache
2015-01-06 15:06:16 ----D---- C:\Windows\SysWOW64\en-US
2015-01-06 14:40:51 ----AHD---- C:\ProgramData
2015-01-04 14:26:04 ----SHD---- C:\Windows\SysWOW64\AI_RecycleBin
2015-01-04 14:26:00 ----RSD---- C:\Windows\assembly
2015-01-02 03:47:41 ----D---- C:\Users\pepa\AppData\Roaming\vlc
2015-01-01 18:49:42 ----D---- C:\Users\pepa\AppData\Roaming\dvdcss
2014-12-29 13:09:00 ----D---- C:\Users\pepa\AppData\Roaming\TS3Client
2014-12-28 21:55:58 ----D---- C:\AdwCleaner
2014-12-28 19:13:35 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-28 14:03:20 ----D---- C:\Program Files (x86)\3D Online Pool
2014-12-28 13:47:31 ----D---- C:\Program Files (x86)\Seznam.cz
2014-12-23 18:33:57 ----D---- C:\Users\pepa\AppData\Roaming\TeamViewer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvstor64;nvstor64; C:\Windows\system32\DRIVERS\nvstor64.sys []
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys []
R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R0 SmartDefragDriver;SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys []
R0 speedfan;speedfan; C:\Windows\SysWOW64\speedfan.sys [2012-12-29 28664]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys []
R0 timounter;Seagate DiscWizard Image Backup Archive Explorer; C:\Windows\system32\DRIVERS\timntr.sys []
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys []
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys []
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys []
R1 HssDRV6;Hotspot Shield Routing Driver 6; C:\Windows\system32\DRIVERS\hssdrv6.sys []
R1 nltdi;nltdi; \??\C:\Program Files\NetLimiter 3\nltdi.sys [2013-06-12 87472]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R1 SCDEmu;SCDEmu; C:\Windows\SysWOW64\drivers\SCDEmu.sys []
R1 truecrypt;truecrypt; C:\Windows\System32\drivers\truecrypt.sys []
R2 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys []
R2 tifsfilter;Seagate DiscWizard FS Filter; C:\Windows\system32\DRIVERS\tifsfilt.sys []
R3 ElbyCDFL;ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [2007-02-16 40648]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 NLNdisMP;NLNdisMP; C:\Windows\system32\DRIVERS\nlndis.sys []
R3 Ph3xIB64;Philips 713x VU PCI TV Card; C:\Windows\system32\DRIVERS\Ph3xIB64.sys []
R3 tap0901;TAP-Windows Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys []
R3 taphss6;Anchorfree HSS VPN Adapter; C:\Windows\system32\DRIVERS\taphss6.sys []
R3 tapSF0901;Spotflux Virtual Network Device Driver; C:\Windows\system32\DRIVERS\tapSF0901.sys []
S3 AIDA64Driver;FinalWire AIDA64 Kernel Driver; \??\C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\kerneld.x64 []
S3 connctfy;Connectify Service; C:\Windows\system32\DRIVERS\connctfy.sys []
S3 connctfyMP;connctfyMP; C:\Windows\system32\DRIVERS\connctfy.sys []
S3 cpuz136;cpuz136; \??\C:\Users\pepa\AppData\Local\Temp\cpuz136\cpuz136_x64.sys []
S3 DrvAgent64;DrvAgent64; \??\C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS [2014-09-07 21712]
S3 DSDrv4;DSDrv4; \??\C:\PROGRA~2\DScaler\DSDrv4.sys [2005-12-18 8801]
S3 esgiguard;esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys []
S3 FlyPCI;FlyPCI; \??\C:\Windows\system32\drivers\FlyPCI.sys [2003-10-10 4134]
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files (x86)\Garena Classic\safedrv.sys []
S3 GPU-Z;GPU-Z; \??\C:\Users\pepa\AppData\Local\Temp\GPU-Z.sys []
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys []
S3 NLNdisPT;NetLimiter Ndis Protocol Service; C:\Windows\system32\DRIVERS\nlndis.sys []
S3 NTIOLib_1_0_4;NTIOLib_1_0_4; \??\C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys []
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys []
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys []
S3 ScreamBAudioSvc;ScreamBee Audio; C:\Windows\system32\drivers\ScreamingBAudio64.sys []
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys []
S3 taphss;Anchorfree HSS Adapter; C:\Windows\system32\DRIVERS\taphss.sys []
S3 teamviewervpn;TeamViewer VPN Adapter; C:\Windows\system32\DRIVERS\teamviewervpn.sys []
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys []
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys []
S3 VBoxNetFlt;VirtualBox Bridged Networking Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys []
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys []
S3 vncmirror;vncmirror; C:\Windows\system32\DRIVERS\vncmirror.sys []
S3 WinUSB;Android USB Driver; C:\Windows\system32\DRIVERS\WinUSB.sys []
S3 WISOVD;WISOVD; \??\C:\Program Files (x86)\WinISO Computing\WinISO\bin\driver\WISOVD_win7_x64.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 hshld;Hotspot Shield Service; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [2014-09-11 935208]
R2 HssWd;Hotspot Shield Monitoring Service; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [2014-05-16 430344]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2010-06-29 66872]
S2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6; C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe []
S2 astcc;AST Service; C:\Windows\system32\AstSrv.exe [2008-05-27 45056]
S2 HauppaugeTVServer;HauppaugeTVServer; C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe []
S2 MySQL;MySQL; C:\Program Files (x86)\MySQL\MySQL Server 5.1\bin\mysqld --defaults-file=C:\Program Files (x86)\MySQL\MySQL Server 5.1\my.ini MySQL []
S2 Service KMSELDI;Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [2013-10-29 571392]
S2 SgtSch2Svc;Seagate Scheduler2 Service; C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe []
S2 StarWindServiceAE;StarWind AE Service; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe []
S3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe []
S4 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2014-09-13 172344]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09 267440]
S4 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2012-07-08 51648]
S4 c2cautoupdatesvc;Skype Click to Call Updater; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-07-14 1390176]
S4 c2cpnrsvc;Skype Click to Call PNR Service; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-07-14 1767520]
S4 cbVSCService;Cobian Backup 10 Volume Shadow Copy service; C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe [2010-09-23 67584]
S4 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-07-09 104912]
S4 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 Faceless;Faceless; C:\Users\pepa\AppData\Roaming\Faceless LLC\Faceless Internet Connection\FacelessService.exe [2012-12-07 109552]
S4 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-03-24 654848]
S4 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20 107912]
S4 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20 107912]
S4 HssTrayService;Hotspot Shield Tray Service; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [2014-05-17 78512]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S4 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 51456888]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 nlsvc;NetLimiter 3 Service; C:\Program Files\NetLimiter 3\nlsvc.exe [2013-10-10 1851008]
S4 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
S4 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S4 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S4 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S4 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files (x86)\WinPcap\rpcapd.exe [2010-06-25 117264]
S4 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-04-03 315008]
S4 SpotfluxConnectionManager;Spotflux Connection Manager; C:\Program Files\Spotflux\services\SpotfluxConnectionManager.exe [2014-03-07 73216]
S4 SpotfluxUpdateService;Spotflux Update Service; C:\Program Files\Spotflux\services\SpotfluxUpdateService.exe [2014-03-07 20480]
S4 TeamViewer9;TeamViewer 9; C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2013-12-17 5341536]
S4 tvnserver;TightVNC Server; C:\Program Files\TightVNC\tvnserver.exe [2013-07-19 2179056]
S4 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 VeNCrypt;VeNCrypt; C:\Program Files (x86)\VeNCrypt-0.2.6\vencserver.exe [2006-12-11 886312]
S4 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe []

-----------------EOF-----------------

[Márty84]

Mate 64bit system. Takze potrebuji log z RSITx64 http://images.malwareremoval.com/random/RSITx64.exe

[pepinojablo]

Logfile of random's system information tool 1.10 (written by random/random)
Run by pepa at 2015-01-09 19:18:41
WIN_7
System drive C: has 182 MB (0%) free of 82 GB
Total RAM: 2816 MB (37% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:18:41, on 9.1.2015
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Free Download Manager\fdm.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\pepa.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.daum.net/search?nil_profi ... de=ms&q=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8555;https=127.0.0.1:8555
O2 - BHO: (no name) - {036451d5-97b6-4882-a0cb-0f3b6de4df8d} - (no file)
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')
O4 - HKUS\S-1-5-21-3212254682-2827306355-880076791-1000\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun (User '?')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Stáhnout FDM - file://C:\Program Files (x86)\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout video FDM - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Stáhnout vybrané FDM - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše FDM - file://C:\Program Files (x86)\Free Download Manager\dlall.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: (no name) - {537675de-6231-4c94-a204-c14207cd8f6f} - (no file)
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\pepa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{1902284B-32DE-48D2-B015-C6172693EA55}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe (file missing)
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\Windows\system32\AstSrv.exe
O23 - Service: HauppaugeTVServer - Unknown owner - C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe (file missing)
O23 - Service: Hotspot Shield Service (hshld) - AnchorFree Inc. - C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Service KMSELDI - Unknown owner - C:\Program Files\KMSpico\Service_KMS.exe
O23 - Service: Seagate Scheduler2 Service (SgtSch2Svc) - Unknown owner - C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)

--
End of file - 8267 bytes

======Listing Processes======


======Scheduled tasks folder======

C:\Windows\tasks\ABSIIDH.job - C:\Users\pepa\AppData\Roaming\ABSIIDH.exe /infocmdline=uNIw/7i1VEd6w19X60Cn5tbfb9zsX2wawie/oFV3lk2btelWDPPHRXW+uBLX+h9L3H0+BMBgXOiRz5amer1CKhD/KGI0nXWYIyOXIaf/Kv3/Ou4ZQlL8XFuPoK3SpkCe4bwD3tAI4JKFJS+4YXTmMBWZcWofdCCv02AnIRB7Hzo99ALzIXM2TKkuccF3tV2NB3X711QyDnJTXN9fE7W1u4H8bCekkjZZ3+62Aj72x02fuJQfsJz/knlIG+Xfig+EYvdQbMcT3vaFpThHn43+9E4RKDb8Wf5jul5vAKCv90k7lcwqqXI2G4GJ9Tc6Yms/QSPwp39bTaFnuzy3ctsKo2/gWuGoHxDRMmrd4oxlmlNU1/hhsrW3LleiqfSX/IPu1tUfrHI0fw49uXIpGIr3zqnTaYH2r8jsW3d9ByLN6ZLfxIAxlpahgRFG2Z/A5SdZmK63OWAWhCN5LUKa+YfStLXm7kF5uZCL3i6USOca5TnigVx5UOFBzHclze4gt8jp
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\BFF.job - C:\Users\pepa\AppData\Roaming\BFF.exe /infocmdline=KcrGZKHoR3YG9NE/n5u421vq0vywQGdoSPK0kx+AEdW8u0oyUbwjLxiENldX0qJnOKFVfvYzm6fjn5gOpe+OLFbAqEfav8IuMNnTAQ1BOyBOk3c2T8SDgxjNkxfBwtj9j6TnrL0170BDbxE9sYkhvRenA1kGLFWFvRkPYrxvXre+BfxqXk2K5IWnT/0l0Y0j15dY6Z17eXPadJ9l0iwmQqOKW2cXP10r2R/XHDnoZcLkzENVKighwzEP3qlQh7OUf/WHl9T6MhyBCBqk3C2hWCh8A/SwnawybU55Fb3jT8u1hfEQGJCMMcbo5oVwHwvP6e9ij6w+akWW1Piw0nvmSZjm+jmWFPKKljUD0Jss3/kyKHoIAHfi+l/bQBARmvMdftUVgm4+kZg2lbCvXSfej0Qrp9ADSBgpg7GHo0wlz5piiyIhQOnH5Z/Ftwa15e1kOdSdXH/tdBq+T/HDONJmStWJSRir4CCx5tvlXPWdu2uXPiI//fkGKG/qbwQAC3Fo
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3212254682-2827306355-880076791-1000Core.job - C:\Users\pepa\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3212254682-2827306355-880076791-1000UA.job - C:\Users\pepa\AppData\Local\Facebook\Update\FacebookUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\GUYGPP.job - C:\Users\pepa\AppData\Roaming\GUYGPP.exe /infocmdline=iS4sn+PAwquFzE66ImWBRPn5gXsIuHyl6wDklVN9Wa1BngyS/J3a3yYcvQqMYdqy8qRsdEFLC7IFPmjl/AqKBOC+8MQCNP2fM8FH0EEx0lC4NXpqi0UTzC6amrMd3nplzvtBSglEQINg1EtPcsbg7y+V3IIAEZ7d3FuggRT3YoFwQEnhLr1TtP4hkGYFhSGWe1tKoPjbqCNZ9h//JTZIvAYuD/I3Jp9ouJy9HK6pymJtkGo4SryimjbKBqveAtrhGo1zv33Vw3Mh+wJbsau4UfqbvTsAmunDztao62V4OmQgY+EsLMrbYb2mKAD6kBK5uIH7TxxpyejmRLtQSB6UUi4yD8C2jEWFx2n+8YLun2Hxn6CxnGsdjCds9TkxTGWFXrxaTAv4cnbOKWlFaqxh2+Lic2iwn8zyvJ5s4qV4h28zHYqxKo4wkIrm+3f1rWwZ/hVANp2hsfBMiyZFqkcRaWEda/nbfHOdXL2Vu7WhAidFywVUC1YX+iCoiXig66CB
C:\Windows\tasks\LRLWM.job - C:\Users\pepa\AppData\Roaming\LRLWM.exe /infocmdline=wm03ALV1mgPGbfWDk7WN9CtQ7lk6hyyCqSa2jViRvisqMSXd3zDZD4Md0s41I06qL8v49OLYi0+kyxgGFkzQKxNOBmsuvAnKmOz4mNEDzuEHZppt4qgPymQ1aefIsL8zwuOyH9PFWRwShloQMjTC9gidAFI/EGDe0H7n/8RvyfthwFgzYz+3OKIwYsF5oZ19whQVJJUgiawpAPSDHURiRBfCgUhTpxAbe8pxXqTYX7jWBgTgDoKMrvtFRtQv2rChO18+0k/K4yBwXqpKfKCEmeH4Xex1MSNKnAfqhny8t7lA4IVPVdczBzMSZgpS/4VOriLRXPuszeiYNtBQiWUo3hfzBDjhvz1FEzvUNIu/NxJpOwyBpbhK0ifIcUBjl9J2acDzh2VA7yhfJj81tf5U+ex9M1cCmPk2affEL7oscOjKvLfWSgd4ByQZAaXFsesr10bwNDD+8dQYyNI0vuRvNunzJg6Xp4KRBgwSZI0Wmxn9MvyBmeixQbaGEfx8vgM1
C:\Windows\tasks\Open Chrome.job - c:\program files (x86)\Google\Chrome\Application\chrome.exe --new-window
C:\Windows\tasks\ReclaimerUpdateFiles_pepa.job - C:\Users\pepa\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe /UpdateFiles
C:\Windows\tasks\ReclaimerUpdateXML_pepa.job - C:\Users\pepa\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe /UpdateXML
C:\Windows\tasks\RG.job - C:\Users\pepa\AppData\Roaming\RG.exe /infocmdline=UNXXqOyB3Bu7HGZh7vH00gsjnRxINJIB1lGmACkliK9+yihgWJDgglv2BYfcP71/DbHv7Bp4k15uOfVFw91gpxsmJt1bjFoWPwY1bHq34Qp6NNc4ASMeLGCQto+dNsxLtRmV8KKSQlIUFxpjXd96AEcN0IGXM+UkjWL5xzLfKTko05PY/RrhVurED6KMyChZHUhULbBtMrSJTDvQPZIuLn1ZKDRC7YS0Xijs4uPGfDouXtAh6lY6v25VDMWRPuaHKN4MhXdKZYiaNZ4q8Paj0RAg1qj6rmOcCgJKqegfF4k73VHjeHyBmLlUjp+o4/FjUSJlD+BYicB4eKVnQtTKbBsYzjCe/kAgEkjZCPtUEeh3TZVYvSmOKZkqVHRZD1oSmLSEBEdodg/nUCnvNUiygwcjoI/fEa30qtZxuCyR64MW8bZUapF11eV/D4w5z2QcYgL6kn6g8BrGzrHCq0Lwwa8XyAYc/CJo7xkpyyvg5AFw6wCZez7tb2uw7EFi+WHZ
C:\Windows\tasks\RNUpgradeHelperLogonPrompt_pepa.job - C:\Users\pepa\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe /prompt os_boot
C:\Windows\tasks\SmartDefrag.job - C:\Program Files (x86)\IObit\IObit SmartDefrag\IObit SmartDefrag.exe /Schedule
C:\Windows\tasks\UQUIIBY.job - C:\Users\pepa\AppData\Roaming\UQUIIBY.exe /infocmdline=xK0X+CCG7i16utjdLZzrf6W4DyTUt4bYhPv0eEbOB619ayPNGlupIVJ0Pq2Mh7LtxiRVaafSrKt1H9WmKPKC20BNDaze03LXZTdf5QgBJF7AZJ0Ov7xzottGhr2NrDrN2Jv4Kzff6g2puW2z6gUvicReYug+ElyX814D7EfPdyKMPNMIdCOGvF/d/Cy1jdaq1M4sGWttDW3R/2uXPpk2Tm1OnKMWEtQsbj8h9SN7wIh9GxxBWqmizcyDBcWb+1s1m1MJTE7o9ax0ak6rYfL4go1sAFVGwMTItu7chRFUelcwbLBOXg/jUM4TKDKMxFOP+ZGOtKJlwXZme1BT00+jHIx9Lb6tEiabZydB7lzlegcF4T6iik3AOWTIYO+Eljt9Q1MRrCCinOVoRYSlhf0xZk5wX0PfJUsxdyBgmTW1pJTeSbQ3paUtKm4O3C+GYuD5yx3t1ZSshBRf/eNHA3wk+/WMef6rXwkw8i7M85iYXqcT1djOSwmsy8sstEdhyGKsqA5POcZgiGcz88A0D/owDv2EW28VYmjIYUpcNAfwwBd8A7nOqSIXtDw3Vqe0JeZHQr6Yp/Ves+OqMM8587Ryv2iCkwpevi6rrr9x9A4crcJfU6S+2xTNAyYBSdpWy9qW1vh9vSUNyhCrdLSjq0PfHww9PoW/hIZdMw4hjfXxM70=

=========Mozilla firefox=========

ProfilePath - C:\Users\pepa\AppData\Roaming\Mozilla\Firefox\Profiles\tnoas01y.default

prefs.js - "browser.search.useDBForOrder" - false
prefs.js - "browser.startup.homepage" - "https://mysearch.avg.com?cid={62906999- ... 2014-09-06 11:42:27&v=18.1.9.786&pid=safeguard&sg=&sap=hp"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26, {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29, fdm_ffext@freedownloadmanager.org:1.6.0.6, radiobar@toolbar:1.0.0, {003D3EDC-99B9-4a34-9C20-60CB94F7E829}:2010.03, {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.2, videosurf_enhanced@videosurf.com:0.79, {33e0daa6-3af3-d8b5-6752-10e949c61516}:1.1, 50d25b3645cef@50d25b3645d29.com:2, {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.01, {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.3, {f65af8e3-60ed-4a06-9699-c361e87a3f01}:2.7, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.26"
prefs.js - "keyword.URL" - ""

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 15.0.0.246 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0]
"Description"=DivX® Player Plugin for VOD Content
"Path"=C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0]
"Description"=DivX Web Player
"Path"=C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.45.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669]
"Description"=RealJukebox Netscape Plugin
"Path"=c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669]
"Description"=RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In
"Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669]
"Description"=RealPlayer(tm) HTML5VideoShim Plug-In
"Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669]
"Description"=12.0.1.669
"Path"=c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=1.0.0]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=1.1.10]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 15.0.0.246 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browser.xpt
browsercomps.dll
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nppl3260.xpt
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsjsrealplayerplugin.xpt
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js

C:\Program Files (x86)\Mozilla Firefox\plugins\
npnul32.dll
nppl3260.dll
nprjplug.dll
nprpjplug.dll

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
yahoo.xml

C:\Users\pepa\AppData\Roaming\Mozilla\Firefox\Profiles\tnoas01y.default\extensions\
50d25b3645cef@50d25b3645d29.com
radiobar@toolbar
videosurf_enhanced@videosurf.com
{003D3EDC-99B9-4a34-9C20-60CB94F7E829}
{1018e4d6-728f-4b20-ad56-37578a4de76b}
{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
{e968fc70-8f95-4ab9-9e79-304de2a71ee1}

C:\Users\pepa\AppData\Roaming\Mozilla\Firefox\Profiles\tnoas01y.default\searchplugins\
firmycz.xml
inbox-hledn.xml
mapycz.xml
zbocz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 6722448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 688528]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{036451d5-97b6-4882-a0cb-0f3b6de4df8d}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\ProgramData\LangSoft\WebIE.dll [2011-01-28 798771]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
Free Download Manager - C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2013-10-25 365056]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-12-15 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
!{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
!{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
!{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-08-27 22041192]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe [2007-09-11 67488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 7]
C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe /Auto []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AFProg]
C:\Program Files (x86)\Hotspot Shield\AnchorFree\ctrl\AFController.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
C:\Users\pepa\AppData\Local\Akamai\netsession_win.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt]
C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnTBMon]
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe /min []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackgroundContainer]
C:\Windows\SysWOW64\Rundll32.exe [2009-07-14 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 112512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
C:\Program Files (x86)\Cyberlink\Shared files\brs.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe [2009-01-29 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cobian Backup 10 Interface]
C:\Program Files (x86)\Cobian Backup 10\cbInterface.exe [2010-09-23 3154432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConMet]
C:\Program Files (x86)\ConMet\ConMet.exe [2013-03-07 4483584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CyberGhost]
C:\Program Files\CyberGhost 5\CyberGhost.EXE /autostart []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.autoupdate]
C:\Users\pepa\AppData\Roaming\Seznam.cz\szninstall.exe [2013-05-16 1062472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.szndesktop]
C:\Users\pepa\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe -q []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-07-03 3673184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscWizardMonitor.exe]
C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer]
C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [2013-08-21 450560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2013-08-29 1861968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\download.ninja]
C:\Program Files\Download Ninja\download.ninja.exe [2014-09-04 4953408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Driver Pro]
C:\Program Files (x86)\Driver Pro\DPLauncher.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DU Meter]
C:\Program Files (x86)\DU Meter\DUMeter.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DudeServer]
C:\Program Files (x86)\Dude\dude.exe [2009-12-11 4100096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eaecaaddecdesacfsfdsf]
C:\ProgramData\eaecaaddecdesacfsfdsf.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fac3a330c25dcfbadc8be882954dbae4]
C:\Users\pepa\AppData\Roaming\winsys.exe .. []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
C:\Users\pepa\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-08-10 138096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
C:\Program Files (x86)\Free Download Manager\fdm.exe [2013-10-25 6950400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Freecorder FLV Service]
C:\Program Files (x86)\Freecorder\FLVSrvc.exe /run []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleDriveSync]
C:\Program Files (x86)\Google\Drive\googledrivesync.exe [2014-10-21 22869088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InboxToolbar]
C:\Program Files (x86)\Inbox Toolbar\Inbox.exe /STARTUP []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Infium]
C:\Program Files (x86)\QIP 2010\qip.exe /autorun []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IObit Security 360]
C:\Program Files (x86)\IObit\IObit Security 360\IS360tray.exe /autostart []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPAnonymizer]
C:\Program Files (x86)\IP Anonymizer\IP Anonymizer.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Livestation]
C:\Program Files (x86)\Livestation\Livestation.exe -startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe --auto-start []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mncuwwdSrv]
C:\Windows\system32\mncuwwd.vbe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mncxyauySrv]
C:\Windows\inf\mncxyauy.vbe [2014-01-19 1342]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mobilegeni daemon]
C:\Program Files (x86)\Mobogenie\DaemonProcess.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msokrmiSrv]
C:\Windows\inf\msokrmi.vbe [2013-08-27 1558]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NETGEARGenie]
C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe -mini -redirect []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetLimiter]
C:\Program Files\NetLimiter 3\NLClientApp.exe [2013-10-10 2915968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\netmon.exe]
C:\Program Files (x86)\netmon\netmon.exe [2006-10-24 5279232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetSoftware]
C:\Program Files\NetSoftware\Starter.exe [2014-03-20 218112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSpeedUp]
C:\Program Files (x86)\Zrychleni Pocitace\PCSUNotifier.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProgLauncher]
C:\Program Files (x86)\ProgDVB\ProgLauncher.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [2010-04-12 180224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QIP Internet Guardian]
C:\Users\pepa\AppData\Roaming\QipGuard\QipGuard.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDVCPL]
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-12-13 13374568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDP]
C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe /auto []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagate Scheduler2 Service]
C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchProtect]
C:\Users\pepa\AppData\Roaming\SearchProtect\bin\cltmng.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchProtectAll]
C:\Program Files (x86)\SearchProtect\bin\cltmng.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce]
C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spotflux]
C:\Program Files\Spotflux\services\SpotfluxAgent.exe [2014-03-07 258560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spybot-S&D Cleaning]
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe /autoclean []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyEmergency]
C:\Program Files\NETGATE\Spy Emergency\SpyEmergency.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate]
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwvUpdtr]
C:\Users\pepa\AppData\Local\1565\Updater.exe /reg []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2011-11-08 273528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Torntv Downloader]
C:\Program Files (x86)\TornTV.com\Torntv Downloader.exe /c=startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tvncontrol]
C:\Program Files\TightVNC\tvnserver.exe [2013-07-19 2179056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files (x86)\Winamp\winampa.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yontoo Desktop]
C:\Users\pepa\AppData\Roaming\Yontoo\YontooDesktop.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamePark klient 2.lnk]
C:\Program Files\GamePark2\gpcl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Run VeNCrypt Listening Viewer.lnk]
C:\PROGRA~2\VENCRY~1.6\VENCVI~1.EXE [2006-12-11 730664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinTV Recording Status..lnk]
C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^pepa^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^..lnk]
C:\Windows\System32\cpu.vbs []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^pepa^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^fac3a330c25dcfbadc8be882954dbae4.exe]
C:\Users\pepa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fac3a330c25dcfbadc8be882954dbae4.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^pepa^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Oxy.lnk]
C:\Users\pepa\AppData\Local\Oxy\Application\bin\start.cmd []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^pepa^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Registration Assassin.LNK]
C:\PROGRA~2\Ubisoft\Assassin's Creed\Register\RegistrationReminder.exe [2008-02-22 967304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^pepa^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^win sys.exe]
C:\Users\pepa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\win sys.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^pepa^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk]
C:\Program Files (x86)\Xfire\Xfire.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 6722448]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoWindowsUpdate"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"ForceActiveDesktopOn"=0
"NoActiveDesktopChanges"=0
"NoResolveTrack"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux2"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"wave5"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux3"=wdmaud.drv
"wave6"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux4"=wdmaud.drv
"VIDC.XFR1"=xfcodec64.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave4"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux5"=wdmaud.drv
"wave7"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer7"=wdmaud.drv
"aux6"=wdmaud.drv
"wave8"=wdmaud.drv
"mixer8"=wdmaud.drv
"wave9"=wdmaud.drv
"mixer9"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2015-01-09 07:44:04 ----A---- C:\Windows\ntbtlog.txt
2015-01-08 20:30:50 ----D---- C:\Program Files (x86)\DriverGuide Toolkit
2015-01-08 18:37:18 ----D---- C:\Windows\system32\logs
2015-01-08 18:35:58 ----D---- C:\Windows\SYSWOW64\Hotspot Shield
2015-01-08 18:30:46 ----D---- C:\Program Files\KMSpico
2015-01-08 09:18:43 ----D---- C:\Users\pepa\AppData\Roaming\QuickScan
2015-01-08 09:15:25 ----D---- C:\Program Files (x86)\globalUpdate
2015-01-08 09:14:07 ----D---- C:\Program Files (x86)\Zrychleni Pocitace
2015-01-07 13:42:36 ----A---- C:\Windows\SYSWOW64\Uninstal.exe
2015-01-07 13:29:12 ----D---- C:\Windows Activation Technologies
2015-01-07 11:24:20 ----A---- C:\Windows\SYSWOW64\slmgr.vbs
2015-01-07 10:54:59 ----D---- C:\Windows\loader
2015-01-07 10:18:44 ----A---- C:\Windows\system32\systemcplx64.dll
2015-01-07 10:18:44 ----A---- C:\Windows\system32\slwga.dll
2015-01-07 10:06:48 ----A---- C:\Windows\system32\slmgr.vbs
2015-01-06 16:04:55 ----D---- C:\Users\pepa\AppData\Roaming\Faceless LLC
2015-01-06 15:32:25 ----D---- C:\Program Files\TAP-Windows
2015-01-06 15:31:41 ----D---- C:\Program Files\CyberGhost 5
2015-01-06 14:43:35 ----A---- C:\Windows\system32\drivers\hssdrv6.sys
2015-01-06 14:40:51 ----D---- C:\ProgramData\Hotspot Shield
2015-01-06 14:40:38 ----D---- C:\Program Files (x86)\Hotspot Shield
2015-01-06 14:40:29 ----D---- C:\Users\pepa\AppData\Roaming\Hotspot Shield
2015-01-04 14:24:56 ----D---- C:\Program Files\NetLimiter 3
2014-12-28 14:03:05 ----D---- C:\Program Files (x86)\34ab7eed-c1e3-43d9-8752-ff134add5231
2014-12-28 14:01:29 ----D---- C:\Program Files (x86)\Doctor PC
2014-12-28 14:00:44 ----D---- C:\Program Files (x86)\doctorpclab.com
2014-12-27 10:50:08 ----D---- C:\Users\pepa\AppData\Roaming\Softplicity

======List of files/folders modified in the last 1 month======

2015-01-09 19:07:27 ----D---- C:\Users\pepa\AppData\Roaming\Skype
2015-01-09 18:42:29 ----D---- C:\Windows\Temp
2015-01-09 18:10:00 ----D---- C:\rsit
2015-01-09 14:34:11 ----D---- C:\Users\pepa\AppData\Roaming\Seznam.cz
2015-01-09 08:00:45 ----D---- C:\Program Files\SUPERAntiSpyware
2015-01-09 07:44:04 ----AD---- C:\Windows
2015-01-09 07:43:59 ----D---- C:\Windows\system32\drivers
2015-01-09 07:43:59 ----D---- C:\Windows\ERUNT
2015-01-09 07:39:31 ----RD---- C:\Program Files (x86)
2015-01-09 07:39:30 ----D---- C:\Windows\Tasks
2015-01-09 07:39:30 ----D---- C:\Windows\SysWOW64
2015-01-09 02:23:08 ----HD---- C:\Program Files (x86)\Temp
2015-01-08 20:35:40 ----D---- C:\Downloads
2015-01-08 18:37:18 ----D---- C:\Windows\System32
2015-01-08 18:35:02 ----D---- C:\DriveKey
2015-01-08 18:30:46 ----RD---- C:\Program Files
2015-01-08 11:11:20 ----D---- C:\Windows\pss
2015-01-08 09:15:41 ----D---- C:\Program Files (x86)\3D Live Pool
2015-01-08 03:43:40 ----D---- C:\Windows\Prefetch
2015-01-07 10:18:48 ----D---- C:\Windows\SYSWOW64\cs-CZ
2015-01-07 10:18:48 ----D---- C:\Windows\system32\cs-CZ
2015-01-07 10:12:23 ----D---- C:\Windows\system32\drivers\etc
2015-01-07 08:49:24 ----SHD---- C:\System Volume Information
2015-01-07 08:29:34 ----D---- C:\Program Files (x86)\Opera
2015-01-07 06:24:12 ----D---- C:\Users\pepa\AppData\Roaming\DownloadNinja
2015-01-07 00:25:30 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-01-07 00:22:06 ----SHD---- C:\Windows\Installer
2015-01-07 00:21:39 ----D---- C:\ProgramData\ConMet
2015-01-07 00:20:06 ----D---- C:\Users\pepa\AppData\Roaming\ConMet
2015-01-06 16:28:43 ----D---- C:\Windows\Microsoft.NET
2015-01-06 15:33:29 ----D---- C:\Windows\inf
2015-01-06 15:33:28 ----D---- C:\Windows\system32\catroot
2015-01-06 15:33:26 ----D---- C:\Windows\system32\DriverStore
2015-01-06 15:13:24 ----D---- C:\ProgramData\Package Cache
2015-01-06 15:06:16 ----D---- C:\Windows\SYSWOW64\en-US
2015-01-06 15:06:16 ----D---- C:\Windows\system32\en-US
2015-01-06 14:43:54 ----D---- C:\Windows\system32\catroot2
2015-01-06 14:40:51 ----AHD---- C:\ProgramData
2015-01-06 04:56:13 ----D---- C:\Windows\system32\config
2015-01-04 14:26:04 ----SHD---- C:\Windows\SYSWOW64\AI_RecycleBin
2015-01-04 14:26:00 ----RSD---- C:\Windows\assembly
2015-01-02 03:47:41 ----D---- C:\Users\pepa\AppData\Roaming\vlc
2015-01-01 18:49:42 ----D---- C:\Users\pepa\AppData\Roaming\dvdcss
2014-12-29 13:09:00 ----D---- C:\Users\pepa\AppData\Roaming\TS3Client
2014-12-28 21:55:58 ----D---- C:\AdwCleaner
2014-12-28 19:40:08 ----D---- C:\Windows\system32\Tasks
2014-12-28 19:13:35 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-28 14:03:20 ----D---- C:\Program Files (x86)\3D Online Pool
2014-12-28 13:47:31 ----D---- C:\Program Files (x86)\Seznam.cz
2014-12-23 18:33:57 ----D---- C:\Users\pepa\AppData\Roaming\TeamViewer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvstor64;nvstor64; C:\Windows\system32\DRIVERS\nvstor64.sys [2009-08-04 241696]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [2010-08-12 55856]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 SmartDefragDriver;SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [2011-02-23 18232]
R0 speedfan;speedfan; C:\Windows\SysWOW64\speedfan.sys [2012-12-29 28664]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2013-10-03 564824]
R0 timounter;Seagate DiscWizard Image Backup Archive Explorer; C:\Windows\system32\DRIVERS\timntr.sys [2013-06-08 711712]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-10-03 283064]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2009-02-17 31400]
R1 HssDRV6;Hotspot Shield Routing Driver 6; C:\Windows\system32\DRIVERS\hssdrv6.sys [2014-05-17 44744]
R1 nltdi;nltdi; \??\C:\Program Files\NetLimiter 3\nltdi.sys [2013-06-12 87472]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2010-04-12 91568]
R1 truecrypt;truecrypt; C:\Windows\System32\drivers\truecrypt.sys [2012-07-08 231376]
R2 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2010-06-25 35344]
R2 tifsfilter;Seagate DiscWizard FS Filter; C:\Windows\system32\DRIVERS\tifsfilt.sys [2013-06-08 81952]
R3 ElbyCDFL;ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [2007-02-16 40648]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-12-13 4718952]
R3 NLNdisMP;NLNdisMP; C:\Windows\system32\DRIVERS\nlndis.sys [2013-06-12 32688]
R3 Ph3xIB64;Philips 713x VU PCI TV Card; C:\Windows\system32\DRIVERS\Ph3xIB64.sys [2009-06-10 1627520]
R3 tap0901;TAP-Windows Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2013-08-22 40664]
R3 taphss6;Anchorfree HSS VPN Adapter; C:\Windows\system32\DRIVERS\taphss6.sys [2014-05-17 42184]
R3 tapSF0901;Spotflux Virtual Network Device Driver; C:\Windows\system32\DRIVERS\tapSF0901.sys [2014-03-07 39104]
S3 AIDA64Driver;FinalWire AIDA64 Kernel Driver; \??\C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\kerneld.x64 []
S3 connctfy;Connectify Service; C:\Windows\system32\DRIVERS\connctfy.sys []
S3 connctfyMP;connctfyMP; C:\Windows\system32\DRIVERS\connctfy.sys []
S3 cpuz136;cpuz136; \??\C:\Users\pepa\AppData\Local\Temp\cpuz136\cpuz136_x64.sys []
S3 DrvAgent64;DrvAgent64; \??\C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS [2014-09-07 21712]
S3 DSDrv4;DSDrv4; \??\C:\PROGRA~2\DScaler\DSDrv4.sys [2005-12-18 8801]
S3 esgiguard;esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys []
S3 FlyPCI;FlyPCI; \??\C:\Windows\system32\drivers\FlyPCI.sys []
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files (x86)\Garena Classic\safedrv.sys []
S3 GPU-Z;GPU-Z; \??\C:\Users\pepa\AppData\Local\Temp\GPU-Z.sys []
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
S3 NLNdisPT;NetLimiter Ndis Protocol Service; C:\Windows\system32\DRIVERS\nlndis.sys [2013-06-12 32688]
S3 NTIOLib_1_0_4;NTIOLib_1_0_4; \??\C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2010-10-29 250984]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 ScreamBAudioSvc;ScreamBee Audio; C:\Windows\system32\drivers\ScreamingBAudio64.sys [2009-11-25 38992]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 taphss;Anchorfree HSS Adapter; C:\Windows\system32\DRIVERS\taphss.sys [2010-09-22 37888]
S3 teamviewervpn;TeamViewer VPN Adapter; C:\Windows\system32\DRIVERS\teamviewervpn.sys [2009-11-09 35112]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2014-07-15 142528]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys []
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]
S3 vncmirror;vncmirror; C:\Windows\system32\DRIVERS\vncmirror.sys [2012-05-29 4608]
S3 WinUSB;Android USB Driver; C:\Windows\system32\DRIVERS\WinUSB.sys [2009-07-14 40448]
S3 WISOVD;WISOVD; \??\C:\Program Files (x86)\WinISO Computing\WinISO\bin\driver\WISOVD_win7_x64.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 hshld;Hotspot Shield Service; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [2014-09-11 935208]
R2 HssWd;Hotspot Shield Monitoring Service; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [2014-05-16 430344]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2010-06-29 66872]
S2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6; C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe []
S2 astcc;AST Service; C:\Windows\syswow64\AstSrv.exe [2008-05-27 45056]
S2 HauppaugeTVServer;HauppaugeTVServer; C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe []
S2 MySQL;MySQL; C:\Program Files (x86)\MySQL\MySQL Server 5.1\bin\mysqld --defaults-file=C:\Program Files (x86)\MySQL\MySQL Server 5.1\my.ini MySQL []
S2 Service KMSELDI;Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [2013-10-29 571392]
S2 SgtSch2Svc;Seagate Scheduler2 Service; C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe []
S2 StarWindServiceAE;StarWind AE Service; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe []
S3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe []
S4 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2014-09-13 172344]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09 267440]
S4 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2012-07-08 51648]
S4 c2cautoupdatesvc;Skype Click to Call Updater; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-07-14 1390176]
S4 c2cpnrsvc;Skype Click to Call PNR Service; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-07-14 1767520]
S4 cbVSCService;Cobian Backup 10 Volume Shadow Copy service; C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe [2010-09-23 67584]
S4 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-07-09 104912]
S4 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 Faceless;Faceless; C:\Users\pepa\AppData\Roaming\Faceless LLC\Faceless Internet Connection\FacelessService.exe [2012-12-07 109552]
S4 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-03-24 654848]
S4 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20 107912]
S4 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20 107912]
S4 HssTrayService;Hotspot Shield Tray Service; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [2014-05-17 78512]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S4 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 51456888]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 nlsvc;NetLimiter 3 Service; C:\Program Files\NetLimiter 3\nlsvc.exe [2013-10-10 1851008]
S4 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2011-10-15 1640768]
S4 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S4 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S4 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S4 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files (x86)\WinPcap\rpcapd.exe [2010-06-25 117264]
S4 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-04-03 315008]
S4 SpotfluxConnectionManager;Spotflux Connection Manager; C:\Program Files\Spotflux\services\SpotfluxConnectionManager.exe [2014-03-07 73216]
S4 SpotfluxUpdateService;Spotflux Update Service; C:\Program Files\Spotflux\services\SpotfluxUpdateService.exe [2014-03-07 20480]
S4 TeamViewer9;TeamViewer 9; C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2013-12-17 5341536]
S4 tvnserver;TightVNC Server; C:\Program Files\TightVNC\tvnserver.exe [2013-07-19 2179056]
S4 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 VeNCrypt;VeNCrypt; C:\Program Files (x86)\VeNCrypt-0.2.6\vencserver.exe [2006-12-11 886312]
S4 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-05-18 1255736]

-----------------EOF-----------------

[Márty84]

Smarja, chce se mi

Doufam, ze mate zalohovana data


Udelejte kontrolu s MBAM. Test nastavte podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=29&t=137928 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

[pepinojablo]

neblejte vím zasviněny komp, zalohu mám mbanem jsem to sjel jen mám problém, mechanika nebunguje a nemám flešu a bych udělal reinstal winu takže to potřebuju opravit

[Márty84]

Ja potrebuju videt jeho log, abych vedel co a kde nasel a podle toho zvolim spravny nastoj pro dalsi cisteni.

[pepinojablo]

Jaky log?

[Márty84]

Z MBAM

[pepinojablo]

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 9.1.2015
Čas skenování: 20:09:28
Protokol: mbam.txt
Správce: Ano

Verze: 2.00.4.1028
Databáze malwaru: v2015.01.09.15
Databáze rootkitů: v2015.01.07.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Sebeobrany: Vypnuto

OS: Windows 7
CPU: x64
Souborový systém: NTFS
Uživatel: pepa

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 386731
Uplynulý čas: 24 min, 57 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Varovat
PUM: Zapnuto

Procesy: 0
(Žádné zákerné zjištěny položek)

Moduly: 0
(Žádné zákerné zjištěny položek)

Klíče registru: 0
(Žádné zákerné zjištěny položek)

Hodnoty registru: 0
(Žádné zákerné zjištěny položek)

Data registru: 0
(Žádné zákerné zjištěny položek)

Složky: 0
(Žádné zákerné zjištěny položek)

Soubory: 0
(Žádné zákerné zjištěny položek)

Fyzické sektory: 0
(Žádné zákerné zjištěny položek)


(end)

[Márty84]

Tak ted jeste udelejte test podle toho navodu. Cili vlastni sken vsech disku. Tohle byl jen sken hrozeb, u toho se nekontroluje cely pocitac.




15.2. pro neaktivitu http://forum.viry.cz/viewtopic.php?f=12&t=123975