Zbavení se browser hijackaru / dalšího adware

[R4D]

Prosím o kontrolu logu, před pár týdny jsem chytl browser hijacker FindIt, který se mi zdánlivě podeřilo odstranit, ovšem nyní jsem ještě kontroloval na další malware, údajně trojan "honic.exe" a po něm se mi FindIt do browseru nějak vrátil: homepage http://search.safefinder.com/?st=hp&q= a hijacknulo to i vyhledávač google. Chtěl bych se veškeré paseky zbavit:

Log z AdwCleaner:

# AdwCleaner v5.030 - Logfile created 20/01/2016 at 20:54:42
# Updated 17/01/2016 by Xplode
# Database : 2016-01-19.2 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Rad - RAD-PC
# Running from : C:\Users\Rad\Desktop\adwcleaner_5.030.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : caMyciloP

***** [ Folders ] *****

[-] Folder Deleted : C:\Users\Rad\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgnigmofekcllgbiejhmigggmgehkip

***** [ Files ] *****

[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\findit.xml

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SEARCHSCOPES\IELNKSRCH
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Stpro.exe
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fcgnigmofekcllgbiejhmigggmgehkip
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
[-] Key Deleted : HKLM\SOFTWARE\mtMedlight
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[!] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ielnksrch

***** [ Web browsers ] *****

[-] [C:\Users\Rad\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : fcgnigmofekcllgbiejhmigggmgehkip

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C4].txt - [2288 bytes] ##########


Děkuji pěkně.

[R4D]

ještě log z rsit, asi to budu mít slušně zapráskané

Logfile of random's system information tool 1.10 (written by random/random)
Run by Rad at 2016-01-20 21:04:53
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 6 GB (1%) free of 954 GB
Total RAM: 4094 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:04:56, on 20.1.2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Program Files\TrueCrypt\TrueCrypt.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files (x86)\AIDA64 Extreme Edition v2.70.2200 Final\aida64.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\trend micro\Rad.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNaVXAdGTZAYinpmNeGas8S5M77yU5Bsjo9Pj3GVuv-CJcriiXiVizzx3slNUVyd2YGh7kzbzP4puF6Qp_i55rOvn4Gax5IZtqlZcxDh8nvQlNPN-vWc3tbxAZZNgcw9B7Qi5F7cdkF1zk6NIDxxJYCd-EeL22rTR4CoLMTuydOXg,&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNaVXAdGTZAYinpmNeGas8S5M77yU5Bsjo9Pj3GVuv-CJcriiXiVizzx3slNUVyd2YGh7kzbzP4puF6Qp_i55rOvn4Gax5IZtqlZcxDh8nvQlNPN-vWc3tbxAZZNgcw9B7Qi5F7cdkF1zk6NIDxxJYCd-EeL22rTR4CoLMTuydOXg,&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNaVXAdGTZAYinpmNeGas8S5M77yU5Bsjo9Pj3GVuv-CJcriiXiVizzx3slNUVyd2YGh7kzbzP4puF6Qp_i55rOvn4Gax5IZtqlZcxDh8nvQlNPN-vWc3tbxAZZNgcw9B7Qi5F7cdkF1zk6NIDxxJYCd-EeL22rTR4CoLMTuydOXg,&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNaVXAdGTZAYinpmNeGas8S5M77yU5Bsjo9Pj3GVuv-CJcriiXiVizzx3slNUVyd2YGh7kzbzP4puF6Qa3VnkubznFCb5Uf1bj3BX2bx9C4LBV6odCX9P1LpAEe-LM_SOq_Vzy01SyTSpqFxIOczP8mT7-6YUgUJUBr24jVl1EpDI,
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNaVXAdGTZAYinpmNeGas8S5M77yU5Bsjo9Pj3GVuv-CJcriiXiVizzx3slNUVyd2YGh7kzbzP4puF6Qp_i55rOvn4Gax5IZtqlZcxDh8nvQlNPN-vWc3tbxAZZNgcw9B7Qi5F7cdkF1zk6NIDxxJYCd-EeL22rTR4CoLMTuydOXg,&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~2\IDM\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Bonus.SSR.FR11] "C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" /autorun
O4 - HKLM\..\Run: [BtTray] "C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [TrueCrypt] "C:\Program Files\TrueCrypt\TrueCrypt.exe" /q preferences /a logon
O4 - HKCU\..\Run: [HotFolder.FR11] "C:\Program Files (x86)\ABBYY FineReader 11\HotFolder.exe" /AutoRun
O4 - HKCU\..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105
O8 - Extra context menu item: Stáhnout s IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Stáhnout s IDM FLV videa z 10 posledně požadovaných - C:\Program Files (x86)\Internet Download Manager\IEGetVL2.htm
O8 - Extra context menu item: Stáhnout s IDM obsažené FLV video - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Stáhnout s IDM všechny odkazy - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\ProgramData\caMyciloP\Tonfix.dll
O23 - Service: ABBYY FineReader 11 CE Licensing Service (ABBYY.Licensing.FineReader.Corporate.11.0) - ABBYY - C:\Program Files (x86)\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: BlueSoleilCS - IVT Corporation - C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - IVT Corporation - C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: BsMobileCS - IVT Corporation - C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe
O23 - Service: caMyciloP - Unknown owner - C:\ProgramData\\caMyciloP\\caMyciloP.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Finwarm Service (FinwarmSvc) - Unknown owner - C:\Users\Rad\AppData\Local\Temp\kvhiCx\runner.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Hon Controller (honic32) - Unknown owner - C:\Program Files\HonController\honic.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Unafind (prtductad) - Unknown owner - C:\Users\Rad\AppData\Local\Quadtex.exe
O23 - Service: RealtekCU - Realtek Semiconductor Corp. - C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtlService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: TrueCrypt System Favorites (TrueCryptSystemFavorites) - TrueCrypt Foundation - C:\Windows\SysWOW64\TrueCrypt.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13874 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe" -service
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe"
"C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe"
"C:\Program Files\HonController\honic.exe" /s iid=3671651 did=APSnapdoAMRev sid=3 ref=dbf8c1f3-f73a-0e85-294a-36e3e59902d2-PolicyMac id=e894afe9408df2b45fa176e61590b730275f10c525af0b4106680b587ba60b8e
"C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe"
"C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtlService.exe"
"C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe"
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-2c6da168-3679-434c-8747-a46fcd24afce -SystemEventPortName:HostProcess-21bc1c38-97e1-4169-9422-9b2bca08b8e9 -IoCancelEventPortName:HostProcess-1024b2fb-26aa-47cf-9e5f-d025470646aa -NonStateChangingEventPortName:HostProcess-06c1b329-988f-4e19-8266-ed3a761ee587 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:694909bd-1754-478c-b9ce-18f02053b880 -DeviceGroupId:WpdFsGroup
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"taskhost.exe"
"C:\Program Files\TrueCrypt\TrueCrypt.exe" /q preferences /a logon
"C:\Program Files (x86)\Internet Download Manager\IDMan.exe" /onboot
"C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
"C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe"
"C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" /AUTORUN
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe" /autorun
"C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe"
"C:\Windows\system32\NOTEPAD.EXE" C:\AdwCleaner\AdwCleaner[C4].txt
"C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtWlan.exe" /H
taskeng.exe {0FAAD24D-70F6-48D3-90F1-D14B97B2157A}
taskeng.exe {6BAF793A-773E-42D0-BAA5-7A6E61551A44}
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\AIDA64 Extreme Edition v2.70.2200 Final\aida64.exe"
C:\ProgramData\\caMyciloP\\caMyciloP.exe -f "C:\ProgramData\\caMyciloP\\caMyciloP.dat" -l -a
"C:\ProgramData\caMyciloP\caMyciloP.exe" -f "C:\ProgramData\caMyciloP\Unotamstrong.dat" -l -a regname Stpro.exe
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" C:\ProgramData\caMyciloPs\snp.sc
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe" -auto
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 528 532 540 65536 536
"C:\Users\Rad\Downloads\RSITx64.exe"


======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\DriverToolkit Autorun.job - C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe --autorun
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Users\Rad\AppData\Roaming\Mozilla\Firefox\Profiles\6aa6rioa.default-1450839913182

prefs.js - "browser.startup.homepage" - "C:\\ProgramData\\caMyciloPs\\ff.HP"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 20.0.0.286 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.60.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.60.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0]
"Description"=Microsoft Lync Plug-in for Firefox
"Path"=C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nokia.com/EnablerPlugin]
"Description"=Nokia Suite Enabler Plugin
"Path"=C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=1.1.11]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 20.0.0.286 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.8]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll


C:\Program Files (x86)\Mozilla Firefox\plugins\
npMeetingJoinPluginOC.dll
nppdf32.dll
npwachk.dll

C:\Users\Rad\AppData\Roaming\Mozilla\Firefox\Profiles\6aa6rioa.default-1450839913182\searchplugins\
findit.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDM integration (IDMIEHlprObj Class) - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2013-11-29 451096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01 205416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2012-08-16 6670496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office15\URLREDIR.DLL [2012-10-01 877720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL [2012-12-09 2323040]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDM integration (IDMIEHlprObj Class) - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2013-11-29 401944]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01 139368]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2012-08-16 4171424]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-27 460384]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL [2012-10-01 704664]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C08DF07A-3E49-4E25-9AB0-D3882835F153}]
QUICKfind BHO Object - C:\PROGRA~2\IDM\QUICKF~1\PlugIns\IEHelp.dll [2007-02-16 457216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL [2012-12-09 1720928]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-27 172640]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 112512]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TrueCrypt"=C:\Program Files\TrueCrypt\TrueCrypt.exe [2012-12-24 1516496]
"HotFolder.FR11"=C:\Program Files (x86)\ABBYY FineReader 11\HotFolder.exe [2012-09-20 1419856]
""= []
"IDMan"=C:\Program Files (x86)\Internet Download Manager\IDMan.exe [2014-02-08 3825232]
"uTorrent"=C:\Program Files (x86)\uTorrent\uTorrent.exe [2013-01-04 969104]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Bonus.SSR.FR11"=C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe [2012-09-20 1348176]
"BtTray"=C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe [2013-03-06 428280]
"BrMfcWnd"=C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [2009-05-26 1159168]
"ControlCenter3"=C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [2008-12-24 114688]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-08-04 597552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\ProgramData\caMyciloP\Treedom.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2012-08-16 6670496]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2012-08-16 4171424]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
IVTCredentialProvider

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrueCryptSystemFavorites]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TrueCryptSystemFavorites]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2016-01-20 21:04:53 ----D---- C:\rsit
2016-01-20 21:04:53 ----D---- C:\Program Files\trend micro
2016-01-20 20:58:16 ----D---- C:\ProgramData\caMyciloPs
2016-01-20 20:58:03 ----D---- C:\ProgramData\caMyciloP
2016-01-20 20:23:14 ----D---- C:\Users\Rad\AppData\Roaming\FreeFixer
2016-01-20 20:23:08 ----D---- C:\Program Files\FreeFixer
2016-01-19 17:08:39 ----D---- C:\Users\Rad\AppData\Roaming\Solveig Multimedia
2016-01-19 17:04:25 ----D---- C:\Users\Rad\AppData\Roaming\HyperCam
2016-01-19 17:03:56 ----D---- C:\Program Files (x86)\HyperCam 3
2016-01-07 13:03:16 ----D---- C:\Program Files (x86)\Mozilla Firefox
2016-01-03 05:58:46 ----RD---- C:\Program Files (x86)\Skype
2015-12-28 04:02:55 ----A---- C:\Windows\system32\drivers\ssudmdm.sys
2015-12-28 04:02:55 ----A---- C:\Windows\system32\drivers\ssudbus.sys
2015-12-28 04:01:40 ----D---- C:\Users\Rad\AppData\Roaming\Samsung
2015-12-28 04:01:38 ----A---- C:\Windows\SYSWOW64\secman.dll
2015-12-28 04:01:31 ----D---- C:\Program Files (x86)\Samsung
2015-12-23 01:25:36 ----D---- C:\Users\Rad\AppData\Roaming\Publish Providers
2015-12-23 01:15:18 ----D---- C:\Windows\SYSWOW64\spool
2015-12-23 01:15:18 ----D---- C:\ProgramData\Sony
2015-12-23 01:15:18 ----D---- C:\Program Files (x86)\Sony
2015-12-23 01:14:32 ----D---- C:\Users\Rad\AppData\Roaming\Sony
2015-12-23 00:11:04 ----D---- C:\Users\Rad\AppData\Roaming\Opera Software
2015-12-23 00:05:52 ----D---- C:\Users\Rad\AppData\Roaming\Xilisoft
2015-12-23 00:05:13 ----D---- C:\ProgramData\Xilisoft
2015-12-23 00:05:13 ----D---- C:\Program Files (x86)\Xilisoft
2015-12-23 00:04:08 ----D---- C:\Program Files (x86)\Opera
2015-12-23 00:03:58 ----D---- C:\Program Files\HonController
2015-12-22 23:57:09 ----D---- C:\Program Files (x86)\free-videoconverter

======List of files/folders modified in the last 1 month======

2016-01-20 21:04:56 ----D---- C:\Windows\Prefetch
2016-01-20 21:04:54 ----D---- C:\Windows\Temp
2016-01-20 21:04:53 ----RD---- C:\Program Files
2016-01-20 21:03:41 ----D---- C:\Users\Rad\AppData\Roaming\uTorrent
2016-01-20 20:58:22 ----D---- C:\Windows\system32\Tasks
2016-01-20 20:58:16 ----HD---- C:\ProgramData
2016-01-20 20:57:02 ----A---- C:\Windows\SYSWOW64\bscs.ini
2016-01-20 20:54:42 ----D---- C:\AdwCleaner
2016-01-20 20:50:24 ----D---- C:\Users\Rad\AppData\Roaming\DMCache
2016-01-20 20:40:43 ----D---- C:\Users\Rad\AppData\Roaming\vlc
2016-01-19 21:01:23 ----D---- C:\Windows\SysWOW64
2016-01-19 21:01:22 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2016-01-19 17:03:58 ----D---- C:\Program Files (x86)\Common Files
2016-01-19 17:03:56 ----RD---- C:\Program Files (x86)
2016-01-15 03:48:09 ----SHD---- C:\System Volume Information
2016-01-15 03:43:06 ----D---- C:\Windows\system32\config
2016-01-13 19:18:11 ----SHD---- C:\Windows\Installer
2016-01-12 22:33:18 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-07 19:18:42 ----D---- C:\Train Simulator 2014 Steam Edition
2016-01-04 13:55:23 ----D---- C:\Windows\System32
2016-01-04 13:55:23 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-01-04 13:55:22 ----D---- C:\Windows\inf
2016-01-04 07:33:17 ----D---- C:\Windows\system32\catroot
2016-01-03 07:37:24 ----D---- C:\Users\Rad\AppData\Roaming\Skype
2016-01-03 05:58:58 ----D---- C:\ProgramData\Skype
2016-01-02 03:13:02 ----D---- C:\Program Files\Recuva
2015-12-31 13:21:58 ----A---- C:\Users\Rad\AppData\Roaming\AutoGK.ini
2015-12-31 10:32:11 ----D---- C:\mp3
2015-12-28 04:05:43 ----D---- C:\ProgramData\Samsung
2015-12-28 04:05:35 ----D---- C:\Windows\system32\drivers
2015-12-28 04:02:59 ----D---- C:\Windows\system32\DriverStore
2015-12-28 04:02:52 ----D---- C:\Windows\system32\catroot2
2015-12-28 04:01:34 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2015-12-24 00:57:40 ----AD---- C:\ProgramData\TEMP
2015-12-24 00:55:17 ----D---- C:\Users\Rad\AppData\Roaming\VideoReDo-TVSuite4
2015-12-23 01:15:11 ----D---- C:\Windows\winsxs

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 BtHidBus;Bluetooth HID Bus Service; C:\Windows\System32\Drivers\BtHidBus.sys [2011-12-21 25056]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 truecrypt;truecrypt; C:\Windows\System32\drivers\truecrypt.sys [2012-12-24 231376]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-12-24 283200]
R2 IDMWFP;IDMWFP; C:\Windows\system32\DRIVERS\idmwfp.sys [2013-11-28 175480]
R2 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2010-06-25 35344]
R2 WCMVCAM;WebcamMax, WDM Video Capture; C:\Windows\system32\DRIVERS\wcmvcam64.sys [2011-06-23 1071032]
R3 AIDA64Driver;FinalWire AIDA64 Kernel Driver; \??\C:\Program Files (x86)\AIDA64 Extreme Edition v2.70.2200 Final\kerneld.x64 [2012-10-28 30624]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-09-28 10697216]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-09-28 460288]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
R3 BT;Bluetooth PAN Network Adapter; C:\Windows\system32\DRIVERS\btnetdrv.sys [2011-12-21 22240]
R3 BTCOM;Bluetooth Serial port driver; C:\Windows\system32\DRIVERS\btcomport.sys [2011-07-27 29576]
R3 IvtAudioBusSrv;IvtAudioBusSrv; C:\Windows\System32\Drivers\IvtBtBus.sys [2012-12-24 27256]
R3 IvtComBusSrv;IvtComBusSrv; C:\Windows\System32\Drivers\btcombus.sys [2013-01-05 25720]
R3 IvtPanBusSrv;IvtPanBusSrv; C:\Windows\System32\Drivers\btnetBus.sys [2012-12-24 31480]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2005-03-29 8192]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys [2010-01-22 77824]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys [2010-01-22 180224]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 BlueletAudio;Bluetooth Audio Service; C:\Windows\system32\DRIVERS\blueletaudio.sys [2012-12-24 41208]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\Windows\System32\Drivers\btcusb.sys [2012-12-25 43128]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2015-05-21 110720]
S3 GPU-Z;GPU-Z; \??\C:\Users\Rad\AppData\Local\Temp\GPU-Z.sys []
S3 htcnprot;HTC NDIS Protocol Driver; C:\Windows\system32\DRIVERS\htcnprot.sys [2013-10-17 36928]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2013-01-23 19968]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys [2013-01-23 27136]
S3 nmwcdnsucx64;Nokia USB Flashing Generic; C:\Windows\system32\drivers\nmwcdnsucx64.sys [2013-01-23 12800]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsux64.sys [2013-01-23 171008]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2012-10-17 26112]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2015-05-21 206080]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 19968]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 WinUsb;SAMSUNG Android USB Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ABBYY.Licensing.FineReader.Corporate.11.0;ABBYY FineReader 11 CE Licensing Service; C:\Program Files (x86)\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe [2012-07-19 821840]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-12-13 82128]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-09-28 239616]
R2 BlueSoleilCS;BlueSoleilCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [2013-03-06 3225600]
R2 BsMobileCS;BsMobileCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe [2013-01-08 273656]
R2 caMyciloP;caMyciloP; C:\ProgramData\\caMyciloP\\caMyciloP.exe [2016-01-20 539136]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 honic32;Hon Controller; C:\Program Files\HonController\honic.exe [2015-12-20 379904]
R2 NIHardwareService;NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2014-01-23 11936560]
R2 RealtekCU;RealtekCU; C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtlService.exe [2012-05-10 36864]
R2 ss_conn_service;SAMSUNG Mobile Connectivity Service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [2015-05-21 743688]
R2 TeamViewer8;TeamViewer 8; C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2015-06-24 5097232]
R3 BsHelpCS;BsHelpCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe [2013-01-08 207096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 FinwarmSvc;Finwarm Service; C:\Users\Rad\AppData\Local\Temp\kvhiCx\runner.exe []
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27 144200]
S2 PassThru Service;Internet Pass-Through Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe []
S2 prtductad;Unafind; C:\Users\Rad\AppData\Local\Quadtex.exe [2015-12-23 78848]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-07-09 327296]
S2 TrueCryptSystemFavorites;TrueCrypt System Favorites; C:\Windows\SysWOW64\TrueCrypt.exe [2012-12-24 1516496]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-19 269504]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27 144200]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2012-09-20 50899608]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2016-01-07 146888]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-12-08 178760]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2012-10-01 5132888]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files (x86)\WinPcap\rpcapd.exe [2010-06-25 117264]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2013-04-18 737616]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-01-04 1255736]

-----------------EOF-----------------

[Rudy]

Zdravím!
Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:

:files
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]/64
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]/64
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-

:commands
[Purity]
[Emptytemp]
[Emptyflash]

a klikněte na >MoveIt!<. Po skenu restartujte PC a dejte nový log RSIT.

[R4D]

Dobrý večer, díky za rychlou reakci:

Logfile of random's system information tool 1.10 (written by random/random)
Run by Rad at 2016-01-20 22:41:03
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 7 GB (1%) free of 954 GB
Total RAM: 4094 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:41:04, on 20.1.2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\AIDA64 Extreme Edition v2.70.2200 Final\aida64.exe
C:\Program Files\TrueCrypt\TrueCrypt.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\trend micro\Rad.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNaVXAdGTZAYinpmNeGas8S5M77yU5Bsjo9Pj3GVuv-CJcriiXiVizzx3slNUVyd2YGh7kzbzP4puF6Qp_i55rOvn4Gax5IZtqlZcxDh8nvQlNPN-vWc3tbxAZZNgcw9B7Qi5F7cdkF1zk6NIDxxJYCd-EeL22rTR4CoLMTuydOXg,&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNaVXAdGTZAYinpmNeGas8S5M77yU5Bsjo9Pj3GVuv-CJcriiXiVizzx3slNUVyd2YGh7kzbzP4puF6Qp_i55rOvn4Gax5IZtqlZcxDh8nvQlNPN-vWc3tbxAZZNgcw9B7Qi5F7cdkF1zk6NIDxxJYCd-EeL22rTR4CoLMTuydOXg,&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNaVXAdGTZAYinpmNeGas8S5M77yU5Bsjo9Pj3GVuv-CJcriiXiVizzx3slNUVyd2YGh7kzbzP4puF6Qp_i55rOvn4Gax5IZtqlZcxDh8nvQlNPN-vWc3tbxAZZNgcw9B7Qi5F7cdkF1zk6NIDxxJYCd-EeL22rTR4CoLMTuydOXg,&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNaVXAdGTZAYinpmNeGas8S5M77yU5Bsjo9Pj3GVuv-CJcriiXiVizzx3slNUVyd2YGh7kzbzP4puF6Qa3VnkubznFCb5Uf1bj3BX2bx9C4LBV6odCX9P1LpAEe-LM_SOq_Vzy01SyTSpqFxIOczP8mT7-6YUgUJUBr24jVl1EpDI,
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNaVXAdGTZAYinpmNeGas8S5M77yU5Bsjo9Pj3GVuv-CJcriiXiVizzx3slNUVyd2YGh7kzbzP4puF6Qp_i55rOvn4Gax5IZtqlZcxDh8nvQlNPN-vWc3tbxAZZNgcw9B7Qi5F7cdkF1zk6NIDxxJYCd-EeL22rTR4CoLMTuydOXg,&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~2\IDM\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Bonus.SSR.FR11] "C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" /autorun
O4 - HKLM\..\Run: [BtTray] "C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKCU\..\Run: [TrueCrypt] "C:\Program Files\TrueCrypt\TrueCrypt.exe" /q preferences /a logon
O4 - HKCU\..\Run: [HotFolder.FR11] "C:\Program Files (x86)\ABBYY FineReader 11\HotFolder.exe" /AutoRun
O4 - HKCU\..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105
O8 - Extra context menu item: Stáhnout s IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Stáhnout s IDM FLV videa z 10 posledně požadovaných - C:\Program Files (x86)\Internet Download Manager\IEGetVL2.htm
O8 - Extra context menu item: Stáhnout s IDM obsažené FLV video - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Stáhnout s IDM všechny odkazy - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\ProgramData\caMyciloP\Tonfix.dll
O23 - Service: ABBYY FineReader 11 CE Licensing Service (ABBYY.Licensing.FineReader.Corporate.11.0) - ABBYY - C:\Program Files (x86)\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: BlueSoleilCS - IVT Corporation - C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - IVT Corporation - C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: BsMobileCS - IVT Corporation - C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe
O23 - Service: caMyciloP - Unknown owner - C:\ProgramData\\caMyciloP\\caMyciloP.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Finwarm Service (FinwarmSvc) - Unknown owner - C:\Users\Rad\AppData\Local\Temp\kvhiCx\runner.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Hon Controller (honic32) - Unknown owner - C:\Program Files\HonController\honic.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Unafind (prtductad) - Unknown owner - C:\Users\Rad\AppData\Local\Quadtex.exe
O23 - Service: RealtekCU - Realtek Semiconductor Corp. - C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtlService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: TrueCrypt System Favorites (TrueCryptSystemFavorites) - TrueCrypt Foundation - C:\Windows\SysWOW64\TrueCrypt.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13457 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe" -service
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe"
"C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe"
C:\ProgramData\\caMyciloP\\caMyciloP.exe -f "C:\ProgramData\\caMyciloP\\caMyciloP.dat" -l -a
"C:\Program Files\HonController\honic.exe" /s iid=3671651 did=APSnapdoAMRev sid=3 ref=dbf8c1f3-f73a-0e85-294a-36e3e59902d2-PolicyMac id=e894afe9408df2b45fa176e61590b730275f10c525af0b4106680b587ba60b8e
"C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe"
"C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtlService.exe"
"C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe"
"C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe"
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-c90111ac-903b-4886-a84a-9053a012c6bd -SystemEventPortName:HostProcess-b5eeef5e-5882-4bad-a70e-f13de3943639 -IoCancelEventPortName:HostProcess-c57562bd-1283-4aa4-853e-7948fd943398 -NonStateChangingEventPortName:HostProcess-62c40e27-930f-43fe-8efb-d3fefbaba30f -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:f1523bc3-5cf3-414b-9ba0-e00e17274bb6 -DeviceGroupId:WpdFsGroup
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"taskhost.exe"
"C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtWlan.exe" /H
taskeng.exe {355172EA-6E62-4C52-A74E-A1419C3BB402}
taskeng.exe {D8602A18-412F-490A-B55C-9D11D12E8E12}
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\notepad.exe" C:\_OTM\MovedFiles\01202016_223058.log
"C:\Program Files (x86)\AIDA64 Extreme Edition v2.70.2200 Final\aida64.exe"
"C:\ProgramData\caMyciloP\caMyciloP.exe" -f "C:\ProgramData\caMyciloP\Unotamstrong.dat" -l -a regname Stpro.exe
"C:\Program Files\TrueCrypt\TrueCrypt.exe" /q preferences /a logon
"C:\Program Files (x86)\Internet Download Manager\IDMan.exe" /onboot
"C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
"C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe"
"C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" /AUTORUN
"C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe" /autorun
"C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe"
"C:\Windows\system32\SearchFilterHost.exe" 0 528 532 540 65536 536
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\sppsvc.exe
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Users\Rad\Desktop\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\DriverToolkit Autorun.job - C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe --autorun

=========Mozilla firefox=========

ProfilePath - C:\Users\Rad\AppData\Roaming\Mozilla\Firefox\Profiles\6aa6rioa.default-1450839913182

prefs.js - "browser.startup.homepage" - "C:\\ProgramData\\caMyciloPs\\ff.HP"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 20.0.0.286 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.60.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.60.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0]
"Description"=Microsoft Lync Plug-in for Firefox
"Path"=C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nokia.com/EnablerPlugin]
"Description"=Nokia Suite Enabler Plugin
"Path"=C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=1.1.11]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 20.0.0.286 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.8]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll


C:\Program Files (x86)\Mozilla Firefox\plugins\
npMeetingJoinPluginOC.dll
nppdf32.dll
npwachk.dll

C:\Users\Rad\AppData\Roaming\Mozilla\Firefox\Profiles\6aa6rioa.default-1450839913182\searchplugins\
findit.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01 205416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2012-08-16 6670496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office15\URLREDIR.DLL [2012-10-01 877720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL [2012-12-09 2323040]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01 139368]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2012-08-16 4171424]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-27 460384]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL [2012-10-01 704664]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C08DF07A-3E49-4E25-9AB0-D3882835F153}]
QUICKfind BHO Object - C:\PROGRA~2\IDM\QUICKF~1\PlugIns\IEHelp.dll [2007-02-16 457216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL [2012-12-09 1720928]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-27 172640]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 112512]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TrueCrypt"=C:\Program Files\TrueCrypt\TrueCrypt.exe [2012-12-24 1516496]
"HotFolder.FR11"=C:\Program Files (x86)\ABBYY FineReader 11\HotFolder.exe [2012-09-20 1419856]
""= []
"IDMan"=C:\Program Files (x86)\Internet Download Manager\IDMan.exe [2014-02-08 3825232]
"uTorrent"=C:\Program Files (x86)\uTorrent\uTorrent.exe [2013-01-04 969104]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Bonus.SSR.FR11"=C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe [2012-09-20 1348176]
"BtTray"=C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe [2013-03-06 428280]
"BrMfcWnd"=C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [2009-05-26 1159168]
"ControlCenter3"=C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [2008-12-24 114688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\ProgramData\caMyciloP\Treedom.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2012-08-16 6670496]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2012-08-16 4171424]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
IVTCredentialProvider

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrueCryptSystemFavorites]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TrueCryptSystemFavorites]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2016-01-20 22:30:58 ----D---- C:\_OTM
2016-01-20 21:04:53 ----D---- C:\rsit
2016-01-20 21:04:53 ----D---- C:\Program Files\trend micro
2016-01-20 20:58:16 ----D---- C:\ProgramData\caMyciloPs
2016-01-20 20:58:03 ----D---- C:\ProgramData\caMyciloP
2016-01-20 20:23:14 ----D---- C:\Users\Rad\AppData\Roaming\FreeFixer
2016-01-20 20:23:08 ----D---- C:\Program Files\FreeFixer
2016-01-19 17:08:39 ----D---- C:\Users\Rad\AppData\Roaming\Solveig Multimedia
2016-01-19 17:04:25 ----D---- C:\Users\Rad\AppData\Roaming\HyperCam
2016-01-19 17:03:56 ----D---- C:\Program Files (x86)\HyperCam 3
2016-01-07 13:03:16 ----D---- C:\Program Files (x86)\Mozilla Firefox
2016-01-03 05:58:46 ----RD---- C:\Program Files (x86)\Skype
2015-12-28 04:02:55 ----A---- C:\Windows\system32\drivers\ssudmdm.sys
2015-12-28 04:02:55 ----A---- C:\Windows\system32\drivers\ssudbus.sys
2015-12-28 04:01:40 ----D---- C:\Users\Rad\AppData\Roaming\Samsung
2015-12-28 04:01:38 ----A---- C:\Windows\SYSWOW64\secman.dll
2015-12-28 04:01:31 ----D---- C:\Program Files (x86)\Samsung
2015-12-23 01:25:36 ----D---- C:\Users\Rad\AppData\Roaming\Publish Providers
2015-12-23 01:15:18 ----D---- C:\Windows\SYSWOW64\spool
2015-12-23 01:15:18 ----D---- C:\ProgramData\Sony
2015-12-23 01:15:18 ----D---- C:\Program Files (x86)\Sony
2015-12-23 01:14:32 ----D---- C:\Users\Rad\AppData\Roaming\Sony
2015-12-23 00:11:04 ----D---- C:\Users\Rad\AppData\Roaming\Opera Software
2015-12-23 00:05:52 ----D---- C:\Users\Rad\AppData\Roaming\Xilisoft
2015-12-23 00:05:13 ----D---- C:\ProgramData\Xilisoft
2015-12-23 00:05:13 ----D---- C:\Program Files (x86)\Xilisoft
2015-12-23 00:04:08 ----D---- C:\Program Files (x86)\Opera
2015-12-23 00:03:58 ----D---- C:\Program Files\HonController
2015-12-22 23:57:09 ----D---- C:\Program Files (x86)\free-videoconverter

======List of files/folders modified in the last 1 month======

2016-01-20 22:41:04 ----D---- C:\Windows\Temp
2016-01-20 22:40:18 ----D---- C:\Users\Rad\AppData\Roaming\uTorrent
2016-01-20 22:38:14 ----D---- C:\Windows\Prefetch
2016-01-20 22:37:52 ----D---- C:\Windows\system32\Tasks
2016-01-20 22:36:10 ----A---- C:\Windows\SYSWOW64\bscs.ini
2016-01-20 22:32:52 ----D---- C:\Windows\SysWOW64
2016-01-20 22:32:52 ----D---- C:\Windows\System32
2016-01-20 22:30:58 ----D---- C:\Windows\Tasks
2016-01-20 21:04:53 ----RD---- C:\Program Files
2016-01-20 20:58:16 ----HD---- C:\ProgramData
2016-01-20 20:54:42 ----D---- C:\AdwCleaner
2016-01-20 20:50:24 ----D---- C:\Users\Rad\AppData\Roaming\DMCache
2016-01-20 20:40:43 ----D---- C:\Users\Rad\AppData\Roaming\vlc
2016-01-19 21:01:22 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2016-01-19 17:03:58 ----D---- C:\Program Files (x86)\Common Files
2016-01-19 17:03:56 ----RD---- C:\Program Files (x86)
2016-01-15 03:48:09 ----SHD---- C:\System Volume Information
2016-01-15 03:43:06 ----D---- C:\Windows\system32\config
2016-01-13 19:18:11 ----SHD---- C:\Windows\Installer
2016-01-12 22:33:18 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-07 19:18:42 ----D---- C:\Train Simulator 2014 Steam Edition
2016-01-04 13:55:23 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-01-04 13:55:22 ----D---- C:\Windows\inf
2016-01-04 07:33:17 ----D---- C:\Windows\system32\catroot
2016-01-03 07:37:24 ----D---- C:\Users\Rad\AppData\Roaming\Skype
2016-01-03 05:58:58 ----D---- C:\ProgramData\Skype
2016-01-02 03:13:02 ----D---- C:\Program Files\Recuva
2015-12-31 13:21:58 ----A---- C:\Users\Rad\AppData\Roaming\AutoGK.ini
2015-12-31 10:32:11 ----D---- C:\mp3
2015-12-28 04:05:43 ----D---- C:\ProgramData\Samsung
2015-12-28 04:05:35 ----D---- C:\Windows\system32\drivers
2015-12-28 04:02:59 ----D---- C:\Windows\system32\DriverStore
2015-12-28 04:02:52 ----D---- C:\Windows\system32\catroot2
2015-12-28 04:01:34 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2015-12-24 00:57:40 ----AD---- C:\ProgramData\TEMP
2015-12-24 00:55:17 ----D---- C:\Users\Rad\AppData\Roaming\VideoReDo-TVSuite4
2015-12-23 01:15:11 ----D---- C:\Windows\winsxs

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 BtHidBus;Bluetooth HID Bus Service; C:\Windows\System32\Drivers\BtHidBus.sys [2011-12-21 25056]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 truecrypt;truecrypt; C:\Windows\System32\drivers\truecrypt.sys [2012-12-24 231376]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-12-24 283200]
R2 IDMWFP;IDMWFP; C:\Windows\system32\DRIVERS\idmwfp.sys [2013-11-28 175480]
R2 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2010-06-25 35344]
R2 WCMVCAM;WebcamMax, WDM Video Capture; C:\Windows\system32\DRIVERS\wcmvcam64.sys [2011-06-23 1071032]
R3 AIDA64Driver;FinalWire AIDA64 Kernel Driver; \??\C:\Program Files (x86)\AIDA64 Extreme Edition v2.70.2200 Final\kerneld.x64 [2012-10-28 30624]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-09-28 10697216]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-09-28 460288]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
R3 BT;Bluetooth PAN Network Adapter; C:\Windows\system32\DRIVERS\btnetdrv.sys [2011-12-21 22240]
R3 BTCOM;Bluetooth Serial port driver; C:\Windows\system32\DRIVERS\btcomport.sys [2011-07-27 29576]
R3 IvtAudioBusSrv;IvtAudioBusSrv; C:\Windows\System32\Drivers\IvtBtBus.sys [2012-12-24 27256]
R3 IvtComBusSrv;IvtComBusSrv; C:\Windows\System32\Drivers\btcombus.sys [2013-01-05 25720]
R3 IvtPanBusSrv;IvtPanBusSrv; C:\Windows\System32\Drivers\btnetBus.sys [2012-12-24 31480]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2005-03-29 8192]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys [2010-01-22 77824]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys [2010-01-22 180224]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 BlueletAudio;Bluetooth Audio Service; C:\Windows\system32\DRIVERS\blueletaudio.sys [2012-12-24 41208]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\Windows\System32\Drivers\btcusb.sys [2012-12-25 43128]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2015-05-21 110720]
S3 GPU-Z;GPU-Z; \??\C:\Users\Rad\AppData\Local\Temp\GPU-Z.sys []
S3 htcnprot;HTC NDIS Protocol Driver; C:\Windows\system32\DRIVERS\htcnprot.sys [2013-10-17 36928]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2013-01-23 19968]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys [2013-01-23 27136]
S3 nmwcdnsucx64;Nokia USB Flashing Generic; C:\Windows\system32\drivers\nmwcdnsucx64.sys [2013-01-23 12800]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsux64.sys [2013-01-23 171008]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2012-10-17 26112]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2015-05-21 206080]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 19968]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 WinUsb;SAMSUNG Android USB Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ABBYY.Licensing.FineReader.Corporate.11.0;ABBYY FineReader 11 CE Licensing Service; C:\Program Files (x86)\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe [2012-07-19 821840]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-12-13 82128]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-09-28 239616]
R2 BlueSoleilCS;BlueSoleilCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [2013-03-06 3225600]
R2 BsMobileCS;BsMobileCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe [2013-01-08 273656]
R2 caMyciloP;caMyciloP; C:\ProgramData\\caMyciloP\\caMyciloP.exe [2016-01-20 539136]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 honic32;Hon Controller; C:\Program Files\HonController\honic.exe [2015-12-20 379904]
R2 NIHardwareService;NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2014-01-23 11936560]
R2 RealtekCU;RealtekCU; C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtlService.exe [2012-05-10 36864]
R2 ss_conn_service;SAMSUNG Mobile Connectivity Service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [2015-05-21 743688]
R2 TeamViewer8;TeamViewer 8; C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2015-06-24 5097232]
R3 BsHelpCS;BsHelpCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe [2013-01-08 207096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 FinwarmSvc;Finwarm Service; C:\Users\Rad\AppData\Local\Temp\kvhiCx\runner.exe []
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27 144200]
S2 PassThru Service;Internet Pass-Through Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe []
S2 prtductad;Unafind; C:\Users\Rad\AppData\Local\Quadtex.exe [2015-12-23 78848]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-07-09 327296]
S2 TrueCryptSystemFavorites;TrueCrypt System Favorites; C:\Windows\SysWOW64\TrueCrypt.exe [2012-12-24 1516496]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-19 269504]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27 144200]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2012-09-20 50899608]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2016-01-07 146888]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-12-08 178760]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2012-10-01 5132888]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files (x86)\WinPcap\rpcapd.exe [2010-06-25 117264]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2013-04-18 737616]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-01-04 1255736]

-----------------EOF-----------------



================================================ LOG Z OTM ================================================

All processes killed
========== FILES ==========
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
========== REGISTRY ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Rad
->Temp folder emptied: 541170110 bytes
->Temporary Internet Files folder emptied: 30995187 bytes
->Java cache emptied: 30948 bytes
->FireFox cache emptied: 368450647 bytes
->Google Chrome cache emptied: 205048974 bytes
->Flash cache emptied: 73214 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2158953 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 103320 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46485631 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1 139,00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Rad
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb


OTM by OldTimer - Version 3.1.21.0 log created on 01202016_223058

Files moved on Reboot...
C:\Users\Rad\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

[Rudy]

Dvouklikem na soubor C:\Program Files\trend micro\Rad.exe spusťte HijackThis. Klikněte na "Do a system scan only" a v otevřeném okně vlevo ve čtverečcích zaškrtněte:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://%66%65%65%64.%73%6F%6E%69%63-%73 ... uydOXg,&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://%66%65%65%64.%73%6F%6E%69%63-%73 ... uydOXg,&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://%66%65%65%64.%73%6F%6E%69%63-%73 ... uydOXg,&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://%66%65%65%64.%73%6E%61%70%64%6F. ... 24jVl1EpDI,
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://%66%65%65%64.%73%6F%6E%69%63-%73 ... uydOXg,&q={searchTerms}
O20 - AppInit_DLLs: C:\ProgramData\caMyciloP\Tonfix.dll

Klikněte na >FixChecked<. Pak znovu spusťte OTM a klikněte na >CleanUp!<. OTM po sobě uklidí. Nakonec restartujte PC.

[R4D]

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://%66%65%65%64.%73%6E%61%70%64%6F. ... 24jVl1EpDI,

mezi výsledky není, jak postupovat?

[Rudy]

Pokud tam není, nijak ho do HJT nepřidáte. Zafajfkujte je to, co jsem vypsal a spusťte. Po restrtu se přesvědčte, zda to pomohlo. V opačném případě budeme pokračovat.

[R4D]

Děkuji Vám za pomoc. Provedeno, ovšem bohužel jestli to dobře chápu, žádná z akcí se netýká Firefoxu, což je jediný prohlížeč, který používám.

Po otevření mám domovskou stránku: C:\ProgramData\caMyciloPs/snap.sc

... které vyústí v: http://search.safefinder.com/?st=sc&q=

A výchozí vyhledání pomocí CTRL+E mám také nastavené na safefinder...

Dále mi vyskakují na náhodně načítaných oknech reklaby by SnapDo:

Kód: Vybrat vše

http://leteckaposta.cz/152803786

Je ještě v takové fázi vůbec možné prohlížeč vyléčit?

Děkuji.

[Rudy]

Zkuste ještě následující skeny:

1. Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: http://thisisudax.org/downloads/JRT.exe
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.

[R4D]

Zítra provedu, teď jsem byl pryč, promiňte.

Ještě mám další zbytky ve FF, při načtení slovnik.seznam.cz jsem přesměrován na http://s.mediasing.com/?d=, což mě opět hodí na http://search.safefinder.com/?st=ds&q=.

Zítra postnu výsledky tedy.

[Rudy]

OK, měl bych tu být.

[R4D]

Tak Mozilla Firefox se již spustila bez toho FindIt! na domovské stránce. Ovšem když dám slovnik.seznam.cz, opět jsem přesměrován na http://search.safefinder.com/?st=ds&q= ... Takže ještě to asi nebude vše, navíc mám stále spuštěný proces, který nejde ukončit (asi trojan nebo něco)... Prosím o další pomoc:


Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Rad on Łt 16.02.2016 at 21:47:59,44.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Rad\Desktop\zoek_2.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

16.2.2016 21:49:59 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\Xenocode deleted successfully
C:\PROGRA~3\IDM deleted successfully
C:\Users\Rad\AppData\Roaming\Opera Software deleted successfully
C:\Users\Rad\AppData\Roaming\Publish Providers deleted successfully
C:\Users\Rad\AppData\Local\GHISLER deleted successfully
C:\Users\Rad\AppData\Local\Opera Software deleted successfully
C:\Users\Rad\AppData\Local\Skype deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2618563196-133838-1782383624-1000\Software\Microsoft\Internet Explorer\SearchScopes\{ielnksrch} deleted successfully
HKEY_USERS\S-1-5-21-2618563196-133838-1782383624-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{10FE66F5-5E7-47C7-AD8C-B190E378E8C6} deleted successfully
HKEY_USERS\S-1-5-21-2618563196-133838-1782383624-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1AC0F9A0-C34D-4157-BB78-1D38302129B9} deleted successfully
HKEY_USERS\S-1-5-21-2618563196-133838-1782383624-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1D4E4B2C-EC67-4CA1-A958-A52B915A39D} deleted successfully
HKEY_USERS\S-1-5-21-2618563196-133838-1782383624-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2145B0A1-EECC-42A7-A2C5-A9E03BD1CAD4} deleted successfully
HKEY_USERS\S-1-5-21-2618563196-133838-1782383624-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{22747E66-3712-4D85-80D4-8F2472454A49} deleted successfully
HKEY_USERS\S-1-5-21-2618563196-133838-1782383624-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{22F0108F-A186-4668-A84-7A895E6A7C3} deleted successfully
HKEY_USERS\S-1-5-21-2618563196-133838-1782383624-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3F80A4-B32F-4E8B-AECE-95BE2AB6428B} deleted successfully
HKEY_USERS\S-1-5-21-2618563196-133838-1782383624-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{43635DCD-45A5-4A76-BCDB-4D3E9E57B3D0} deleted successfully
HKEY_USERS\S-1-5-21-2618563196-133838-1782383624-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{43D4094F-4481-47F6-A9F4-FFD3C174C83} deleted successfully
HKEY_USERS\S-1-5-21-2618563196-133838-1782383624-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4EA7285E-9011-4EC8-B2F8-9C92A4D641C3} deleted successfully
HKEY_USERS\S-1-5-21-2618563196-133838-1782383624-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56FEE9F8-ACEB-469F-ADE8-E82BE1BDEF25} deleted successfully
HKEY_USERS\S-1-5-21-2618563196-133838-1782383624-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{57E8457C-F1D8-43EF-8EBD-4F7294B12932} deleted successfully
HKEY_USERS\S-1-5-21-2618563196-133838-1782383624-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6454EE81-D07A-4ECA-B5BC-9F75518D38D4} deleted successfully
HKEY_USERS\S-1-5-21-2618563196-133838-1782383624-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6A168CB0-D6D7-41BD-BE32-B42DB4322A93} deleted successfully
HKEY_USERS\S-1-5-21-2618563196-133838-1782383624-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6DDB1ED4-BEE4-4C7B-A79B-1B6EE3B2F04B} deleted successfully
HKEY_USERS\S-1-5-21-2618563196-133838-1782383624-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{77DD9E9D-2872-4C4B-A56A-36E4F3EB3846} deleted successfully
HKEY_USERS\S-1-5-21-2618563196-133838-1782383624-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A45E824-72AA-4C58-8130-768E57EEDF22} deleted successfully
HKEY_USERS\S-1-5-21-2618563196-133838-1782383624-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7C62CEA6-493B-432D-BAE5-421117B13633} deleted successfully
HKEY_USERS\S-1-5-21-2618563196-133838-1782383624-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8AB2C0CB-D5D8-43DF-A489-2A54AF7AD35} deleted successfully
HKEY_USERS\S-1-5-21-2618563196-133838-1782383624-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8B890D70-89A0-4116-9DF1-40F3B4C157} deleted successfully
HKEY_USERS\S-1-5-21-2618563196-133838-1782383624-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9B628731-2901-4475-B36C-A5187CA2759B} deleted successfully
HKEY_USERS\S-1-5-21-2618563196-133838-1782383624-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A87588CA-6035-458A-8061-77AAC02ADA59} deleted successfully
HKEY_USERS\S-1-5-21-2618563196-133838-1782383624-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AB7F962F-B354-4603-AE5A-F42FA116F5F} deleted successfully
HKEY_USERS\S-1-5-21-2618563196-133838-1782383624-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ACA28D07-9F53-4B66-92D9-FD9297847C65} deleted successfully
HKEY_USERS\S-1-5-21-2618563196-133838-1782383624-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B3ECDDE7-9DC9-4C02-A0C-AC99AEFA5B28} deleted successfully
HKEY_USERS\S-1-5-21-2618563196-133838-1782383624-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BE991B83-AC8E-4580-849-28B748B12190} deleted successfully
HKEY_USERS\S-1-5-21-2618563196-133838-1782383624-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C6F8734-7785-4E81-B2B2-D0DEF9A7C874} deleted successfully
HKEY_USERS\S-1-5-21-2618563196-133838-1782383624-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CD0D9013-121-4D44-B9B-A6C3BD1269F2} deleted successfully
HKEY_USERS\S-1-5-21-2618563196-133838-1782383624-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D372519B-E378-4A3A-86D5-39F7B83BC1B6} deleted successfully
HKEY_USERS\S-1-5-21-2618563196-133838-1782383624-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D481ABE2-77E4-4569-B220-DA988FF7277} deleted successfully
HKEY_USERS\S-1-5-21-2618563196-133838-1782383624-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EFB95F40-8CE-4E2F-88E4-F0DDE3E1F1EE} deleted successfully
HKEY_USERS\S-1-5-21-2618563196-133838-1782383624-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F84CE409-F1EE-4C22-93F1-ACF25EACACCA} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\caMyciloP deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\caMyciloP deleted successfully

==== FireFox Fix ======================

Deleted from C:\Users\Rad\AppData\Roaming\Mozilla\Firefox\Profiles\6aa6rioa.default-1450839913182\prefs.js:
user_pref("browser.startup.homepage", "www.seznam.cz");
user_pref("browser.newtab.url", "C:\\ProgramData\\caMyciloPs\\ff.NT");

Added to C:\Users\Rad\AppData\Roaming\Mozilla\Firefox\Profiles\6aa6rioa.default-1450839913182\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Deleting Files \ Folders ======================

C:\PROGRA~2\Xenocode not found
C:\Users\Rad\.android deleted
C:\PROGRA~2\COMPlus Applications deleted
C:\PROGRA~2\iDealshare deleted
C:\Users\Rad\AppData\Roaming\AutoGK.ini deleted
C:\Users\Rad\AppData\Roaming\iDealshare VideoGo 5 deleted
C:\Users\Rad\AppData\Roaming\iDealshare VideoGo 6 deleted
C:\Users\Rad\AppData\Roaming\GetRightToGo deleted
C:\PROGRA~3\{ACF12395-778E-44F0-A811-C99F334A83F5} deleted
C:\PROGRA~3\{BD26D777-CA21-4BDD-A581-6BCFE4F0F941} deleted
C:\PROGRA~3\{C6A355F5-168B-4EEC-AB7C-75594F783EDB} deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Rad\AppData\Local\Quadtex.exe deleted
C:\Users\Rad\AppData\Local\Quadtex.exe.config deleted
C:\Users\Rad\AppData\Local\Unity deleted
C:\Users\Rad\AppData\Local\somotoimeshmoviestoolbar deleted
C:\Users\Rad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iDealshare deleted
C:\Users\Rad\AppData\LocalLow\Unity deleted
C:\windows\SysNative\GroupPolicy\machine deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
"C:\Users\Rad\AppData\Local\~wmrg" deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Rad\AppData\Roaming\Mozilla\Firefox\Profiles\6aa6rioa.default-1450839913182
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"mozilla_cc@internetdownloadmanager.com"="C:\Users\Rad\AppData\Roaming\IDM\idmmzcc5" [08.02.2014 18:19]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Rad\AppData\Roaming\Mozilla\Firefox\Profiles\6aa6rioa.default-1450839913182
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Rad\AppData\Roaming\Mozilla\Firefox\Profiles\6aa6rioa.default-1450839913182
A107920551356DAEE665F0884F34D2D7 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll - Shockwave Flash


==== Chromium Look ======================

Google Chrome Version: 46.0.2490.86

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
jeaohhlajejodfjadcponpnjgkiikocn - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx[16.01.2014 23:58]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
fkkcgfbgohboipdhliafmacjnhjbhmim - No path found[]

Seznam Lištička - Email - Rad\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig
Download FB Album mod - Rad\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgjnhhjpfcdhbhlcmmjppicjmgfkppok
Scopedown (Periscope Downloader) - Rad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddpiaehacicpjdnjmplhpnmpegdgjnfn
IDM Integration Module - Rad\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn
Techgile - Rad\AppData\Local\Google\Chrome\User Data\Default\Extensions\lehepedlpajpdceoefcmmeajalnppgbd
Seznam Lištička - Rychlá volba - Rad\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak

==== Chromium Fix ======================

C:\Users\Rad\AppData\Local\Google\Chrome\User Data\Default\Extensions\lehepedlpajpdceoefcmmeajalnppgbd deleted successfully
C:\Users\Rad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lehepedlpajpdceoefcmmeajalnppgbd_0.localstorage deleted successfully
C:\Users\Rad\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lehepedlpajpdceoefcmmeajalnppgbd deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNaVXAdGTZAYinpmNeGas8S5M77yU5Bsjo9Pj3GVuv-CJcriiXiVizzx3slNUVyd2YGh7kzbzP4puF6Qa3VnkubznFCb5Uf1bj3BcwVihllNvXIdZozT3CSMpTbdNrp5jywCfbdE59MAiA4eg6XTZh5L6VYonZ0mFb-4JGRQKA0UA,"
"Secondary Start Pages"="http://www.google.com"
"Search Bar"="http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNaVXAdGTZAYinpmNeGas8S5M77yU5Bsjo9Pj3GVuv-CJcriiXiVizzx3slNUVyd2YGh7kzbzP4puF6Qp_i55rOvn4Gax5IZtqlZWqggRBrxX09pCJUK1D5e7T7hsqeGLnxr0bt3d5LKoMz4CTpUi0HGY4xVtifcOj8FOK30Pcn-Q,&q={searchTerms}"
"Search Page"="http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNaVXAdGTZAYinpmNeGas8S5M77yU5Bsjo9Pj3GVuv-CJcriiXiVizzx3slNUVyd2YGh7kzbzP4puF6Qp_i55rOvn4Gax5IZtqlZWqggRBrxX09pCJUK1D5e7T7hsqeGLnxr0bt3d5LKoMz4CTpUi0HGY4xVtifcOj8FOK30Pcn-Q,&q={searchTerms}"
"SearchAssistant"="http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNaVXAdGTZAYinpmNeGas8S5M77yU5Bsjo9Pj3GVuv-CJcriiXiVizzx3slNUVyd2YGh7kzbzP4puF6Qp_i55rOvn4Gax5IZtqlZWqggRBrxX09pCJUK1D5e7T7hsqeGLnxr0bt3d5LKoMz4CTpUi0HGY4xVtifcOj8FOK30Pcn-Q,&q={searchTerms}"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNaVXAdGTZAYinpmNeGas8S5M77yU5Bsjo9Pj3GVuv-CJcriiXiVizzx3slNUVyd2YGh7kzbzP4puF6Qp_i55rOvn4Gax5IZtqlZWqggRBrxX09pCJUK1D5e7T7hsqeGLnxr0bt3d5LKoMz4CTpUi0HGY4xVtifcOj8FOK30Pcn-Q,&q={searchTerms}"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNaVXAdGTZAYinpmNeGas8S5M77yU5Bsjo9Pj3GVuv-CJcriiXiVizzx3slNUVyd2YGh7kzbzP4puF6Qp_i55rOvn4Gax5IZtqlZWqggRBrxX09pCJUK1D5e7T7hsqeGLnxr0bt3d5LKoMz4CTpUi0HGY4xVtifcOj8FOK30Pcn-Q,&q={searchTerms}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNaVXAdGTZAYinpmNeGas8S5M77yU5Bsjo9Pj3GVuv-CJcriiXiVizzx3slNUVyd2YGh7kzbzP4puF6Qp_i55rOvn4Gax5IZtqlZWqggRBrxX09pCJUK1D5e7T7hsqeGLnxr0bt3d5LKoMz4CTpUi0HGY4xVtifcOj8FOK30Pcn-Q,&q={searchTerms}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNaVXAdGTZAYinpmNeGas8S5M77yU5Bsjo9Pj3GVuv-CJcriiXiVizzx3slNUVyd2YGh7kzbzP4puF6Qp_i55rOvn4Gax5IZtqlZWqggRBrxX09pCJUK1D5e7T7hsqeGLnxr0bt3d5LKoMz4CTpUi0HGY4xVtifcOj8FOK30Pcn-Q,&q={searchTerms}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{ielnksrch}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.google.com"
"Secondary Start Pages"="http://www.google.com"
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{ielnksrch}"
HKLM\Wow6432Node\SearchScopes\ielnksrch - http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNaVXAdGTZAYinpmNeGas8S5M77yU5Bsjo9Pj3GVuv-CJcriiXiVizzx3slNUVyd2YGh7kzbzP4puF6Qp_i55rOvn4Gax5IZtqlZWqggRBrxX09pCJUK1D5e7T7hsqeGLnxr0bt3d5LKoMz4CTpUi0HGY4xVtifcOj8FOK30Pcn-Q,&q={searchTerms}
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
HKCU\SearchScopes\{1339A7CD-3AD4-42E0-9E6A-A861C3FCA5F6} - http://www.mapy.cz/?query={searchTerms} ... arch_13415
HKCU\SearchScopes\{3F09C105-075C-49CD-9AA1-D910B1356CE1} - http://encyklopedie.seznam.cz/search?q= ... arch_13415
HKCU\SearchScopes\{4BCC9C68-ED08-418B-826C-10EF73C135F1} - http://slovnik.seznam.cz/?q={searchTerm ... arch_13415
HKCU\SearchScopes\{53751595-1836-4991-A62E-3E189FA9D6F0} - http://tv.seznam.cz/hledej?w={searchTer ... arch_13415
HKCU\SearchScopes\{6B7B46ED-681F-4FDB-9DF3-B2454F816D3A} - http://search.seznam.cz/?q={searchTerms ... arch_13415
HKCU\SearchScopes\{6E2AE4DD-4ADF-4E4D-9222-911315213D4B} - http://slovnik.seznam.cz/?q={searchTerm ... arch_13415
HKCU\SearchScopes\{7A61C6B7-74FB-4FCE-AA88-FF870A1E09FE} - http://www.novinky.cz/hledej?w={searchT ... arch_13415
HKCU\SearchScopes\{8CC72A94-9A95-487E-86E4-1EF720A7D5DD} - http://www.zbozi.cz/?q={searchTerms}&r= ... arch_13415
HKCU\SearchScopes\{F271B31B-6E28-4917-8B1D-D4722D55A77C} - http://www.firmy.cz/?q={searchTerms}&so ... arch_13415

==== Reset Google Chrome ======================

C:\Users\Rad\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Rad\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Rad\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== shortcuts on Users Desktops ======================

C:\Users\Rad\Desktop\HyperCam 3.lnk - C:\Program Files (x86)\HyperCam 3\SMM_HyperCam.exe
C:\Users\Rad\Desktop\ScreenShots.lnk - C:\Program Files (x86)\ScreenShots\ScreenShots.exe
C:\Users\Rad\Desktop\Plocha\Arial CD Ripper.lnk - C:\Program Files (x86)\Arial CD Ripper\Arial CD Ripper.exe
C:\Users\Rad\Desktop\Plocha\BST.lnk - D:\BST\Launcher.exe
C:\Users\Rad\Desktop\Plocha\SMPlayer.lnk - C:\Program Files (x86)\SMPlayer\smplayer.exe
C:\Users\Rad\Desktop\Plocha\Train Simulator 2014 Steam Edition.lnk - C:\Train Simulator 2014 Steam Edition\RailWorks.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\16LEDLights.lnk - C:\Windows\Installer\{9A9C1ECF-D134-46BF-A174-B09EECA60DB3}\_C0A2B8C17351D13019183B.exe
C:\Users\Public\Desktop\BlueSoleil Space.lnk - C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files (x86)\CCleaner\CCleaner64.exe
C:\Users\Public\Desktop\Controller Editor.lnk - C:\Program Files (x86)\Native Instruments\Controller Editor\Controller Editor.exe
C:\Users\Public\Desktop\CPUID CPU-Z.lnk - C:\Program Files (x86)\CPUID\CPU-Z\cpuz.exe
C:\Users\Public\Desktop\Fraps.lnk - C:\Fraps\fraps.exe
C:\Users\Public\Desktop\Free ISO Creator.lnk - C:\Program Files (x86)\Free ISO Creator\FreeISOCreator.exe
C:\Users\Public\Desktop\Grand Theft Auto IV.lnk - C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe
C:\Users\Public\Desktop\iDealshare VideoGo 6.lnk - C:\Program Files (x86)\iDealshare\VideoGo 6\videoconverter.exe
C:\Users\Public\Desktop\ManyCam.lnk - C:\Program Files (x86)\ManyCam\ManyCam.exe
C:\Users\Public\Desktop\Nokia Suite.lnk - C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
C:\Users\Public\Desktop\Service Center.lnk - C:\Program Files (x86)\Native Instruments\Service Center\ServiceCenter.exe
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{FC965A47-4839-40CA-B618-18F486F042C6}\SkypeIcon.exe
C:\Users\Public\Desktop\Traktor 2.lnk - C:\Program Files (x86)\Native Instruments\Traktor 2\Traktor.exe

==== shortcuts in Users Start Menu ======================

C:\Users\Rad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Rad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D?publisher=apsnapdoam&co=CZ&userid=dbf8c1f3-f73a-0e85-294a-36e3e59902d2&searchtype=sc&installDate=01.02.2016&barcodeid=50046888&channelid=888&av=windows
C:\Users\Rad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe -extoff
C:\Users\Rad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer\FreeFixer.lnk - C:\Program Files\FreeFixer\freefixer.exe
C:\Users\Rad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer\Uninstall.lnk - C:\Program Files\FreeFixer\Uninstall.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AB0000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D?publisher=apsnapdoam&co=CZ&userid=dbf8c1f3-f73a-0e85-294a-36e3e59902d2&searchtype=sc&installDate=01.02.2016&barcodeid=50046888&channelid=888&av=windows
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HyperCam 3\Home Page.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HyperCam 3\HyperCam 3 Help.lnk - C:\Program Files (x86)\HyperCam 3\Lang_Hypercam\eng.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HyperCam 3\HyperCam 3.lnk - C:\Program Files (x86)\HyperCam 3\SMM_HyperCam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HyperCam 3\HyperCam Media Editor Help.lnk - C:\Program Files (x86)\HyperCam 3\Lang_Splitter\eng.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HyperCam 3\HyperCam Media Editor.lnk - C:\Program Files (x86)\HyperCam 3\SMM_HCEditor.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HyperCam 3\Licence.lnk - C:\Program Files (x86)\HyperCam 3\EULA.rtf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HyperCam 3\Uninstall.lnk - C:\Program Files (x86)\HyperCam 3\Uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManyCam\ManyCam.lnk - C:\Program Files (x86)\ManyCam\ManyCam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManyCam\Reset settings.lnk - C:\Program Files (x86)\ManyCam\ManyCam.exe --remove-settings
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManyCam\Uninstall ManyCam.lnk - C:\Program Files (x86)\ManyCam\uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Kies3\Samsung Kies 3.lnk - C:\Program Files (x86)\Samsung\Kies3\Kies3.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Kies3\Uninstall Kies 3.lnk - C:\Program Files (x86)\InstallShield Installation Information\{88547073-C566-4895-9005-EBE98EA3F7C7}\setup.exe /removeonly
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony\Vegas Pro 11.0\Vegas Pro 11.0 Readme.lnk - C:\Program Files (x86)\Sony\Vegas Pro 11.0\Readme\Vegas_readme.htm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony\Vegas Pro 11.0\Vegas Pro 11.0.lnk - C:\Program Files (x86)\Sony\Vegas Pro 11.0\vegas110.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony\Vegas Pro 11.0\Video Capture 6.0 Readme.lnk - C:\Program Files (x86)\Sony\Vegas Pro 11.0\Readme\Videocapture_readme.htm

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Rad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D?publisher=apsnapdoam&co=CZ&userid=dbf8c1f3-f73a-0e85-294a-36e3e59902d2&searchtype=sc&installDate=01.02.2016&barcodeid=50046888&channelid=888&av=windows
C:\Users\Rad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D?publisher=apsnapdoam&co=CZ&userid=dbf8c1f3-f73a-0e85-294a-36e3e59902d2&searchtype=sc&installDate=01.02.2016&barcodeid=50046888&channelid=888&av=windows
C:\Users\Rad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ManyCam.lnk - C:\Program Files (x86)\ManyCam\ManyCam.exe
C:\Users\Rad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk - C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE /recycle
C:\Users\Rad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung Kies 3.lnk - C:\Program Files (x86)\Samsung\Kies3\Kies3.exe
C:\Users\Rad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Rad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Rad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Excel 2013.lnk - C:\Windows\Installer\{91150000-0011-0000-1000-0000000FF1CE}\xlicons.exe
C:\Users\Rad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\MediaInfo.lnk - C:\Program Files\MediaInfo\MediaInfo.exe
C:\Users\Rad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\ProgramData\caMyciloPs\snp.sc
C:\Users\Rad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\MP4Joiner.lnk - D:\mp4joiner\bin\MP4Joiner.exe
C:\Users\Rad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Resource Monitor.lnk - C:\Windows\system32\perfmon.exe /res
C:\Users\Rad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\StrongDC++.lnk - C:\Program Files (x86)\StrongDC++\StrongDC.exe
C:\Users\Rad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\TeamViewer 8.lnk - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
C:\Users\Rad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe

==== shortcuts After Repair ======================

C:\Users\Rad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Rad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Rad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Rad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Rad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Rad\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Rad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Rad\AppData\Local\Mozilla\Firefox\Profiles\6aa6rioa.default-1450839913182\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Rad\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=154 folders=56 151100951 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Rad\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Rad\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Rad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found

==== EOF on Łt 16.02.2016 at 22:07:20,29 ======================

[Rudy]

FF zazálohujte pomocí MozBackup: http://www.stahuj.centrum.cz/utility_a_ ... mozbackup/ . Pak FF odinstalujte vč. jeho profilu. Znovu nainstalujte a zpět ze zálohy nakopírujte pouze záložky a hesla.

[R4D]

Takže chápu to správně že to v podstatě vzdáváme? Jiné řešení není? Toto jsem mohl udělat už na začátku procesu. Cokoliv udělám, tak se mi tam opět vrátí ten SafeFinder (moc safe teda není...) a hledání z hledacího okna přes yahoo (+ slovnik.seznam.cz nejede).

[Rudy]

To, co vám navrhuji, je reinstal FF. A to čistý. Z původního použijete je hesla a záložky. Zbytek se zpět kopírovat nebude. Nevzdáváme nic, pouze neexistuje utilita, kterou by šlo reguléně ten hijacker vyhodit. Pak se to musí řešit čistou instalací.