VIRY.CZ

Prosím o kontrolu LOGu:


Logfile of random's system information tool 1.09 (written by random/random)
Run by julek at 2012-06-13 11:56:42
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 328 GB (76%) free of 432 GB
Total RAM: 3959 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:57:11, on 13.6.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Vidalia Bundle\Vidalia\vidalia.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Vidalia Bundle\Tor\tor.exe
C:\Program Files (x86)\Vidalia Bundle\Polipo\polipo.exe
C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Users\julek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\julek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\julek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\julek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\julek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\julek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\julek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\SysWOW64\rundll32.exe
C:\Users\julek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\julek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\julek\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\julek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\julek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\julek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\julek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\julek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\julek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\julek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\julek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\julek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\julek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\julek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\julek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\julek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\julek.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo2.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: uTorrentBar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo2.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo2.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [4StoryPrePatch] C:\Program Files (x86)\Gameforge4D\4Story\PrePatch.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\julek\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files (x86)\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~2\Google\GOOGLE~4\GO36F4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: IGRS - Lenovo Group Limited - C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo ReadyComm AppSvc - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\AppSvc.exe
O23 - Service: Lenovo ReadyComm ConnSvc - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: Vodafone Mobile Connect Service (VmbService) - Vodafone - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12799 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
winlogon.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\windows\system32\WLANExt.exe 20239360
\??\C:\windows\system32\conhost.exe "2205838261276209306-13464748441764206804-18535963971909960756482189844-20510623
C:\windows\system32\nvvsvc.exe -session -first
C:\windows\System32\spoolsv.exe
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE"
"C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe"
"C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe"
C:\windows\system32\svchost.exe -k bthsvcs
"taskhost.exe"
"C:\windows\system32\Dwm.exe"
C:\windows\Explorer.EXE
"C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe"
"C:\Program Files\Elantech\ETDCtrl.exe"
"C:\Program Files (x86)\Lenovo\Energy Management\utility.exe"
"C:\Program Files\Elantech\ETDCtrlHelper.exe"
"C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe"
"C:\Windows\System32\StikyNot.exe"
C:\windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Vidalia Bundle\Vidalia\vidalia.exe"
"C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
"C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
"C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe"
"C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\Vidalia Bundle\Tor\tor.exe" -f C:\Users\julek\AppData\Roaming\Vidalia\torrc ControlPort 9051 HashedControlPassword 16:C870D244FF0A194C60498EF9154EBC5AEA27425020B8A440800C22153F
\??\C:\windows\system32\conhost.exe "-2062398981-1032078152486681761-1198134398-231398441-788432353768227298964635304
"C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe" -Embedding
"C:\Program Files (x86)\Vidalia Bundle\Polipo\polipo.exe" -c "C:\Program Files (x86)\Vidalia Bundle\Polipo\polipo.conf"
\??\C:\windows\system32\conhost.exe "-97588129-8573806381139511175-1182492800773088079-159363802015535361351626637533
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe"
"C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
C:\windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\julek\Desktop\Milda_-_červen_2012.docx
"taskhost.exe"
C:\windows\system32\wbem\wmiprvse.exe
"C:\Users\julek\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Users\julek\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=ComodoDNSExperiment/inactive/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/IdleSktToImpact/idle_timeout_10/Instant/Hidden/OmniboxPrerenderHitWeightingTrial/OmniboxPrerenderWeight8.0/OmniboxSearchSuggest/10/Prerender/ContentPrefetchPrerender2/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin16/SpdyImpact/npn_with_spdy/WarmSocketImpact/warmest_socket/WebStoreLinkExperiment/FooterLink/ --extension-process --renderer-print-preview --channel="6440.0.672364360\1549979688" /prefetch:3
"C:\Users\julek\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=ComodoDNSExperiment/inactive/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/Hidden/OmniboxPrerenderHitWeightingTrial/OmniboxPrerenderWeight8.0/OmniboxSearchSuggest/10/Prerender/ContentPrefetchPrerender2/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin16/SpdyImpact/npn_with_spdy/WarmSocketImpact/warmest_socket/WebStoreLinkExperiment/FooterLink/ --extension-process --renderer-print-preview --channel="6440.1.693878137\235808568" /prefetch:3
"C:\Users\julek\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=ComodoDNSExperiment/inactive/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/Hidden/OmniboxPrerenderHitWeightingTrial/OmniboxPrerenderWeight8.0/OmniboxSearchSuggest/10/Prerender/ContentPrefetchPrerender2/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin16/SpdyImpact/npn_with_spdy/WarmSocketImpact/warmest_socket/WebStoreLinkExperiment/FooterLink/ --extension-process --renderer-print-preview --channel="6440.2.1579463615\1507068477" /prefetch:3
"C:\Users\julek\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=ComodoDNSExperiment/inactive/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/Hidden/OmniboxPrerenderHitWeightingTrial/OmniboxPrerenderWeight8.0/OmniboxSearchSuggest/10/PepperFlash/DisableByDefault/Prerender/ContentPrefetchPrerender2/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin16/SpdyImpact/npn_with_spdy/WarmSocketImpact/warmest_socket/WebStoreLinkExperiment/FooterLink/ --renderer-print-preview --channel="6440.3.1936384804\1957256297" /prefetch:3
"C:\Users\julek\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=ComodoDNSExperiment/inactive/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/Hidden/OmniboxPrerenderHitWeightingTrial/OmniboxPrerenderWeight8.0/OmniboxSearchSuggest/10/PepperFlash/DisableByDefault/Prerender/ContentPrefetchPrerender2/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin16/SpdyImpact/npn_with_spdy/WarmSocketImpact/warmest_socket/WebStoreLinkExperiment/FooterLink/ --renderer-print-preview --channel="6440.4.93869024\1255713947" /prefetch:3
"C:\Users\julek\AppData\Local\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="6440.6.1026664849\795632749" /prefetch:12
C:\windows\system32\rundll32.exe "C:\Users\julek\AppData\Local\Google\Chrome\APPLIC~1\190108~1.56\gcswf32.dll",BrokerMain browser=chrome
"C:\Users\julek\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\julek\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll" --lang=cs --channel="6440.7.336260259\307718927" --flash-broker=2456 /prefetch:4
"C:\Users\julek\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\julek\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll" --lang=cs --channel="6440.8.948405032\854958232" /prefetch:4
"C:\Users\julek\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe"
"C:\Users\julek\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=ComodoDNSExperiment/inactive/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/Hidden/OmniboxPrerenderHitWeightingTrial/OmniboxPrerenderWeight8.0/OmniboxSearchSuggest/10/PepperFlash/DisableByDefault/Prerender/ContentPrefetchPrerender2/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin16/SpdyImpact/npn_with_spdy/WarmSocketImpact/warmest_socket/WebStoreLinkExperiment/FooterLink/ --renderer-print-preview --channel="6440.11.1091280767\1611624727" /prefetch:3
"C:\Users\julek\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=ComodoDNSExperiment/inactive/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/Hidden/OmniboxPrerenderHitWeightingTrial/OmniboxPrerenderWeight8.0/OmniboxSearchSuggest/10/PepperFlash/DisableByDefault/Prerender/ContentPrefetchPrerender2/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin16/SpdyImpact/npn_with_spdy/WarmSocketImpact/warmest_socket/WebStoreLinkExperiment/FooterLink/ --renderer-print-preview --channel="6440.28.1820115426\1152866860" /prefetch:3
"C:\Users\julek\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=ComodoDNSExperiment/inactive/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/Hidden/OmniboxPrerenderHitWeightingTrial/OmniboxPrerenderWeight8.0/OmniboxSearchSuggest/10/PepperFlash/DisableByDefault/Prerender/ContentPrefetchPrerender2/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin16/SpdyImpact/npn_with_spdy/WarmSocketImpact/warmest_socket/WebStoreLinkExperiment/FooterLink/ --renderer-print-preview --channel="6440.29.280676113\294913566" /prefetch:3
"C:\Users\julek\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=ComodoDNSExperiment/inactive/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/Hidden/OmniboxPrerenderHitWeightingTrial/OmniboxPrerenderWeight8.0/OmniboxSearchSuggest/10/PepperFlash/DisableByDefault/Prerender/ContentPrefetchPrerender2/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin16/SpdyImpact/npn_with_spdy/WarmSocketImpact/warmest_socket/WebStoreLinkExperiment/FooterLink/ --renderer-print-preview --channel="6440.33.1864851755\28474966" /prefetch:3
"C:\Users\julek\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=ComodoDNSExperiment/inactive/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/Hidden/OmniboxPrerenderHitWeightingTrial/OmniboxPrerenderWeight8.0/OmniboxSearchSuggest/10/PepperFlash/DisableByDefault/Prerender/ContentPrefetchPrerender2/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin16/SpdyImpact/npn_with_spdy/WarmSocketImpact/warmest_socket/WebStoreLinkExperiment/FooterLink/ --renderer-print-preview --channel="6440.35.943738338\743632384" /prefetch:3
"C:\Users\julek\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=ComodoDNSExperiment/inactive/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/Hidden/OmniboxPrerenderHitWeightingTrial/OmniboxPrerenderWeight8.0/OmniboxSearchSuggest/10/PepperFlash/DisableByDefault/Prerender/ContentPrefetchPrerender2/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin16/SpdyImpact/npn_with_spdy/WarmSocketImpact/warmest_socket/WebStoreLinkExperiment/FooterLink/ --renderer-print-preview --channel="6440.38.562774112\765105506" /prefetch:3
"C:\Users\julek\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=ComodoDNSExperiment/inactive/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/Hidden/OmniboxPrerenderHitWeightingTrial/OmniboxPrerenderWeight8.0/OmniboxSearchSuggest/10/PepperFlash/DisableByDefault/Prerender/ContentPrefetchPrerender2/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin16/SpdyImpact/npn_with_spdy/WarmSocketImpact/warmest_socket/WebStoreLinkExperiment/FooterLink/ --renderer-print-preview --channel="6440.40.466200937\361237797" /prefetch:3
"C:\Users\julek\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=ComodoDNSExperiment/inactive/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/Hidden/OmniboxPrerenderHitWeightingTrial/OmniboxPrerenderWeight8.0/OmniboxSearchSuggest/10/PepperFlash/DisableByDefault/Prerender/ContentPrefetchPrerender2/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin16/SpdyImpact/npn_with_spdy/WarmSocketImpact/warmest_socket/WebStoreLinkExperiment/FooterLink/ --renderer-print-preview --channel="6440.44.278734149\1189777375" /prefetch:3
"C:\Users\julek\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=ComodoDNSExperiment/inactive/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/Hidden/OmniboxPrerenderHitWeightingTrial/OmniboxPrerenderWeight8.0/OmniboxSearchSuggest/10/PepperFlash/DisableByDefault/Prerender/ContentPrefetchPrerender2/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin16/SpdyImpact/npn_with_spdy/WarmSocketImpact/warmest_socket/WebStoreLinkExperiment/FooterLink/ --renderer-print-preview --channel="6440.46.1202637335\140141815" /prefetch:3
"C:\Users\julek\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=ComodoDNSExperiment/inactive/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/Hidden/OmniboxPrerenderHitWeightingTrial/OmniboxPrerenderWeight8.0/OmniboxSearchSuggest/10/PepperFlash/DisableByDefault/Prerender/ContentPrefetchPrerender2/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin16/SpdyImpact/npn_with_spdy/WarmSocketImpact/warmest_socket/WebStoreLinkExperiment/FooterLink/ --renderer-print-preview --channel="6440.47.1104609163\176287022" /prefetch:3
"C:\Users\julek\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=ComodoDNSExperiment/inactive/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/Hidden/OmniboxPrerenderHitWeightingTrial/OmniboxPrerenderWeight8.0/OmniboxSearchSuggest/10/PepperFlash/DisableByDefault/Prerender/ContentPrefetchPrerender2/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin16/SpdyImpact/npn_with_spdy/WarmSocketImpact/warmest_socket/WebStoreLinkExperiment/FooterLink/ --renderer-print-preview --channel="6440.48.1584420506\838563830" /prefetch:3
"C:\Users\julek\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=ComodoDNSExperiment/inactive/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/Hidden/OmniboxPrerenderHitWeightingTrial/OmniboxPrerenderWeight8.0/OmniboxSearchSuggest/10/PepperFlash/DisableByDefault/Prerender/ContentPrefetchPrerender2/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin16/SpdyImpact/npn_with_spdy/WarmSocketImpact/warmest_socket/WebStoreLinkExperiment/FooterLink/ --renderer-print-preview --channel="6440.49.1183640691\1829750753" /prefetch:3
"C:\Users\julek\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=ComodoDNSExperiment/inactive/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/Hidden/OmniboxPrerenderHitWeightingTrial/OmniboxPrerenderWeight8.0/OmniboxSearchSuggest/10/PepperFlash/DisableByDefault/Prerender/ContentPrefetchPrerender2/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin16/SpdyImpact/npn_with_spdy/WarmSocketImpact/warmest_socket/WebStoreLinkExperiment/FooterLink/ --renderer-print-preview --channel="6440.50.565419843\5088161" /prefetch:3
"c:\program files\windows defender\MpCmdRun.exe" SpyNetService -RestrictPrivileges -AccessKey F22C8397-E8EB-2BB4-F9E8-DB2AD6EBB2D3 -Reinvoke
"C:\windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe25_ Global\UsGthrCtrlFltPipeMssGthrPipe25 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\windows\system32\SearchFilterHost.exe" 0 528 532 540 65536 536
"C:\Users\julek\Desktop\RSITx64.exe"

======Scheduled tasks folder======

C:\windows\tasks\Google Software Updater.job
C:\windows\tasks\GoogleUpdateTaskMachineCore.job
C:\windows\tasks\GoogleUpdateTaskMachineUA.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1902193960-3275684426-2761646743-1003Core.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1902193960-3275684426-2761646743-1003UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2012-03-07 1211776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2011-06-12 6721936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll [2011-07-22 318960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 689040]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-03-07 1003704]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2011-07-22 761840]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
uTorrentBar Toolbar - C:\Program Files (x86)\uTorrentBar\prxtbuTo2.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar Helper - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-10-21 1219152]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-08-08 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2012-03-07 1211776]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-03-07 1003704]
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - uTorrentBar Toolbar - C:\Program Files (x86)\uTorrentBar\prxtbuTo2.dll [2011-05-09 176936]
{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-10-21 1219152]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\windows\system32\NvCpl.dll [2010-05-07 16416360]
"cAudioFilterAgent"=C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [2010-03-22 521272]
"ETDWare"=C:\Program Files\Elantech\ETDCtrl.exe [2010-03-29 2598280]
"EnergyUtility"=C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [2009-12-17 4367808]
"Energy Management"=C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [2009-12-17 6988736]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 112512]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\julek\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-10 136176]
"RESTART_STICKY_NOTES"=C:\Windows\System32\StikyNot.exe [2009-07-14 427520]
"Vidalia"=C:\Program Files (x86)\Vidalia Bundle\Vidalia\vidalia.exe [2011-04-12 5735369]
"GoogleDriveSync"=C:\Program Files (x86)\Google\Drive\googledrivesync.exe [2012-05-16 11921064]
"OfficeSyncProcess"=C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [2011-07-22 910208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe /runkey []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileBroadband]
C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe [2011-07-14 279552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnekeyStudio]
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [2009-12-19 776608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe [2009-05-20 222504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GShortCut]
C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\Lenovo\Power2Go UpdateWithCreateOnce SOFTWARE\CyberLink\Power2Go\5.0 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeriFaceManager]
C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YouCam Mirror Tray icon]
C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [2009-12-22 167008]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2009-12-23 284696]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-03-07 4241512]
"4StoryPrePatch"=C:\Program Files (x86)\Gameforge4D\4Story\PrePatch.exe [2010-10-20 319488]
"Google Desktop Search"=C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2011-07-22 30192]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2011-06-12 6721936]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 3 months======

2012-06-13 11:56:46 ----D---- C:\Program Files\trend micro
2012-06-13 11:56:42 ----D---- C:\rsit
2012-06-02 00:15:39 ----SHD---- C:\Config.Msi
2012-05-22 16:41:13 ----D---- C:\Users\julek\AppData\Roaming\Mozilla
2012-05-13 13:26:34 ----A---- C:\windows\system32\DWrite.dll
2012-05-13 13:26:33 ----A---- C:\windows\SYSWOW64\DWrite.dll
2012-05-13 13:26:26 ----A---- C:\windows\system32\ntoskrnl.exe
2012-05-13 13:26:23 ----A---- C:\windows\system32\win32k.sys
2012-05-13 13:26:21 ----A---- C:\windows\SYSWOW64\ntoskrnl.exe
2012-05-13 13:26:21 ----A---- C:\windows\SYSWOW64\ntkrnlpa.exe
2012-05-13 13:25:17 ----A---- C:\windows\system32\drivers\partmgr.sys
2012-05-13 13:24:38 ----A---- C:\windows\system32\drivers\tcpip.sys
2012-05-05 09:28:33 ----D---- C:\Users\julek\AppData\Roaming\Tor
2012-05-05 09:28:30 ----D---- C:\Users\julek\AppData\Roaming\Vidalia
2012-05-05 09:28:29 ----D---- C:\Program Files (x86)\Vidalia Bundle
2012-04-18 16:24:30 ----A---- C:\windows\system32\drivers\aswRdr2.sys
2012-04-13 03:00:33 ----A---- C:\windows\SYSWOW64\imagehlp.dll
2012-04-13 03:00:33 ----A---- C:\windows\system32\imagehlp.dll
2012-04-13 03:00:33 ----A---- C:\windows\system32\drivers\fs_rec.sys
2012-04-13 03:00:32 ----A---- C:\windows\SYSWOW64\wmi.dll
2012-04-13 03:00:32 ----A---- C:\windows\SYSWOW64\wintrust.dll
2012-04-13 03:00:32 ----A---- C:\windows\system32\wmi.dll
2012-04-13 03:00:32 ----A---- C:\windows\system32\wintrust.dll
2012-04-11 09:30:52 ----A---- C:\windows\system32\mshtml.dll
2012-04-11 09:30:47 ----A---- C:\windows\SYSWOW64\mshtml.dll
2012-04-11 09:30:45 ----A---- C:\windows\SYSWOW64\ieframe.dll
2012-04-11 09:30:44 ----A---- C:\windows\system32\ieframe.dll
2012-04-11 09:30:43 ----A---- C:\windows\system32\iertutil.dll
2012-04-11 09:30:42 ----A---- C:\windows\SYSWOW64\urlmon.dll
2012-04-11 09:30:42 ----A---- C:\windows\SYSWOW64\iertutil.dll
2012-04-11 09:30:42 ----A---- C:\windows\system32\urlmon.dll
2012-04-11 09:30:40 ----A---- C:\windows\SYSWOW64\wininet.dll
2012-04-11 09:30:40 ----A---- C:\windows\SYSWOW64\msfeeds.dll
2012-04-11 09:30:40 ----A---- C:\windows\system32\wininet.dll
2012-04-11 09:30:39 ----A---- C:\windows\system32\msfeeds.dll
2012-04-11 09:30:38 ----A---- C:\windows\SYSWOW64\mshtmled.dll
2012-04-11 09:30:38 ----A---- C:\windows\SYSWOW64\ieui.dll
2012-04-11 09:30:38 ----A---- C:\windows\system32\mshtmled.dll
2012-04-11 09:30:38 ----A---- C:\windows\system32\ieui.dll
2012-04-11 09:30:34 ----A---- C:\windows\SYSWOW64\url.dll
2012-04-11 09:30:34 ----A---- C:\windows\SYSWOW64\jsproxy.dll
2012-04-11 09:30:34 ----A---- C:\windows\system32\url.dll
2012-04-11 09:30:34 ----A---- C:\windows\system32\jsproxy.dll
2012-04-05 13:30:20 ----D---- C:\Program Files (x86)\MusicJet
2012-04-05 13:30:17 ----HDC---- C:\ProgramData\{FC1948E6-2CB3-4EB8-B0D7-0C24497C7762}
2012-03-22 21:12:12 ----A---- C:\windows\SYSWOW64\GPhotos.scr
2012-03-14 10:19:42 ----A---- C:\windows\system32\rdrmemptylst.exe
2012-03-14 10:19:41 ----A---- C:\windows\system32\rdpwsx.dll
2012-03-14 10:19:41 ----A---- C:\windows\system32\rdpcorekmts.dll
2012-03-14 10:18:53 ----A---- C:\windows\system32\rdpcore.dll
2012-03-14 10:18:52 ----A---- C:\windows\SYSWOW64\rdpcore.dll
2012-03-14 10:18:52 ----A---- C:\windows\system32\drivers\tdtcp.sys
2012-03-14 10:18:52 ----A---- C:\windows\system32\drivers\rdpwd.sys

======List of files/folders modified in the last 3 months======

2012-06-13 11:57:03 ----D---- C:\windows\Temp
2012-06-13 11:56:46 ----RD---- C:\Program Files
2012-06-13 11:24:59 ----D---- C:\windows\system32\config
2012-06-12 15:38:12 ----D---- C:\windows\Prefetch
2012-06-08 16:30:44 ----SHD---- C:\System Volume Information
2012-06-07 15:11:18 ----A---- C:\windows\SYSWOW64\log.txt
2012-06-07 09:26:33 ----D---- C:\windows\System32
2012-06-07 09:26:33 ----D---- C:\windows\inf
2012-06-07 09:26:33 ----A---- C:\windows\system32\PerfStringBackup.INI
2012-06-06 20:56:37 ----D---- C:\windows\system32\NDF
2012-06-05 11:51:20 ----RD---- C:\Program Files (x86)
2012-06-05 03:00:51 ----D---- C:\windows\system32\catroot
2012-06-02 00:15:53 ----SHD---- C:\windows\Installer
2012-06-01 13:20:51 ----D---- C:\windows\system32\catroot2
2012-05-27 08:54:47 ----D---- C:\windows\Minidump
2012-05-27 08:54:42 ----D---- C:\Windows
2012-05-18 11:13:49 ----D---- C:\ProgramData\Microsoft Help
2012-05-18 11:09:04 ----D---- C:\Program Files (x86)\Google
2012-05-14 11:09:36 ----D---- C:\windows\Microsoft.NET
2012-05-14 11:09:35 ----RSD---- C:\windows\assembly
2012-05-14 10:46:31 ----D---- C:\windows\winsxs
2012-05-14 10:45:07 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2012-05-14 10:44:14 ----D---- C:\windows\SysWOW64
2012-05-14 10:44:13 ----D---- C:\windows\system32\drivers
2012-05-14 10:25:42 ----A---- C:\windows\system32\MRT.exe
2012-05-14 10:09:26 ----D---- C:\Program Files\Windows Journal
2012-04-13 03:21:51 ----D---- C:\windows\SYSWOW64\migration
2012-04-13 03:21:51 ----D---- C:\windows\system32\migration
2012-04-13 03:21:51 ----D---- C:\Program Files\Internet Explorer
2012-04-13 03:21:51 ----D---- C:\Program Files (x86)\Internet Explorer
2012-04-05 13:30:17 ----HD---- C:\ProgramData

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 BMLoad;Bytemobile Boot Time Load Driver; C:\windows\system32\drivers\BMLoad.sys [2012-01-07 16512]
R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2009-12-17 538136]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 aswRdr;aswRdr; C:\windows\System32\Drivers\aswrdr2.sys [2012-03-07 53080]
R1 aswSnx;aswSnx; C:\windows\system32\drivers\aswSnx.sys [2012-03-07 819032]
R1 aswSP;aswSP; C:\windows\system32\drivers\aswSP.sys [2012-03-07 337240]
R1 aswTdi;avast! Network Shield Support; C:\windows\system32\drivers\aswTdi.sys [2012-03-07 59224]
R1 tcpipBM;Bytemobile Kernel Network Provider; \??\C:\windows\system32\drivers\tcpipBM.sys [2012-01-07 39552]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswFsBlk;aswFsBlk; C:\windows\system32\drivers\aswFsBlk.sys [2012-03-07 24408]
R2 aswMonFlt;aswMonFlt; \??\C:\windows\system32\drivers\aswMonFlt.sys [2012-03-07 69976]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver; C:\windows\system32\DRIVERS\AcpiVpc.sys [2009-10-19 28176]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\windows\system32\DRIVERS\bcmwl664.sys [2010-02-02 3058168]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
R3 btusbflt;Bluetooth USB Filter; C:\windows\system32\drivers\btusbflt.sys [2009-07-01 52264]
R3 btwaudio;Bluetooth Audio Device Service; C:\windows\system32\drivers\btwaudio.sys [2009-07-01 98344]
R3 btwavdt;Bluetooth AVDT Service; C:\windows\system32\drivers\btwavdt.sys [2009-07-01 132648]
R3 btwl2cap;Bluetooth L2CAP Service; C:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
R3 btwrchid;btwrchid; C:\windows\system32\DRIVERS\btwrchid.sys [2009-07-01 21160]
R3 Cam5607;Lenovo EasyCamera ; C:\windows\System32\Drivers\BisonC07.sys [2010-04-20 1270896]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\windows\system32\drivers\CHDRT64.sys [2010-01-18 717368]
R3 ETD;ELAN PS/2 Port Input Device; C:\windows\system32\DRIVERS\ETD.sys [2010-03-26 162304]
R3 HECIx64;Intel(R) Management Engine Interface; C:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 huawei_enumerator;huawei_enumerator; C:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-07-12 86016]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\windows\system32\drivers\nvhda64v.sys [2010-01-28 86120]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 vodafone_K3805-z_dc_enum;vodafone_K3805-z_dc_enum; C:\windows\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys [2010-09-01 75776]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 wdmirror;wdmirror; C:\windows\system32\DRIVERS\WDMirror.sys [2009-07-16 11280]
S3 androidusb;ADB Interface Driver; C:\windows\System32\Drivers\androidusb.sys [2010-10-18 38424]
S3 Bridge0;Bridge0; C:\windows\system32\drivers\WDBridge.sys [2009-07-16 79376]
S3 BTHPORT;Ovladač portu Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2011-04-28 552960]
S3 EagleX64;EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys []
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\windows\system32\DRIVERS\ew_hwusbdev.sys [2011-07-12 117248]
S3 ewusbnet;HUAWEI USB-NDIS miniport; C:\windows\system32\DRIVERS\ewusbnet.sys [2011-07-12 415744]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\windows\system32\DRIVERS\ewusbmdm.sys [2011-07-12 220032]
S3 hwusbfake;Huawei DataCard USB Fake; C:\windows\system32\DRIVERS\ewusbfake.sys [2009-07-23 113792]
S3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2009-06-10 6108416]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-10 270848]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit; C:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
S3 pciide;pciide; C:\windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\windows\System32\Drivers\RtsUStor.sys [2010-03-12 242720]
S3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-20 239616]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\windows\System32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 WimFltr;WimFltr; C:\windows\system32\DRIVERS\wimfltr.sys [2008-08-06 151656]
S3 wsvd;wsvd; C:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
S3 zghsmdm;ZTE General Handset USB Modem Proprietary; C:\windows\system32\DRIVERS\zghsmdm.sys [2011-01-13 122624]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-03-07 44768]
R2 BBUpdate;BBUpdate; C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
R2 btwdins;Bluetooth Service; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [2009-08-11 864032]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-23 13336]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2009-12-09 268824]
R2 nvsvc;NVIDIA Display Driver Service; C:\windows\system32\nvvsvc.exe [2010-05-07 392296]
R2 TeamViewer7;TeamViewer 7; C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-09 2320920]
R2 VmbService;Vodafone Mobile Connect Service; C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2011-07-14 9216]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S2 BBSvc;Bing Bar Update Service; C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-07-20 136176]
S2 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-10-04 194104]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\windows\System32\svchost.exe [2009-07-14 27136]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\windows\System32\svchost.exe [2009-07-14 27136]
S2 ReadyComm.DirectRouter;ReadyComm.DirectRouter; C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs []
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335; C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2011-07-22 30192]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-07-20 136176]
S3 IGRS;IGRS; C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-07-14 38152]
S3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [2009-08-14 509192]
S3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [2009-09-22 579400]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S3 PS_MDP;ReadyComm Presentation Space Helper Service; C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs []
S3 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-25 153952]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2011-06-11 1255736]

-----------------EOF-----------------

Zdravím!
Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:

:files
C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live
C:\Program Files (x86)\Google\GoogleToolbarNotifier
C:\Program Files (x86)\uTorrentBar
C:\Program Files (x86)\Microsoft\BingBar
C:\windows\tasks\Google Software Updater.job
C:\windows\tasks\GoogleUpdateTaskMachineCore.job
C:\windows\tasks\GoogleUpdateTaskMachineUA.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1902193960-3275684426-2761646743-1003Core.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1902193960-3275684426-2761646743-1003UA.job

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{32099AAC-C132-4136-9E9A-4E364A424E17}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=-
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=-

:services
BBSvc

:commands
[Purity]
[Emptytemp]
[Emptyflash]

a klikněte na >MoveIt!<. Před skenem vypněte antivir a po skenu restartujte PC. Dejte nový log RSIT.

Takže, podle pokynů jsem vše udělal. Tady je LOG z OTM:


All processes killed
========== FILES ==========
File/Folder C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live not found.
File/Folder C:\Program Files (x86)\Google\GoogleToolbarNotifier not found.
File/Folder C:\Program Files (x86)\uTorrentBar not found.
C:\Program Files (x86)\Microsoft\BingBar\apps\error\7.0.850\loc\en-ca folder moved successfully.
C:\Program Files (x86)\Microsoft\BingBar\apps\error\7.0.850\loc\en-au folder moved successfully.
C:\Program Files (x86)\Microsoft\BingBar\apps\error\7.0.850\loc\en-145 folder moved successfully.
C:\Program Files (x86)\Microsoft\BingBar\apps\error\7.0.850\loc\en-001 folder moved successfully.
C:\Program Files (x86)\Microsoft\BingBar\apps\error\7.0.850\loc\el-gr folder moved successfully.
C:\Program Files (x86)\Microsoft\BingBar\apps\error\7.0.850\loc\de-de folder moved successfully.
C:\Program Files (x86)\Microsoft\BingBar\apps\error\7.0.850\loc\de-ch folder moved successfully.
C:\Program Files (x86)\Microsoft\BingBar\apps\error\7.0.850\loc\de-at folder moved successfully.
C:\Program Files (x86)\Microsoft\BingBar\apps\error\7.0.850\loc\da-dk folder moved successfully.
C:\Program Files (x86)\Microsoft\BingBar\apps\error\7.0.850\loc\cs-cz folder moved successfully.
C:\Program Files (x86)\Microsoft\BingBar\apps\error\7.0.850\loc\ca-es folder moved successfully.
C:\Program Files (x86)\Microsoft\BingBar\apps\error\7.0.850\loc\bg-bg folder moved successfully.
C:\Program Files (x86)\Microsoft\BingBar\apps\error\7.0.850\loc\ar-sa folder moved successfully.
C:\Program Files (x86)\Microsoft\BingBar\apps\error\7.0.850\loc\ar-ploc-sa folder moved successfully.
C:\Program Files (x86)\Microsoft\BingBar\apps\error\7.0.850\loc\ar-145 folder moved successfully.
C:\Program Files (x86)\Microsoft\BingBar\apps\error\7.0.850\loc folder moved successfully.
C:\Program Files (x86)\Microsoft\BingBar\apps\error\7.0.850\js folder moved successfully.
C:\Program Files (x86)\Microsoft\BingBar\apps\error\7.0.850\images folder moved successfully.
C:\Program Files (x86)\Microsoft\BingBar\apps\error\7.0.850\footer folder moved successfully.
C:\Program Files (x86)\Microsoft\BingBar\apps\error\7.0.850\css folder moved successfully.
C:\Program Files (x86)\Microsoft\BingBar\apps\error\7.0.850 folder moved successfully.
C:\Program Files (x86)\Microsoft\BingBar\apps\error folder moved successfully.
C:\Program Files (x86)\Microsoft\BingBar\apps folder moved successfully.
C:\Program Files (x86)\Microsoft\BingBar folder moved successfully.
C:\windows\tasks\Google Software Updater.job moved successfully.
C:\windows\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\windows\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1902193960-3275684426-2761646743-1003Core.job moved successfully.
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1902193960-3275684426-2761646743-1003UA.job moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
========== SERVICES/DRIVERS ==========
Service BBSvc stopped successfully!
Service BBSvc deleted successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: julek
->Temp folder emptied: 194599868 bytes
->Temporary Internet Files folder emptied: 8272911 bytes
->Java cache emptied: 90562 bytes
->Google Chrome cache emptied: 395633080 bytes
->Flash cache emptied: 43204 bytes

User: Public

User: Softpedia

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 108400316 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67978 bytes
RecycleBin emptied: 393076434 bytes

Total Files Cleaned = 1,049.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: julek
->Flash cache emptied: 0 bytes

User: Public

User: Softpedia

Total Flash Files Cleaned = 0.00 mb


OTM by OldTimer - Version 3.1.19.0 log created on 06132012_132648

Files moved on Reboot...
C:\Users\julek\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File C:\Users\julek\AppData\Local\Temp\~DF2F2262896F90D067.TMP not found!
File C:\Users\julek\AppData\Local\Temp\~DF53A5F4D248E96D87.TMP not found!
C:\Users\julek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{050915A2-7B08-4FCC-8C36-DBEC10CF6E6A}.tmp moved successfully.
C:\Users\julek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{302CE435-F527-44E5-BF53-BF9DFD30881B}.tmp moved successfully.
C:\Users\julek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{7163D880-081D-4143-85B4-8EF5B4F5DA79}.tmp moved successfully.
C:\Users\julek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{EAD2FCBE-B460-44B3-9AB4-0047B5F97E8F}.tmp moved successfully.
File C:\Users\julek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\7C388D48.jpeg not found!
File C:\Users\julek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\A331DCA9.jpeg not found!

Registry entries deleted on Reboot...


A tady je LOG z RSIT po restartu:


Logfile of random's system information tool 1.09 (written by random/random)
Run by julek at 2012-06-13 13:33:04
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 329 GB (76%) free of 432 GB
Total RAM: 3959 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:33:07, on 13.6.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Users\julek\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files\trend micro\julek.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [4StoryPrePatch] C:\Program Files (x86)\Gameforge4D\4Story\PrePatch.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\julek\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files (x86)\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~2\Google\GOOGLE~4\GO36F4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: BBUpdate - Unknown owner - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: IGRS - Lenovo Group Limited - C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo ReadyComm AppSvc - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\AppSvc.exe
O23 - Service: Lenovo ReadyComm ConnSvc - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: Vodafone Mobile Connect Service (VmbService) - Vodafone - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10444 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
winlogon.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\WLANExt.exe 25859744
\??\C:\windows\system32\conhost.exe "1711786715-1942879223-1129207843-8805914581349914224-1719925706-1616771247693329366
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\windows\system32\nvvsvc.exe -session -first
C:\windows\System32\spoolsv.exe
taskeng.exe {F3ACA43F-104D-4900-BB38-8A578B949109}
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe"
"C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe"
"taskhost.exe"
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
"C:\windows\system32\Dwm.exe"
C:\windows\Explorer.EXE
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\servicing\TrustedInstaller.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\windows\system32\SearchIndexer.exe /Embedding
"C:\windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\windows\system32\SearchFilterHost.exe" 0 528 532 540 65536 536
"C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe"
"C:\Program Files\Elantech\ETDCtrl.exe"
"C:\Program Files (x86)\Lenovo\Energy Management\utility.exe"
"C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe"
"C:\Users\julek\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"C:\Windows\System32\StikyNot.exe"
"C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
"C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
"C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe"
"C:\Program Files\Elantech\ETDCtrlHelper.exe"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
"C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe" -Embedding
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
C:\windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
C:\windows\system32\sppsvc.exe
"C:\Users\julek\Desktop\RSITx64.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
C:\windows\System32\svchost.exe -k secsvcs

======Scheduled tasks folder======

C:\windows\tasks\Google Software Updater.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2012-03-07 1211776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2011-06-12 6721936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll [2011-07-22 318960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 689040]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-03-07 1003704]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-08-08 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2012-03-07 1211776]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-03-07 1003704]
{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\windows\system32\NvCpl.dll [2010-05-07 16416360]
"cAudioFilterAgent"=C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [2010-03-22 521272]
"ETDWare"=C:\Program Files\Elantech\ETDCtrl.exe [2010-03-29 2598280]
"EnergyUtility"=C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [2009-12-17 4367808]
"Energy Management"=C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [2009-12-17 6988736]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 112512]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\julek\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-10 136176]
"RESTART_STICKY_NOTES"=C:\Windows\System32\StikyNot.exe [2009-07-14 427520]
"Vidalia"=C:\Program Files (x86)\Vidalia Bundle\Vidalia\vidalia.exe [2011-04-12 5735369]
"GoogleDriveSync"=C:\Program Files (x86)\Google\Drive\googledrivesync.exe [2012-05-16 11921064]
"OfficeSyncProcess"=C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [2011-07-22 910208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe /runkey []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileBroadband]
C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe [2011-07-14 279552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnekeyStudio]
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [2009-12-19 776608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe [2009-05-20 222504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GShortCut]
C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\Lenovo\Power2Go UpdateWithCreateOnce SOFTWARE\CyberLink\Power2Go\5.0 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeriFaceManager]
C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YouCam Mirror Tray icon]
C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [2009-12-22 167008]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2009-12-23 284696]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-03-07 4241512]
"4StoryPrePatch"=C:\Program Files (x86)\Gameforge4D\4Story\PrePatch.exe [2010-10-20 319488]
"Google Desktop Search"=C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2011-07-22 30192]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2011-06-12 6721936]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 3 months======

2012-06-13 13:24:29 ----D---- C:\_OTM
2012-06-13 11:56:46 ----D---- C:\Program Files\trend micro
2012-06-13 11:56:42 ----D---- C:\rsit
2012-06-02 00:15:39 ----SHD---- C:\Config.Msi
2012-05-22 16:41:13 ----D---- C:\Users\julek\AppData\Roaming\Mozilla
2012-05-13 13:26:34 ----A---- C:\windows\system32\DWrite.dll
2012-05-13 13:26:33 ----A---- C:\windows\SYSWOW64\DWrite.dll
2012-05-13 13:26:26 ----A---- C:\windows\system32\ntoskrnl.exe
2012-05-13 13:26:23 ----A---- C:\windows\system32\win32k.sys
2012-05-13 13:26:21 ----A---- C:\windows\SYSWOW64\ntoskrnl.exe
2012-05-13 13:26:21 ----A---- C:\windows\SYSWOW64\ntkrnlpa.exe
2012-05-13 13:25:17 ----A---- C:\windows\system32\drivers\partmgr.sys
2012-05-13 13:24:38 ----A---- C:\windows\system32\drivers\tcpip.sys
2012-05-05 09:28:33 ----D---- C:\Users\julek\AppData\Roaming\Tor
2012-05-05 09:28:30 ----D---- C:\Users\julek\AppData\Roaming\Vidalia
2012-05-05 09:28:29 ----D---- C:\Program Files (x86)\Vidalia Bundle
2012-04-18 16:24:30 ----A---- C:\windows\system32\drivers\aswRdr2.sys
2012-04-13 03:00:33 ----A---- C:\windows\SYSWOW64\imagehlp.dll
2012-04-13 03:00:33 ----A---- C:\windows\system32\imagehlp.dll
2012-04-13 03:00:33 ----A---- C:\windows\system32\drivers\fs_rec.sys
2012-04-13 03:00:32 ----A---- C:\windows\SYSWOW64\wmi.dll
2012-04-13 03:00:32 ----A---- C:\windows\SYSWOW64\wintrust.dll
2012-04-13 03:00:32 ----A---- C:\windows\system32\wmi.dll
2012-04-13 03:00:32 ----A---- C:\windows\system32\wintrust.dll
2012-04-11 09:30:52 ----A---- C:\windows\system32\mshtml.dll
2012-04-11 09:30:47 ----A---- C:\windows\SYSWOW64\mshtml.dll
2012-04-11 09:30:45 ----A---- C:\windows\SYSWOW64\ieframe.dll
2012-04-11 09:30:44 ----A---- C:\windows\system32\ieframe.dll
2012-04-11 09:30:43 ----A---- C:\windows\system32\iertutil.dll
2012-04-11 09:30:42 ----A---- C:\windows\SYSWOW64\urlmon.dll
2012-04-11 09:30:42 ----A---- C:\windows\SYSWOW64\iertutil.dll
2012-04-11 09:30:42 ----A---- C:\windows\system32\urlmon.dll
2012-04-11 09:30:40 ----A---- C:\windows\SYSWOW64\wininet.dll
2012-04-11 09:30:40 ----A---- C:\windows\SYSWOW64\msfeeds.dll
2012-04-11 09:30:40 ----A---- C:\windows\system32\wininet.dll
2012-04-11 09:30:39 ----A---- C:\windows\system32\msfeeds.dll
2012-04-11 09:30:38 ----A---- C:\windows\SYSWOW64\mshtmled.dll
2012-04-11 09:30:38 ----A---- C:\windows\SYSWOW64\ieui.dll
2012-04-11 09:30:38 ----A---- C:\windows\system32\mshtmled.dll
2012-04-11 09:30:38 ----A---- C:\windows\system32\ieui.dll
2012-04-11 09:30:34 ----A---- C:\windows\SYSWOW64\url.dll
2012-04-11 09:30:34 ----A---- C:\windows\SYSWOW64\jsproxy.dll
2012-04-11 09:30:34 ----A---- C:\windows\system32\url.dll
2012-04-11 09:30:34 ----A---- C:\windows\system32\jsproxy.dll
2012-04-05 13:30:20 ----D---- C:\Program Files (x86)\MusicJet
2012-04-05 13:30:17 ----HDC---- C:\ProgramData\{FC1948E6-2CB3-4EB8-B0D7-0C24497C7762}
2012-03-22 21:12:12 ----A---- C:\windows\SYSWOW64\GPhotos.scr
2012-03-14 10:19:42 ----A---- C:\windows\system32\rdrmemptylst.exe
2012-03-14 10:19:41 ----A---- C:\windows\system32\rdpwsx.dll
2012-03-14 10:19:41 ----A---- C:\windows\system32\rdpcorekmts.dll
2012-03-14 10:18:53 ----A---- C:\windows\system32\rdpcore.dll
2012-03-14 10:18:52 ----A---- C:\windows\SYSWOW64\rdpcore.dll
2012-03-14 10:18:52 ----A---- C:\windows\system32\drivers\tdtcp.sys
2012-03-14 10:18:52 ----A---- C:\windows\system32\drivers\rdpwd.sys

======List of files/folders modified in the last 3 months======

2012-06-13 13:32:42 ----D---- C:\windows\Tasks
2012-06-13 13:32:18 ----D---- C:\windows\Temp
2012-06-13 13:30:42 ----D---- C:\windows\system32\config
2012-06-13 13:30:25 ----A---- C:\windows\SYSWOW64\log.txt
2012-06-13 13:28:32 ----D---- C:\windows\SysWOW64
2012-06-13 13:26:50 ----D---- C:\Program Files (x86)\Microsoft
2012-06-13 13:24:31 ----RD---- C:\Program Files (x86)
2012-06-13 13:24:31 ----D---- C:\Program Files (x86)\Google
2012-06-13 11:56:46 ----RD---- C:\Program Files
2012-06-12 15:38:12 ----D---- C:\windows\Prefetch
2012-06-08 16:30:44 ----SHD---- C:\System Volume Information
2012-06-07 09:26:33 ----D---- C:\windows\System32
2012-06-07 09:26:33 ----D---- C:\windows\inf
2012-06-07 09:26:33 ----A---- C:\windows\system32\PerfStringBackup.INI
2012-06-06 20:56:37 ----D---- C:\windows\system32\NDF
2012-06-05 03:00:51 ----D---- C:\windows\system32\catroot
2012-06-02 00:15:53 ----SHD---- C:\windows\Installer
2012-06-01 13:20:51 ----D---- C:\windows\system32\catroot2
2012-05-27 08:54:47 ----D---- C:\windows\Minidump
2012-05-27 08:54:42 ----D---- C:\Windows
2012-05-18 11:13:49 ----D---- C:\ProgramData\Microsoft Help
2012-05-14 11:09:36 ----D---- C:\windows\Microsoft.NET
2012-05-14 11:09:35 ----RSD---- C:\windows\assembly
2012-05-14 10:46:31 ----D---- C:\windows\winsxs
2012-05-14 10:45:07 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2012-05-14 10:44:13 ----D---- C:\windows\system32\drivers
2012-05-14 10:25:42 ----A---- C:\windows\system32\MRT.exe
2012-05-14 10:09:26 ----D---- C:\Program Files\Windows Journal
2012-04-13 03:21:51 ----D---- C:\windows\SYSWOW64\migration
2012-04-13 03:21:51 ----D---- C:\windows\system32\migration
2012-04-13 03:21:51 ----D---- C:\Program Files\Internet Explorer
2012-04-13 03:21:51 ----D---- C:\Program Files (x86)\Internet Explorer
2012-04-05 13:30:17 ----HD---- C:\ProgramData

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 BMLoad;Bytemobile Boot Time Load Driver; C:\windows\system32\drivers\BMLoad.sys [2012-01-07 16512]
R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2009-12-17 538136]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 aswRdr;aswRdr; C:\windows\System32\Drivers\aswrdr2.sys [2012-03-07 53080]
R1 aswSnx;aswSnx; C:\windows\system32\drivers\aswSnx.sys [2012-03-07 819032]
R1 aswSP;aswSP; C:\windows\system32\drivers\aswSP.sys [2012-03-07 337240]
R1 aswTdi;avast! Network Shield Support; C:\windows\system32\drivers\aswTdi.sys [2012-03-07 59224]
R1 tcpipBM;Bytemobile Kernel Network Provider; \??\C:\windows\system32\drivers\tcpipBM.sys [2012-01-07 39552]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswFsBlk;aswFsBlk; C:\windows\system32\drivers\aswFsBlk.sys [2012-03-07 24408]
R2 aswMonFlt;aswMonFlt; \??\C:\windows\system32\drivers\aswMonFlt.sys [2012-03-07 69976]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver; C:\windows\system32\DRIVERS\AcpiVpc.sys [2009-10-19 28176]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\windows\system32\DRIVERS\bcmwl664.sys [2010-02-02 3058168]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
R3 btusbflt;Bluetooth USB Filter; C:\windows\system32\drivers\btusbflt.sys [2009-07-01 52264]
R3 btwaudio;Bluetooth Audio Device Service; C:\windows\system32\drivers\btwaudio.sys [2009-07-01 98344]
R3 btwavdt;Bluetooth AVDT Service; C:\windows\system32\drivers\btwavdt.sys [2009-07-01 132648]
R3 btwl2cap;Bluetooth L2CAP Service; C:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
R3 btwrchid;btwrchid; C:\windows\system32\DRIVERS\btwrchid.sys [2009-07-01 21160]
R3 Cam5607;Lenovo EasyCamera ; C:\windows\System32\Drivers\BisonC07.sys [2010-04-20 1270896]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\windows\system32\drivers\CHDRT64.sys [2010-01-18 717368]
R3 ETD;ELAN PS/2 Port Input Device; C:\windows\system32\DRIVERS\ETD.sys [2010-03-26 162304]
R3 HECIx64;Intel(R) Management Engine Interface; C:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 huawei_enumerator;huawei_enumerator; C:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-07-12 86016]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\windows\system32\drivers\nvhda64v.sys [2010-01-28 86120]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 vodafone_K3805-z_dc_enum;vodafone_K3805-z_dc_enum; C:\windows\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys [2010-09-01 75776]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 wdmirror;wdmirror; C:\windows\system32\DRIVERS\WDMirror.sys [2009-07-16 11280]
S3 androidusb;ADB Interface Driver; C:\windows\System32\Drivers\androidusb.sys [2010-10-18 38424]
S3 Bridge0;Bridge0; C:\windows\system32\drivers\WDBridge.sys [2009-07-16 79376]
S3 BTHPORT;Ovladač portu Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2011-04-28 552960]
S3 EagleX64;EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys []
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\windows\system32\DRIVERS\ew_hwusbdev.sys [2011-07-12 117248]
S3 ewusbnet;HUAWEI USB-NDIS miniport; C:\windows\system32\DRIVERS\ewusbnet.sys [2011-07-12 415744]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\windows\system32\DRIVERS\ewusbmdm.sys [2011-07-12 220032]
S3 hwusbfake;Huawei DataCard USB Fake; C:\windows\system32\DRIVERS\ewusbfake.sys [2009-07-23 113792]
S3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2009-06-10 6108416]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-10 270848]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit; C:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
S3 pciide;pciide; C:\windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\windows\System32\Drivers\RtsUStor.sys [2010-03-12 242720]
S3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-20 239616]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\windows\System32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 WimFltr;WimFltr; C:\windows\system32\DRIVERS\wimfltr.sys [2008-08-06 151656]
S3 wsvd;wsvd; C:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
S3 zghsmdm;ZTE General Handset USB Modem Proprietary; C:\windows\system32\DRIVERS\zghsmdm.sys [2011-01-13 122624]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-03-07 44768]
R2 btwdins;Bluetooth Service; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [2009-08-11 864032]
R2 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-10-04 194104]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-23 13336]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2009-12-09 268824]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\windows\System32\svchost.exe [2009-07-14 27136]
R2 nvsvc;NVIDIA Display Driver Service; C:\windows\system32\nvvsvc.exe [2010-05-07 392296]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\windows\System32\svchost.exe [2009-07-14 27136]
R2 TeamViewer7;TeamViewer 7; C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-09 2320920]
R2 VmbService;Vodafone Mobile Connect Service; C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2011-07-14 9216]
S2 BBUpdate;BBUpdate; C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE []
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-07-20 136176]
S2 ReadyComm.DirectRouter;ReadyComm.DirectRouter; C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs []
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335; C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2011-07-22 30192]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-07-20 136176]
S3 IGRS;IGRS; C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-07-14 38152]
S3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [2009-08-14 509192]
S3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [2009-09-22 579400]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PS_MDP;ReadyComm Presentation Space Helper Service; C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs []
S3 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-25 153952]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2011-06-11 1255736]

-----------------EOF-----------------

Mám podezření na konkrétní osobu, potřeboval bych vědět kdo a kdy mi to tam nainstaloval a kam data z mého PC jdou, pokud je to možné zjistit. Předem moc děkuji.

Dvouklikem na soubor C:\Program Files\trend micro\julek.exe spusťte HijackThis. Klikněte na "Do a system scan only" a v otevřeném okně vlevo ve čtverečcích zaškrtněte:

R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)

Klikněte na >FixChecked< a restartujte PC.

Hotovo, log z RSIT je ted nasledujici, co teď? Zjistím jestli a kam data odchazela?

Logfile of random's system information tool 1.09 (written by random/random)
Run by julek at 2012-06-13 23:04:58
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 329 GB (76%) free of 432 GB
Total RAM: 3959 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:05:01, on 13.6.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Users\julek\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Vidalia Bundle\Vidalia\vidalia.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Vidalia Bundle\Tor\tor.exe
C:\Program Files (x86)\Vidalia Bundle\Polipo\polipo.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Users\julek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\julek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\julek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\julek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\julek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\julek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\julek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\SysWOW64\rundll32.exe
C:\Users\julek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\julek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\julek\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\julek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\julek.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [4StoryPrePatch] C:\Program Files (x86)\Gameforge4D\4Story\PrePatch.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\julek\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files (x86)\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~2\Google\GOOGLE~4\GO36F4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: BBUpdate - Unknown owner - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: IGRS - Lenovo Group Limited - C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo ReadyComm AppSvc - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\AppSvc.exe
O23 - Service: Lenovo ReadyComm ConnSvc - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: Vodafone Mobile Connect Service (VmbService) - Vodafone - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11171 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
winlogon.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\WLANExt.exe 21742352
\??\C:\windows\system32\conhost.exe "1864005432-50135136735541370-313771245-108694504917658315821800355499-584689626
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\windows\system32\nvvsvc.exe -session -first
C:\windows\System32\spoolsv.exe
taskeng.exe {89BB93A2-43EF-4515-9CB9-F691839671FB}
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe"
"C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe"
"taskhost.exe"
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
"C:\windows\system32\Dwm.exe"
C:\windows\Explorer.EXE
"C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe"
"C:\Program Files\Elantech\ETDCtrl.exe"
"C:\Program Files (x86)\Lenovo\Energy Management\utility.exe"
"C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe"
"C:\Users\julek\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"C:\Windows\System32\StikyNot.exe"
"C:\Program Files\Elantech\ETDCtrlHelper.exe"
"C:\Program Files (x86)\Vidalia Bundle\Vidalia\vidalia.exe"
"C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
"C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
"C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
"C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\Vidalia Bundle\Tor\tor.exe" -f C:\Users\julek\AppData\Roaming\Vidalia\torrc ControlPort 9051 HashedControlPassword 16:B51B42728590594460D5E03376745E7C09F092F3671DBA07ACD1BE9536
"C:\Program Files (x86)\Vidalia Bundle\Polipo\polipo.exe" -c "C:\Program Files (x86)\Vidalia Bundle\Polipo\polipo.conf"
\??\C:\windows\system32\conhost.exe "182865328020985928662112268427-19641129771018284700245696328-782737560-1416676427
\??\C:\windows\system32\conhost.exe "1513570373-1727899164147702421-185688436981854650513688752572115217673-2095032140
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\servicing\TrustedInstaller.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe" -Embedding
"C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
"C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Users\julek\AppData\Local\Google\Chrome\Application\chrome.exe"
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Users\julek\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=ComodoDNSExperiment/inactive/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/IdleSktToImpact/idle_timeout_10/Instant/Hidden/OmniboxPrerenderHitWeightingTrial/OmniboxPrerenderWeight1.0/OmniboxSearchSuggest/4/Prerender/ContentPrefetchPrerender1/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin10/SpdyImpact/npn_with_spdy/WarmSocketImpact/warmest_socket/WebStoreLinkExperiment/FooterLink/ --extension-process --renderer-print-preview --channel="4536.0.747341704\1979049869" /prefetch:3
C:\windows\system32\wbem\wmiprvse.exe
"C:\Users\julek\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=ComodoDNSExperiment/inactive/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/Hidden/OmniboxPrerenderHitWeightingTrial/OmniboxPrerenderWeight1.0/OmniboxSearchSuggest/4/Prerender/ContentPrefetchPrerender1/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin10/SpdyImpact/npn_with_spdy/WarmSocketImpact/warmest_socket/WebStoreLinkExperiment/FooterLink/ --extension-process --renderer-print-preview --channel="4536.1.542672303\1680093433" /prefetch:3
"C:\Users\julek\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=ComodoDNSExperiment/inactive/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/Hidden/OmniboxPrerenderHitWeightingTrial/OmniboxPrerenderWeight1.0/OmniboxSearchSuggest/4/Prerender/ContentPrefetchPrerender1/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin10/SpdyImpact/npn_with_spdy/WarmSocketImpact/warmest_socket/WebStoreLinkExperiment/FooterLink/ --extension-process --renderer-print-preview --channel="4536.2.2050879200\1344868723" /prefetch:3
"C:\Users\julek\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=ComodoDNSExperiment/inactive/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/Hidden/OmniboxPrerenderHitWeightingTrial/OmniboxPrerenderWeight1.0/OmniboxSearchSuggest/4/PepperFlash/DisableByDefault/Prerender/ContentPrefetchPrerender1/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin10/SpdyImpact/npn_with_spdy/WarmSocketImpact/warmest_socket/WebStoreLinkExperiment/FooterLink/ --renderer-print-preview --channel="4536.3.2099924537\1989649707" /prefetch:3
"C:\Users\julek\AppData\Local\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="4536.4.609168748\1806926333" /prefetch:12
"C:\Users\julek\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=ComodoDNSExperiment/inactive/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/Hidden/OmniboxPrerenderHitWeightingTrial/OmniboxPrerenderWeight1.0/OmniboxSearchSuggest/4/PepperFlash/DisableByDefault/Prerender/ContentPrefetchPrerender1/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin10/SpdyImpact/npn_with_spdy/WarmSocketImpact/warmest_socket/WebStoreLinkExperiment/FooterLink/ --renderer-print-preview --channel="4536.5.1101165971\52174245" /prefetch:3
C:\windows\system32\rundll32.exe "C:\Users\julek\AppData\Local\Google\Chrome\APPLIC~1\190108~1.56\gcswf32.dll",BrokerMain browser=chrome
"C:\Users\julek\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\julek\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll" --lang=cs --channel="4536.6.1388732931\1468558442" --flash-broker=5264 /prefetch:4
"C:\Users\julek\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\julek\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll" --lang=cs --channel="4536.7.372713114\29742906" /prefetch:4
"C:\Users\julek\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe"
C:\windows\sysWOW64\wbem\wmiprvse.exe -Embedding
"C:\Users\julek\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=ComodoDNSExperiment/inactive/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/Hidden/OmniboxPrerenderHitWeightingTrial/OmniboxPrerenderWeight1.0/OmniboxSearchSuggest/4/PepperFlash/DisableByDefault/Prerender/ContentPrefetchPrerender1/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndMin10/SpdyImpact/npn_with_spdy/WarmSocketImpact/warmest_socket/WebStoreLinkExperiment/FooterLink/ --renderer-print-preview --channel="4536.8.1314567387\786522462" /prefetch:3
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
C:\windows\system32\sppsvc.exe
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\wbem\WmiApSrv.exe
"C:\windows\System32\osk.exe"
"C:\Users\julek\Desktop\RSITx64.exe"

======Scheduled tasks folder======

C:\windows\tasks\Google Software Updater.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2012-03-07 1211776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2011-06-12 6721936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll [2011-07-22 318960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 689040]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-03-07 1003704]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-08-08 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2012-03-07 1211776]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-03-07 1003704]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\windows\system32\NvCpl.dll [2010-05-07 16416360]
"cAudioFilterAgent"=C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [2010-03-22 521272]
"ETDWare"=C:\Program Files\Elantech\ETDCtrl.exe [2010-03-29 2598280]
"EnergyUtility"=C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [2009-12-17 4367808]
"Energy Management"=C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [2009-12-17 6988736]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 112512]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\julek\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-10 136176]
"RESTART_STICKY_NOTES"=C:\Windows\System32\StikyNot.exe [2009-07-14 427520]
"Vidalia"=C:\Program Files (x86)\Vidalia Bundle\Vidalia\vidalia.exe [2011-04-12 5735369]
"GoogleDriveSync"=C:\Program Files (x86)\Google\Drive\googledrivesync.exe [2012-05-16 11921064]
"OfficeSyncProcess"=C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [2011-07-22 910208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe /runkey []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileBroadband]
C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe [2011-07-14 279552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnekeyStudio]
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [2009-12-19 776608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe [2009-05-20 222504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GShortCut]
C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\Lenovo\Power2Go UpdateWithCreateOnce SOFTWARE\CyberLink\Power2Go\5.0 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeriFaceManager]
C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YouCam Mirror Tray icon]
C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [2009-12-22 167008]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2009-12-23 284696]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-03-07 4241512]
"4StoryPrePatch"=C:\Program Files (x86)\Gameforge4D\4Story\PrePatch.exe [2010-10-20 319488]
"Google Desktop Search"=C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2011-07-22 30192]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2011-06-12 6721936]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 3 months======

2012-06-13 13:24:29 ----D---- C:\_OTM
2012-06-13 11:56:46 ----D---- C:\Program Files\trend micro
2012-06-13 11:56:42 ----D---- C:\rsit
2012-06-02 00:15:39 ----SHD---- C:\Config.Msi
2012-05-22 16:41:13 ----D---- C:\Users\julek\AppData\Roaming\Mozilla
2012-05-13 13:26:34 ----A---- C:\windows\system32\DWrite.dll
2012-05-13 13:26:33 ----A---- C:\windows\SYSWOW64\DWrite.dll
2012-05-13 13:26:26 ----A---- C:\windows\system32\ntoskrnl.exe
2012-05-13 13:26:23 ----A---- C:\windows\system32\win32k.sys
2012-05-13 13:26:21 ----A---- C:\windows\SYSWOW64\ntoskrnl.exe
2012-05-13 13:26:21 ----A---- C:\windows\SYSWOW64\ntkrnlpa.exe
2012-05-13 13:25:17 ----A---- C:\windows\system32\drivers\partmgr.sys
2012-05-13 13:24:38 ----A---- C:\windows\system32\drivers\tcpip.sys
2012-05-05 09:28:33 ----D---- C:\Users\julek\AppData\Roaming\Tor
2012-05-05 09:28:30 ----D---- C:\Users\julek\AppData\Roaming\Vidalia
2012-05-05 09:28:29 ----D---- C:\Program Files (x86)\Vidalia Bundle
2012-04-18 16:24:30 ----A---- C:\windows\system32\drivers\aswRdr2.sys
2012-04-13 03:00:33 ----A---- C:\windows\SYSWOW64\imagehlp.dll
2012-04-13 03:00:33 ----A---- C:\windows\system32\imagehlp.dll
2012-04-13 03:00:33 ----A---- C:\windows\system32\drivers\fs_rec.sys
2012-04-13 03:00:32 ----A---- C:\windows\SYSWOW64\wmi.dll
2012-04-13 03:00:32 ----A---- C:\windows\SYSWOW64\wintrust.dll
2012-04-13 03:00:32 ----A---- C:\windows\system32\wmi.dll
2012-04-13 03:00:32 ----A---- C:\windows\system32\wintrust.dll
2012-04-11 09:30:52 ----A---- C:\windows\system32\mshtml.dll
2012-04-11 09:30:47 ----A---- C:\windows\SYSWOW64\mshtml.dll
2012-04-11 09:30:45 ----A---- C:\windows\SYSWOW64\ieframe.dll
2012-04-11 09:30:44 ----A---- C:\windows\system32\ieframe.dll
2012-04-11 09:30:43 ----A---- C:\windows\system32\iertutil.dll
2012-04-11 09:30:42 ----A---- C:\windows\SYSWOW64\urlmon.dll
2012-04-11 09:30:42 ----A---- C:\windows\SYSWOW64\iertutil.dll
2012-04-11 09:30:42 ----A---- C:\windows\system32\urlmon.dll
2012-04-11 09:30:40 ----A---- C:\windows\SYSWOW64\wininet.dll
2012-04-11 09:30:40 ----A---- C:\windows\SYSWOW64\msfeeds.dll
2012-04-11 09:30:40 ----A---- C:\windows\system32\wininet.dll
2012-04-11 09:30:39 ----A---- C:\windows\system32\msfeeds.dll
2012-04-11 09:30:38 ----A---- C:\windows\SYSWOW64\mshtmled.dll
2012-04-11 09:30:38 ----A---- C:\windows\SYSWOW64\ieui.dll
2012-04-11 09:30:38 ----A---- C:\windows\system32\mshtmled.dll
2012-04-11 09:30:38 ----A---- C:\windows\system32\ieui.dll
2012-04-11 09:30:34 ----A---- C:\windows\SYSWOW64\url.dll
2012-04-11 09:30:34 ----A---- C:\windows\SYSWOW64\jsproxy.dll
2012-04-11 09:30:34 ----A---- C:\windows\system32\url.dll
2012-04-11 09:30:34 ----A---- C:\windows\system32\jsproxy.dll
2012-04-05 13:30:20 ----D---- C:\Program Files (x86)\MusicJet
2012-04-05 13:30:17 ----HDC---- C:\ProgramData\{FC1948E6-2CB3-4EB8-B0D7-0C24497C7762}
2012-03-22 21:12:12 ----A---- C:\windows\SYSWOW64\GPhotos.scr
2012-03-14 10:19:42 ----A---- C:\windows\system32\rdrmemptylst.exe
2012-03-14 10:19:41 ----A---- C:\windows\system32\rdpwsx.dll
2012-03-14 10:19:41 ----A---- C:\windows\system32\rdpcorekmts.dll
2012-03-14 10:18:53 ----A---- C:\windows\system32\rdpcore.dll
2012-03-14 10:18:52 ----A---- C:\windows\SYSWOW64\rdpcore.dll
2012-03-14 10:18:52 ----A---- C:\windows\system32\drivers\tdtcp.sys
2012-03-14 10:18:52 ----A---- C:\windows\system32\drivers\rdpwd.sys

======List of files/folders modified in the last 3 months======

2012-06-13 23:04:52 ----D---- C:\windows\Temp
2012-06-13 22:58:55 ----D---- C:\windows\system32\config
2012-06-13 22:57:56 ----A---- C:\windows\SYSWOW64\log.txt
2012-06-13 13:32:42 ----D---- C:\windows\Tasks
2012-06-13 13:28:32 ----D---- C:\windows\SysWOW64
2012-06-13 13:26:50 ----D---- C:\Program Files (x86)\Microsoft
2012-06-13 13:24:31 ----RD---- C:\Program Files (x86)
2012-06-13 13:24:31 ----D---- C:\Program Files (x86)\Google
2012-06-13 11:56:46 ----RD---- C:\Program Files
2012-06-12 15:38:12 ----D---- C:\windows\Prefetch
2012-06-08 16:30:44 ----SHD---- C:\System Volume Information
2012-06-07 09:26:33 ----D---- C:\windows\System32
2012-06-07 09:26:33 ----D---- C:\windows\inf
2012-06-07 09:26:33 ----A---- C:\windows\system32\PerfStringBackup.INI
2012-06-06 20:56:37 ----D---- C:\windows\system32\NDF
2012-06-05 03:00:51 ----D---- C:\windows\system32\catroot
2012-06-02 00:15:53 ----SHD---- C:\windows\Installer
2012-06-01 13:20:51 ----D---- C:\windows\system32\catroot2
2012-05-27 08:54:47 ----D---- C:\windows\Minidump
2012-05-27 08:54:42 ----D---- C:\Windows
2012-05-18 11:13:49 ----D---- C:\ProgramData\Microsoft Help
2012-05-14 11:09:36 ----D---- C:\windows\Microsoft.NET
2012-05-14 11:09:35 ----RSD---- C:\windows\assembly
2012-05-14 10:46:31 ----D---- C:\windows\winsxs
2012-05-14 10:45:07 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2012-05-14 10:44:13 ----D---- C:\windows\system32\drivers
2012-05-14 10:25:42 ----A---- C:\windows\system32\MRT.exe
2012-05-14 10:09:26 ----D---- C:\Program Files\Windows Journal
2012-04-13 03:21:51 ----D---- C:\windows\SYSWOW64\migration
2012-04-13 03:21:51 ----D---- C:\windows\system32\migration
2012-04-13 03:21:51 ----D---- C:\Program Files\Internet Explorer
2012-04-13 03:21:51 ----D---- C:\Program Files (x86)\Internet Explorer
2012-04-05 13:30:17 ----HD---- C:\ProgramData

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 BMLoad;Bytemobile Boot Time Load Driver; C:\windows\system32\drivers\BMLoad.sys [2012-01-07 16512]
R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2009-12-17 538136]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 aswRdr;aswRdr; C:\windows\System32\Drivers\aswrdr2.sys [2012-03-07 53080]
R1 aswSnx;aswSnx; C:\windows\system32\drivers\aswSnx.sys [2012-03-07 819032]
R1 aswSP;aswSP; C:\windows\system32\drivers\aswSP.sys [2012-03-07 337240]
R1 aswTdi;avast! Network Shield Support; C:\windows\system32\drivers\aswTdi.sys [2012-03-07 59224]
R1 tcpipBM;Bytemobile Kernel Network Provider; \??\C:\windows\system32\drivers\tcpipBM.sys [2012-01-07 39552]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswFsBlk;aswFsBlk; C:\windows\system32\drivers\aswFsBlk.sys [2012-03-07 24408]
R2 aswMonFlt;aswMonFlt; \??\C:\windows\system32\drivers\aswMonFlt.sys [2012-03-07 69976]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver; C:\windows\system32\DRIVERS\AcpiVpc.sys [2009-10-19 28176]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\windows\system32\DRIVERS\bcmwl664.sys [2010-02-02 3058168]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
R3 btusbflt;Bluetooth USB Filter; C:\windows\system32\drivers\btusbflt.sys [2009-07-01 52264]
R3 btwaudio;Bluetooth Audio Device Service; C:\windows\system32\drivers\btwaudio.sys [2009-07-01 98344]
R3 btwavdt;Bluetooth AVDT Service; C:\windows\system32\drivers\btwavdt.sys [2009-07-01 132648]
R3 btwl2cap;Bluetooth L2CAP Service; C:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
R3 btwrchid;btwrchid; C:\windows\system32\DRIVERS\btwrchid.sys [2009-07-01 21160]
R3 Cam5607;Lenovo EasyCamera ; C:\windows\System32\Drivers\BisonC07.sys [2010-04-20 1270896]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\windows\system32\drivers\CHDRT64.sys [2010-01-18 717368]
R3 ETD;ELAN PS/2 Port Input Device; C:\windows\system32\DRIVERS\ETD.sys [2010-03-26 162304]
R3 HECIx64;Intel(R) Management Engine Interface; C:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 huawei_enumerator;huawei_enumerator; C:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-07-12 86016]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\windows\system32\drivers\nvhda64v.sys [2010-01-28 86120]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 vodafone_K3805-z_dc_enum;vodafone_K3805-z_dc_enum; C:\windows\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys [2010-09-01 75776]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 wdmirror;wdmirror; C:\windows\system32\DRIVERS\WDMirror.sys [2009-07-16 11280]
S3 androidusb;ADB Interface Driver; C:\windows\System32\Drivers\androidusb.sys [2010-10-18 38424]
S3 Bridge0;Bridge0; C:\windows\system32\drivers\WDBridge.sys [2009-07-16 79376]
S3 BTHPORT;Ovladač portu Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2011-04-28 552960]
S3 EagleX64;EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys []
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\windows\system32\DRIVERS\ew_hwusbdev.sys [2011-07-12 117248]
S3 ewusbnet;HUAWEI USB-NDIS miniport; C:\windows\system32\DRIVERS\ewusbnet.sys [2011-07-12 415744]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\windows\system32\DRIVERS\ewusbmdm.sys [2011-07-12 220032]
S3 hwusbfake;Huawei DataCard USB Fake; C:\windows\system32\DRIVERS\ewusbfake.sys [2009-07-23 113792]
S3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2009-06-10 6108416]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-10 270848]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit; C:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
S3 pciide;pciide; C:\windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\windows\System32\Drivers\RtsUStor.sys [2010-03-12 242720]
S3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-20 239616]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\windows\System32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 WimFltr;WimFltr; C:\windows\system32\DRIVERS\wimfltr.sys [2008-08-06 151656]
S3 wsvd;wsvd; C:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
S3 zghsmdm;ZTE General Handset USB Modem Proprietary; C:\windows\system32\DRIVERS\zghsmdm.sys [2011-01-13 122624]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-03-07 44768]
R2 btwdins;Bluetooth Service; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [2009-08-11 864032]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-23 13336]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2009-12-09 268824]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\windows\System32\svchost.exe [2009-07-14 27136]
R2 nvsvc;NVIDIA Display Driver Service; C:\windows\system32\nvvsvc.exe [2010-05-07 392296]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\windows\System32\svchost.exe [2009-07-14 27136]
R2 TeamViewer7;TeamViewer 7; C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-09 2320920]
R2 VmbService;Vodafone Mobile Connect Service; C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2011-07-14 9216]
S2 BBUpdate;BBUpdate; C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE []
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-07-20 136176]
S2 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-10-04 194104]
S2 ReadyComm.DirectRouter;ReadyComm.DirectRouter; C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs []
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335; C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2011-07-22 30192]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-07-20 136176]
S3 IGRS;IGRS; C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-07-14 38152]
S3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [2009-08-14 509192]
S3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [2009-09-22 579400]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PS_MDP;ReadyComm Presentation Space Helper Service; C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs []
S3 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-25 153952]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2011-06-11 1255736]

-----------------EOF-----------------

Zjistím jestli a kam data odchazela?

To zjistíme těžko. Důležité je, zda si již tak něděje. Log již vypadá OK.

Opravdové díky, nedovedete si představit, jak jste mi pomohl. Určitě musím podpořit tento web, kdo by také dělal podobné služby zdarma. Jen se ještě zkusím doptat, opravdu bych potřeboval vědět to jakýmkoliv způsobem kam a jaká data odešla, nepomůžete mi s tím ještě nějak?

mira_ píše:Opravdové díky, nedovedete si představit, jak jste mi pomohl. Určitě musím podpořit tento web, kdo by také dělal podobné služby zdarma. Jen se ještě zkusím doptat, opravdu bych potřeboval vědět to jakýmkoliv způsobem kam a jaká data odešla, nepomůžete mi s tím ještě nějak?

Trochu to upřesním. Stisky klávesnice lze sledovat tzv. keyloggerem. Na nic podobného jsem ve vašem PC nenarazil. Tím pádem nejsem schopen zjistit, jakou cestou se vaše data dostala ven a už vůbec ne, jaká. Z PC jsme vyhodili toolbary, což jsou lišty v prohlížeči, které zpomalují jeho chod. Nenarazil jsem ani na backdoor (trojan, který umožňuje komunikovat s počítačem zvenku). Takže opravdu nemám tušení, jak mohla data uniknout. Napadá mi snad jediné - prolomení hesla do systému. Takže doporučím změnit a nejlépe změnit všechna hesla, která v PC máte uložena.

len doplnim kolegu:
data mohla unikat aj legalnou cestou
R2 TeamViewer7;TeamViewer 7; C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
napr.cez TV7 ,,,

Děkuji za info, trpělivost a cenné rady + pomoc. Díky!

I za JaRona: Nemáte zač!