VIRY.CZ

Dobrý večer. Chtěl bych Vás poprosit o radu. Při zapnutí počítače se vše zdá v pořádku do doby (cca po 5 min) kdy sleduju množství přijatých bajtů, že jich je příliš moc. Ping po restartu PC je v pohode 30 ale cca po 30min se vysplha na 100 a po 1hod uz to dela 200 což je nesnesitelné. Pravděpodobně mi tu dělá neplechu virus, který stahuje další viry a chybné zdrojové kody. Mohl bych Vás poprosit, jestli byste se mi nemrkli na log z Rsit? Snažím se to opravit celý den, ale neúspěšně, jsem už opravdu bezradný, prosím o pomoc ......Možná by bylo dobré dodat, že přibližně před týdnem jsem našel takový virus který mi přepisoval soubor hosts (nachází se v C:\Windows\System32\drivers\etc), potom ještě měnil náhodně adresu DNS serveru. Po nějaké době (cca 3hod) jsem to nějak opravil, alespoň na první pohled, tak to tak vypadá, že tomu asi tak nebude

Logfile of random's system information tool 1.09 (written by random/random)
Run by Ondrej at 2012-10-14 21:45:05
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 228 GB (48%) free of 477 GB
Total RAM: 4094 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:45:14, on 14.10.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Clownfish\Clownfish.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\LOLReplay\LOLRecorder.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files (x86)\Acer Display\eDisplay Management\DTHtml.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Portrait Displays\Pivot Software\floater.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Program Files (x86)\Webteh\BSplayerPro\bsplayer.exe
C:\Program Files\trend micro\Ondrej.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {8769adce-dba5-48e9-afb5-67b12cdf2e61} - (no file)
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files (x86)\Portrait Displays\Pivot Software\wpctrl.exe"
O4 - HKLM\..\Run: [DT ACR] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -ACR
O4 - HKLM\..\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Clownfish] "C:\Program Files (x86)\Clownfish\Clownfish.exe"
O4 - HKCU\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-21-818844184-144965152-1167717117-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-818844184-144965152-1167717117-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Global Startup: LOLRecorder.lnk = C:\Program Files (x86)\LOLReplay\LOLRecorder.exe
O8 - Extra context menu item: &D&escargar &con BitComet - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&escargar todo con BitComet - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{A8C720E5-138E-4046-9CC3-4C3C7D0F137B}: NameServer = 212.158.128.2
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - http://www.BitComet.com - C:\Program Files (x86)\BitComet\tools\BitCometService.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PandoraService (PanService) - Pandora.TV - C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files (x86)\Tunngle\TnglCtrl.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12143 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe"
"C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe"
"C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE"
"C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe"
"C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
"C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe"
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\Clownfish\Clownfish.exe"
"C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe"
"C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe"
"C:\Program Files (x86)\Steam\Steam.exe" -silent
"C:\Program Files (x86)\LOLReplay\LOLRecorder.exe" -minimize
C:\Windows\SysWOW64\DllHost.exe /Processid:{3F6B5E16-092A-41ED-930B-0B4125D91D4E}
"C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe"
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
"C:\Program Files (x86)\Acer Display\eDisplay Management\DTHtml.exe" -Customer=ACR -startup_folder -DT_Startup
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\Portrait Displays\Pivot Software\floater.exe"
"C:\Program Files (x86)\Common Files\Portrait Displays\Shared\HookManager.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=3608.cd88800.313960207 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll" E7CF176E110C211B -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" 3608 "\\.\pipe\gecko-crash-server-pipe.3608" plugin
"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe" --proxy-stub-channel=Flash4436.62803A90.41 --host-broker-channel=Flash4436.62803A90.18467 --host-pid=4436 --host-npapi-version=27 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll"
"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe" --channel=4648.0014F480.1876286066 --proxy-stub-channel=Flash4436.62803A90.41 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll" --host-npapi-version=27 --type=renderer
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"
C:\Windows\system32\sppsvc.exe
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Webteh\BSplayerPro\bsplayer.exe" "C:\Users\Ondrej\Desktop\Elita\Lana-Del-Rey-Born-To-Die.mp3"
"C:\Windows\system32\SearchFilterHost.exe" 0 536 540 548 65536 544
C:\Windows\servicing\TrustedInstaller.exe
"C:\Users\Ondrej\Desktop\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Ondrej\AppData\Roaming\Mozilla\Firefox\Profiles\5bh6hcvu.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "keyword.URL" - "http://www.google.com/search?btnI=I%27m ... e=UTF-8&q="

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.4.402.287 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.7.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\SysWOW64\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.4.402.287 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIBitCometAgent.xpt

C:\Program Files (x86)\Mozilla Firefox\plugins\
np-mswmp.dll
npBitCometAgent.dll
nppdf32.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\Ondrej\AppData\Roaming\Mozilla\Firefox\Profiles\5bh6hcvu.default\extensions\
{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27 63944]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll [2011-04-11 767280]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~2\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-09-04 449512]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-09-04 157672]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{8769adce-dba5-48e9-afb5-67b12cdf2e61}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-07-28 11101800]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2012-03-07 4081008]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2012-04-17 3671872]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2012-07-13 17418928]
"SpybotSD TeaTimer"=C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]
"Clownfish"=C:\Program Files (x86)\Clownfish\Clownfish.exe [2012-09-27 1122040]
"KiesTrayAgent"=C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [2011-03-17 3373456]
"KiesPDLR"=C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [2011-03-17 19872]
"KiesPreload"=C:\Program Files (x86)\Samsung\Kies\Kies.exe [2011-03-17 896912]
"Steam"=C:\Program Files (x86)\Steam\Steam.exe [2011-09-25 1242448]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"PivotSoftware"=C:\Program Files (x86)\Portrait Displays\Pivot Software\wpctrl.exe [2009-03-03 694824]
"DT ACR"=C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe [2010-04-30 96880]
"BCU"=C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe [2009-10-15 375000]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-27 919008]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
LOLRecorder.lnk - C:\Program Files (x86)\LOLReplay\LOLRecorder.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2012-05-29 249344]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SynchronousUserGroupPolicy"=0
"SynchronousMachineGroupPolicy"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoInstrumentation"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=181
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Downloads\Borderlands.2-SKIDROW\Borderlands.2.Update.3-SKIDROW\Borderlands.2.Update.3.exe"="C:\Downloads\Borderlands.2-SKIDROW\Borderlands.2.Update.3-SKIDROW\Borderlands.2.Update.3.exe:*:Enabled:Windows Messanger"
"C:\Users\Ondrej\AppData\Roaming\RNN1GHJKIG.exe"="C:\Users\Ondrej\AppData\Roaming\RNN1GHJKIG.exe:*:Enabled:Windows Messanger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"vidc.ffds"=ff_vfw.dll
"vidc.lags"=lagarith.dll
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.scr - open - C:\Windows\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2012-10-14 21:45:05 ----D---- C:\Program Files\trend micro
2012-10-14 21:25:21 ----SHD---- C:\$RECYCLE.BIN
2012-10-14 21:19:09 ----SD---- C:\ComboFix
2012-10-14 20:47:21 ----A---- C:\AdwCleaner[S2].txt
2012-10-14 20:46:10 ----A---- C:\AdwCleaner[R2].txt
2012-10-14 20:41:27 ----A---- C:\AdwCleaner[R1].txt
2012-10-14 17:12:07 ----D---- C:\Program Files\CCleaner
2012-10-14 16:55:04 ----D---- C:\rsit
2012-10-14 16:55:04 ----D---- C:\Program Files (x86)\trend micro
2012-10-14 15:56:47 ----D---- C:\Users\Ondrej\AppData\Roaming\Malwarebytes
2012-10-14 15:29:59 ----A---- C:\Windows\zip.exe
2012-10-14 15:29:59 ----A---- C:\Windows\SWSC.exe
2012-10-14 15:29:59 ----A---- C:\Windows\SWREG.exe
2012-10-14 15:29:59 ----A---- C:\Windows\sed.exe
2012-10-14 15:29:59 ----A---- C:\Windows\PEV.exe
2012-10-14 15:29:59 ----A---- C:\Windows\MBR.exe
2012-10-14 15:29:59 ----A---- C:\Windows\grep.exe
2012-10-14 15:29:16 ----D---- C:\Qoobox
2012-10-14 15:28:59 ----D---- C:\Windows\erdnt
2012-10-12 21:30:23 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2012-10-12 21:30:23 ----A---- C:\Windows\system32\kerberos.dll
2012-10-12 21:30:05 ----A---- C:\Windows\system32\crypt32.dll
2012-10-12 21:30:04 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll
2012-10-12 21:30:04 ----A---- C:\Windows\SYSWOW64\cryptnet.dll
2012-10-12 21:30:04 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2012-10-12 21:30:04 ----A---- C:\Windows\system32\cryptsvc.dll
2012-10-12 21:30:04 ----A---- C:\Windows\system32\cryptnet.dll
2012-10-12 21:29:27 ----A---- C:\Windows\SYSWOW64\tzres.dll
2012-10-12 21:29:27 ----A---- C:\Windows\system32\tzres.dll
2012-10-12 21:28:34 ----A---- C:\Windows\SYSWOW64\wow32.dll
2012-10-12 21:28:34 ----A---- C:\Windows\SYSWOW64\user.exe
2012-10-12 21:28:34 ----A---- C:\Windows\SYSWOW64\setup16.exe
2012-10-12 21:28:34 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2012-10-12 21:28:34 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2012-10-12 21:28:34 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2012-10-12 21:28:34 ----A---- C:\Windows\SYSWOW64\instnm.exe
2012-10-12 21:28:34 ----A---- C:\Windows\system32\wow64win.dll
2012-10-12 21:28:34 ----A---- C:\Windows\system32\wow64cpu.dll
2012-10-12 21:28:34 ----A---- C:\Windows\system32\wow64.dll
2012-10-12 21:28:34 ----A---- C:\Windows\system32\winsrv.dll
2012-10-12 21:28:34 ----A---- C:\Windows\system32\ntvdm64.dll
2012-10-12 21:28:34 ----A---- C:\Windows\system32\KernelBase.dll
2012-10-12 21:28:34 ----A---- C:\Windows\system32\kernel32.dll
2012-10-12 21:28:34 ----A---- C:\Windows\system32\conhost.exe
2012-10-12 21:28:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-12 21:28:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-12 21:28:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-12 21:28:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-12 21:28:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-10-12 21:28:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-12 21:28:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2012-10-12 21:28:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-10-12 21:28:27 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2012-10-12 21:28:27 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-12 21:28:27 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2012-10-12 21:28:27 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-10-12 21:28:27 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-12 21:28:27 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-10-12 21:28:27 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-10-12 21:28:27 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-12 21:28:27 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-10-12 21:28:27 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2012-10-12 21:28:27 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-10-12 21:28:27 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-10-12 21:28:27 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2012-10-12 21:28:26 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2012-10-12 21:28:26 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-10-12 21:28:26 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-12 21:28:26 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-12 21:28:26 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-12 21:28:26 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-10-12 21:28:26 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-10-12 21:28:26 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-10-12 21:28:26 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-10-12 21:28:26 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-10-12 21:28:26 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-12 21:28:26 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-12 21:28:26 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-10-12 21:28:26 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-10-12 21:28:26 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-12 21:28:26 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-10-12 21:28:26 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-12 21:28:26 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-12 21:28:26 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-12 21:28:26 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-10-12 21:28:26 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-10-12 21:28:26 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-12 21:28:26 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-10-12 21:28:26 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-12 21:28:26 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-10-12 21:28:26 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-12 21:28:26 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-10-12 21:28:26 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-10-12 21:28:26 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-10-12 21:28:26 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-10-12 21:28:26 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-12 21:28:26 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-10-12 21:28:26 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-10-12 21:28:26 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-10-12 21:28:26 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-10-12 21:27:24 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2012-10-12 21:27:24 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2012-10-12 21:27:24 ----A---- C:\Windows\system32\ntoskrnl.exe
2012-10-12 21:27:07 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2012-10-12 21:27:07 ----A---- C:\Windows\system32\wintrust.dll
2012-10-12 21:26:58 ----A---- C:\Windows\system32\drivers\ntfs.sys
2012-10-12 20:05:39 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-10-09 17:34:28 ----A---- C:\Windows\SYSWOW64\nvoglv32.dll
2012-10-09 17:34:28 ----A---- C:\Windows\SYSWOW64\nvcuvenc.dll
2012-10-09 17:34:28 ----A---- C:\Windows\system32\nvopencl.dll
2012-10-09 17:34:28 ----A---- C:\Windows\system32\nvhdap64.dll
2012-10-09 17:34:28 ----A---- C:\Windows\system32\nvcuvid.dll
2012-10-09 17:34:28 ----A---- C:\Windows\system32\nvcuvenc.dll
2012-10-09 17:34:28 ----A---- C:\Windows\system32\nvcuda.dll
2012-10-09 17:34:28 ----A---- C:\Windows\system32\drivers\nvhda64v.sys
2012-10-09 17:34:27 ----A---- C:\Windows\SYSWOW64\nvopencl.dll
2012-10-09 17:34:27 ----A---- C:\Windows\SYSWOW64\nvinit.dll
2012-10-09 17:34:27 ----A---- C:\Windows\SYSWOW64\nvcuvid.dll
2012-10-09 17:34:27 ----A---- C:\Windows\SYSWOW64\nvcuda.dll
2012-10-09 17:34:27 ----A---- C:\Windows\SYSWOW64\nvcompiler.dll
2012-10-09 17:34:27 ----A---- C:\Windows\system32\nvoglv64.dll
2012-10-09 17:34:27 ----A---- C:\Windows\system32\nvinitx.dll
2012-10-09 17:34:27 ----A---- C:\Windows\system32\nvdispgenco64.dll
2012-10-09 17:34:27 ----A---- C:\Windows\system32\nvcompiler.dll
2012-10-09 17:34:27 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2012-10-09 17:34:26 ----A---- C:\Windows\SYSWOW64\nvumdshim.dll
2012-10-09 17:09:33 ----D---- C:\Program Files\Common Files\Macrovision Shared
2012-10-09 17:08:36 ----D---- C:\Users\Ondrej\AppData\Roaming\Autodesk
2012-10-09 17:08:36 ----D---- C:\ProgramData\Autodesk
2012-10-09 17:08:36 ----D---- C:\Program Files\Common Files\Autodesk Shared
2012-10-09 17:08:36 ----D---- C:\Program Files\AutoCAD 2010
2012-10-07 14:06:43 ----D---- C:\Program Files (x86)\LOLReplay
2012-10-05 13:42:42 ----D---- C:\$WINDOWS.~BT
2012-10-03 20:54:06 ----D---- C:\Program Files (x86)\2K Games
2012-10-02 22:09:10 ----A---- C:\Windows\system32\drivers\VBoxDrv.sys
2012-10-02 22:08:50 ----A---- C:\Windows\system32\drivers\VBoxUSBMon.sys
2012-10-02 22:08:38 ----D---- C:\Program Files\Oracle
2012-10-02 20:04:14 ----D---- C:\Users\Ondrej\AppData\Roaming\SpeedyPC Software
2012-10-02 20:04:14 ----D---- C:\Users\Ondrej\AppData\Roaming\DriverCure
2012-10-02 19:11:37 ----D---- C:\Users\Ondrej\AppData\Roaming\Anvisoft
2012-10-02 19:10:49 ----D---- C:\ProgramData\Anvisoft
2012-10-02 19:10:47 ----D---- C:\Program Files (x86)\Anvisoft
2012-10-02 18:58:54 ----A---- C:\TDSSKiller.2.8.10.0_02.10.2012_18.58.54_log.txt
2012-10-02 18:17:01 ----D---- C:\Program Files\Enigma Software Group
2012-10-02 18:16:25 ----D---- C:\Windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP
2012-10-02 17:12:33 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2012-10-02 17:12:33 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2012-10-02 17:12:33 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2012-10-02 17:12:33 ----A---- C:\Windows\SYSWOW64\ieui.dll
2012-10-02 17:12:33 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2012-10-02 17:12:33 ----A---- C:\Windows\system32\mshtmled.dll
2012-10-02 17:12:33 ----A---- C:\Windows\system32\mshtml.dll
2012-10-02 17:12:33 ----A---- C:\Windows\system32\msfeeds.dll
2012-10-02 17:12:33 ----A---- C:\Windows\system32\ieui.dll
2012-10-02 17:12:33 ----A---- C:\Windows\system32\ieframe.dll
2012-10-02 17:12:32 ----A---- C:\Windows\SYSWOW64\wininet.dll
2012-10-02 17:12:32 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2012-10-02 17:12:32 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2012-10-02 17:12:32 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2012-10-02 17:12:32 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2012-10-02 17:12:32 ----A---- C:\Windows\SYSWOW64\jscript.dll
2012-10-02 17:12:32 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2012-10-02 17:12:32 ----A---- C:\Windows\system32\wininet.dll
2012-10-02 17:12:32 ----A---- C:\Windows\system32\vbscript.dll
2012-10-02 17:12:32 ----A---- C:\Windows\system32\urlmon.dll
2012-10-02 17:12:32 ----A---- C:\Windows\system32\jsproxy.dll
2012-10-02 17:12:32 ----A---- C:\Windows\system32\jscript9.dll
2012-10-02 17:12:32 ----A---- C:\Windows\system32\jscript.dll
2012-10-02 17:12:32 ----A---- C:\Windows\system32\ieUnatt.exe
2012-10-02 17:12:31 ----A---- C:\Windows\SYSWOW64\url.dll
2012-10-02 17:12:31 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2012-10-02 17:12:31 ----A---- C:\Windows\system32\url.dll
2012-10-02 17:12:31 ----A---- C:\Windows\system32\iertutil.dll
2012-10-02 17:11:45 ----A---- C:\Windows\system32\OxpsConverter.exe
2012-10-02 17:11:23 ----A---- C:\Windows\SYSWOW64\d3d10level9.dll
2012-10-02 17:11:23 ----A---- C:\Windows\system32\d3d10level9.dll
2012-10-02 17:10:46 ----A---- C:\Windows\system32\drivers\tcpip.sys
2012-10-02 17:10:46 ----A---- C:\Windows\system32\drivers\netio.sys
2012-10-02 17:10:46 ----A---- C:\Windows\system32\drivers\FWPKCLNT.SYS
2012-10-02 17:10:28 ----A---- C:\Windows\system32\drivers\RNDISMP.sys
2012-10-02 17:10:28 ----A---- C:\Windows\system32\drivers\ndis.sys
2012-10-02 17:10:08 ----A---- C:\Windows\SYSWOW64\win32spl.dll
2012-10-02 17:10:08 ----A---- C:\Windows\system32\win32spl.dll
2012-10-02 17:10:08 ----A---- C:\Windows\system32\spoolsv.exe
2012-10-02 17:10:08 ----A---- C:\Windows\splwow64.exe
2012-10-02 17:09:50 ----A---- C:\Windows\SYSWOW64\netapi32.dll
2012-10-02 17:09:50 ----A---- C:\Windows\SYSWOW64\browcli.dll
2012-10-02 17:09:50 ----A---- C:\Windows\system32\netapi32.dll
2012-10-02 17:09:50 ----A---- C:\Windows\system32\browser.dll
2012-10-02 17:09:50 ----A---- C:\Windows\system32\browcli.dll
2012-10-02 17:09:02 ----A---- C:\Windows\SYSWOW64\srclient.dll
2012-10-02 17:09:02 ----A---- C:\Windows\system32\srcore.dll
2012-10-02 17:08:48 ----A---- C:\Windows\system32\localspl.dll
2012-10-02 17:08:33 ----A---- C:\Windows\system32\win32k.sys
2012-10-02 17:08:18 ----A---- C:\Windows\SYSWOW64\msxml6.dll
2012-10-02 17:08:18 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
2012-10-02 17:08:18 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2012-10-02 17:08:18 ----A---- C:\Windows\system32\msxml6.dll
2012-10-02 17:08:18 ----A---- C:\Windows\system32\msxml3r.dll
2012-10-02 17:08:18 ----A---- C:\Windows\system32\msxml3.dll
2012-10-02 17:07:07 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2012-10-02 17:07:07 ----A---- C:\Windows\SYSWOW64\schannel.dll
2012-10-02 17:07:07 ----A---- C:\Windows\SYSWOW64\secur32.dll
2012-10-02 17:07:07 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2012-10-02 17:07:07 ----A---- C:\Windows\system32\schannel.dll
2012-10-02 17:07:07 ----A---- C:\Windows\system32\ncrypt.dll
2012-10-02 17:07:07 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2012-10-02 17:07:07 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2012-10-02 17:07:07 ----A---- C:\Windows\system32\drivers\cng.sys
2012-10-02 17:06:46 ----A---- C:\Windows\SYSWOW64\shell32.dll
2012-10-02 17:06:46 ----A---- C:\Windows\system32\shell32.dll
2012-10-02 17:06:26 ----A---- C:\Windows\SYSWOW64\cdosys.dll
2012-10-02 17:06:26 ----A---- C:\Windows\system32\cdosys.dll
2012-10-02 17:05:54 ----A---- C:\Windows\system32\rdrmemptylst.exe
2012-10-02 17:05:54 ----A---- C:\Windows\system32\rdpwsx.dll
2012-10-02 17:05:54 ----A---- C:\Windows\system32\rdpcorekmts.dll
2012-10-02 17:05:47 ----A---- C:\Windows\SYSWOW64\qdvd.dll
2012-10-02 17:05:47 ----A---- C:\Windows\system32\qdvd.dll
2012-10-02 17:05:39 ----A---- C:\Windows\system32\rdpcorets.dll
2012-10-02 17:05:39 ----A---- C:\Windows\system32\drivers\rdpwd.sys
2012-10-02 17:01:52 ----A---- C:\Windows\system32\profsvc.dll
2012-10-02 17:01:44 ----A---- C:\Windows\SYSWOW64\msi.dll
2012-10-02 17:01:44 ----A---- C:\Windows\system32\msi.dll
2012-10-02 16:48:11 ----A---- C:\Windows\system32\RegistryDefragBootTime.exe
2012-10-02 16:36:36 ----D---- C:\ProgramData\IObit
2012-10-02 16:33:55 ----D---- C:\Users\Ondrej\AppData\Roaming\IObit
2012-10-02 16:33:54 ----D---- C:\Program Files (x86)\IObit
2012-10-02 16:33:30 ----D---- C:\Program Files\IObit
2012-09-29 12:55:44 ----D---- C:\ProgramData\ESET
2012-09-29 12:55:44 ----D---- C:\Program Files\ESET
2012-09-26 18:47:31 ----D---- C:\Windows\SYSWOW64\C2MP
2012-09-24 20:36:32 ----D---- C:\Users\Ondrej\AppData\Roaming\Soldat
2012-09-24 20:05:53 ----D---- C:\Program Files (x86)\Payday The Heist
2012-09-24 19:40:39 ----D---- C:\Program Files (x86)\Steam
2012-09-24 17:48:24 ----D---- C:\Program Files (x86)\Tunngle
2012-09-18 20:59:10 ----D---- C:\Program Files (x86)\Left 4 Dead 2
2012-09-17 18:34:28 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2012-09-17 18:14:28 ----D---- C:\Program Files (x86)\Borland
2012-09-17 18:10:51 ----D---- C:\Program Files (x86)\Microsoft Visual Studio .NET 2003
2012-09-16 12:44:27 ----D---- C:\Program Files (x86)\GeoGebra

======List of files/folders modified in the last 1 month======

2012-10-14 21:45:07 ----D---- C:\Windows\Temp
2012-10-14 21:45:05 ----RD---- C:\Program Files
2012-10-14 21:44:27 ----D---- C:\Windows\system32\config
2012-10-14 21:43:29 ----D---- C:\Windows\System32
2012-10-14 21:43:29 ----D---- C:\Windows\inf
2012-10-14 21:43:29 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-10-14 21:39:50 ----D---- C:\Users\Ondrej\AppData\Roaming\Skype
2012-10-14 21:37:18 ----D---- C:\Windows
2012-10-14 21:37:17 ----D---- C:\ProgramData\NVIDIA
2012-10-14 21:08:21 ----D---- C:\Windows\system32\drivers
2012-10-14 21:02:59 ----A---- C:\Windows\system.ini
2012-10-14 21:02:49 ----D---- C:\Windows\system32\drivers\etc
2012-10-14 20:59:30 ----D---- C:\Windows\SYSWOW64\drivers
2012-10-14 20:59:30 ----D---- C:\Windows\SysWOW64
2012-10-14 20:59:30 ----D---- C:\Windows\AppPatch
2012-10-14 20:59:30 ----D---- C:\Program Files (x86)\Common Files
2012-10-14 17:45:21 ----D---- C:\ProgramData
2012-10-14 17:29:16 ----RD---- C:\Program Files (x86)
2012-10-14 17:21:44 ----D---- C:\Windows\system32\catroot2
2012-10-14 17:14:18 ----D---- C:\ProgramData\Spybot - Search & Destroy
2012-10-14 17:14:17 ----D---- C:\Users\Ondrej\AppData\Roaming\TS3Client
2012-10-14 17:13:56 ----D---- C:\Windows\Logs
2012-10-14 17:13:56 ----D---- C:\Windows\debug
2012-10-14 17:12:09 ----D---- C:\Windows\system32\Tasks
2012-10-14 15:30:23 ----SHD---- C:\System Volume Information
2012-10-14 14:36:23 ----D---- C:\Windows\system32\NDF
2012-10-14 12:03:21 ----D---- C:\Program Files (x86)\SpeedFan
2012-10-14 11:52:36 ----D---- C:\ProgramData\TrackMania
2012-10-13 16:51:09 ----D---- C:\Users\Ondrej\AppData\Roaming\BitComet
2012-10-13 08:28:05 ----D---- C:\Windows\winsxs
2012-10-12 22:20:46 ----D---- C:\Windows\SYSWOW64\es-ES
2012-10-12 22:20:46 ----D---- C:\Windows\SYSWOW64\cs-CZ
2012-10-12 22:20:46 ----D---- C:\Windows\system32\es-ES
2012-10-12 22:20:46 ----D---- C:\Windows\system32\cs-CZ
2012-10-12 21:30:22 ----D---- C:\Windows\system32\catroot
2012-10-12 21:23:24 ----D---- C:\Users\Ondrej\AppData\Roaming\DAEMON Tools Lite
2012-10-12 20:31:08 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2012-10-12 16:17:08 ----D---- C:\Downloads
2012-10-12 14:58:57 ----D---- C:\Users\Ondrej\AppData\Roaming\GarenaPlus
2012-10-12 14:58:56 ----D---- C:\ProgramData\GarenaMessenger
2012-10-11 14:59:33 ----SD---- C:\Users\Ondrej\AppData\Roaming\Microsoft
2012-10-09 17:38:00 ----SHD---- C:\Windows\Installer
2012-10-09 17:37:57 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2012-10-09 17:37:12 ----D---- C:\Windows\system32\DriverStore
2012-10-09 17:35:53 ----D---- C:\Temp
2012-10-09 17:35:16 ----D---- C:\Program Files\NVIDIA Corporation
2012-10-09 17:11:16 ----RSD---- C:\Windows\assembly
2012-10-09 17:11:16 ----D---- C:\Windows\Microsoft.NET
2012-10-09 17:10:56 ----D---- C:\Windows\Downloaded Program Files
2012-10-09 17:10:44 ----D---- C:\Windows\Help
2012-10-09 17:09:33 ----D---- C:\Program Files\Common Files
2012-10-09 17:09:11 ----RSD---- C:\Windows\Fonts
2012-10-04 15:16:32 ----D---- C:\Windows\rescache
2012-10-03 21:04:44 ----D---- C:\ProgramData\Tunngle
2012-10-03 20:51:05 ----D---- C:\Users\Ondrej\AppData\Roaming\NVIDIA
2012-10-03 18:42:32 ----D---- C:\Users\Ondrej\AppData\Roaming\Tunngle
2012-10-02 22:09:10 ----DC---- C:\Windows\system32\DRVSTORE
2012-10-02 20:27:55 ----D---- C:\Windows\Tasks
2012-10-02 20:19:49 ----D---- C:\Windows\SYSWOW64\migration
2012-10-02 20:19:49 ----D---- C:\Windows\system32\migration
2012-10-02 20:19:49 ----D---- C:\Program Files\Internet Explorer
2012-10-02 20:19:49 ----D---- C:\Program Files (x86)\Internet Explorer
2012-10-02 19:40:49 ----D---- C:\ProgramData\Adobe
2012-10-02 19:37:03 ----D---- C:\Users\Ondrej\AppData\Roaming\DeepBurner
2012-10-02 19:36:49 ----D---- C:\Windows\Panther
2012-10-02 18:45:23 ----D---- C:\Windows\system32\appmgmt
2012-09-29 12:47:43 ----D---- C:\Windows\Prefetch
2012-09-28 21:49:37 ----D---- C:\Program Files (x86)\TERA
2012-09-28 07:44:18 ----D---- C:\Windows\LiveKernelReports
2012-09-28 00:18:28 ----A---- C:\Windows\system32\MRT.exe
2012-09-24 21:05:25 ----D---- C:\Users\Ondrej\AppData\Roaming\Hamachi
2012-09-19 16:42:02 ----D---- C:\Program Files (x86)\Garena Plus
2012-09-18 21:13:40 ----D---- C:\Windows\SYSWOW64\directx
2012-09-18 21:13:33 ----HD---- C:\Windows\msdownld.tmp
2012-09-18 07:37:19 ----D---- C:\Windows\system32\wdi
2012-09-17 18:17:25 ----RD---- C:\Users
2012-09-17 18:16:09 ----D---- C:\ProgramData\Microsoft Help
2012-09-17 18:12:09 ----SD---- C:\ProgramData\Microsoft
2012-09-17 18:10:52 ----D---- C:\Program Files (x86)\Microsoft Office
2012-09-17 18:10:51 ----D---- C:\Program Files (x86)\Microsoft.NET
2012-09-17 18:09:53 ----D---- C:\Windows\Registration
2012-09-17 18:09:38 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 speedfan;speedfan; C:\Windows\SysWOW64\speedfan.sys [2011-03-18 29592]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2012-05-29 560184]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 AppleCharger;AppleCharger; C:\Windows\system32\DRIVERS\AppleCharger.sys [2010-04-27 21544]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528]
R1 VBoxDrv;VirtualBox Service; C:\Windows\system32\DRIVERS\VBoxDrv.sys [2012-09-13 237400]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [2012-09-13 119640]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2012-03-14 137144]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-06-16 283200]
R3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2012-10-14 25640]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2012-08-05 33344]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-07-28 2445672]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2012-07-03 189288]
R3 PdiPorts;Portrait Displays low level device driver; C:\Windows\system32\DRIVERS\PdiPorts.sys [2009-12-17 20592]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-03-22 347680]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle); C:\Windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2012-09-13 131416]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [2012-09-13 146264]
S1 Uim_IM;Universal Image Mounter Plugin; C:\Windows\System32\Drivers\Uim_IMx64.sys [2010-01-15 158736]
S1 UimBus;Universal Image Mounter Controller; C:\Windows\system32\DRIVERS\uimx64.sys [2010-01-15 48144]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver; C:\Windows\System32\Drivers\ssadadb.sys [2011-05-13 36328]
S3 ATICDSDr;ATICDSDr; \??\C:\Users\Ondrej\AppData\Local\Temp\ATICDSDr.sys []
S3 Bridge;@%SystemRoot%\system32\bridgeres.dll,-3; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 dgderdrv;dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys []
S3 esgiguard;esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys []
S3 etdrv;etdrv; \??\C:\Windows\etdrv.sys [2012-05-29 25640]
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys []
S3 GVTDrv64;GVTDrv64; \??\C:\Windows\GVTDrv64.sys [2012-05-30 30528]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\ssadserd.sys [2011-05-13 146920]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 usbbus;LGE Mobile Composite USB Device; C:\Windows\system32\DRIVERS\lgx64bus.sys [2008-11-11 17920]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\Windows\system32\DRIVERS\lgx64diag.sys [2008-11-11 27136]
S3 USBModem;LGE Mobile USB Modem; C:\Windows\system32\DRIVERS\lgx64modem.sys [2008-11-11 33792]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
R2 BCUService;Browser Configuration Utility Service; C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464]
R2 DTSRVC;Portrait Displays Display Tune Service; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe [2010-04-30 121456]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-03-07 913144]
R2 ES lite Service;ES lite Service for program management.; C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-08-30 1258856]
R2 PanService;PandoraService; C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [2011-12-21 578264]
R2 PdiService;Portrait Displays SDK Service; C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2009-12-17 109168]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2012-07-12 76888]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-08-30 382312]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-11 136176]
S2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe []
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
S3 AppleChargerSrv;AppleChargerSrv; C:\Windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service; C:\Program Files (x86)\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-10-09 1030600]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-11 136176]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-12 115168]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2011-03-16 407336]
S3 TunngleService;TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2012-07-19 738152]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-05-29 1255736]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]

-----------------EOF-----------------

Zdravím!
Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:

:files
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]

:commands
[Purity]
[Emptytemp]
[Emptyflash]

a klikněte na >MoveIt!<. Po skenu restartujte PC a dejte nový log RSIT.

Vypněte rez štít Spybotu (TeaTimer). Může být v konfliktu s NODem.

Provedl jsem co jste mi nařídil a zde jsou logy z obou programů:

OTM log:

All processes killed
========== FILES ==========
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll moved successfully.
C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Ondrej
->Temp folder emptied: 123300 bytes
->Temporary Internet Files folder emptied: 3655850 bytes
->Java cache emptied: 700423 bytes
->FireFox cache emptied: 82312245 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 2076 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1714316 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 836 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36028544 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 119,00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Ondrej
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0,00 mb


OTM by OldTimer - Version 3.1.21.0 log created on 10142012_221400

Files moved on Reboot...
C:\Users\Ondrej\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...


Rsit log:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Ondrej at 2012-10-14 22:18:43
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 228 GB (48%) free of 477 GB
Total RAM: 4094 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:18:52, on 14.10.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Clownfish\Clownfish.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\LOLReplay\LOLRecorder.exe
C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Portrait Displays\Pivot Software\floater.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Acer Display\eDisplay Management\DTHtml.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\Ondrej.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files (x86)\Portrait Displays\Pivot Software\wpctrl.exe"
O4 - HKLM\..\Run: [DT ACR] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -ACR
O4 - HKLM\..\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Clownfish] "C:\Program Files (x86)\Clownfish\Clownfish.exe"
O4 - HKCU\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-21-818844184-144965152-1167717117-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-818844184-144965152-1167717117-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Global Startup: LOLRecorder.lnk = C:\Program Files (x86)\LOLReplay\LOLRecorder.exe
O8 - Extra context menu item: &D&escargar &con BitComet - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&escargar todo con BitComet - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{A8C720E5-138E-4046-9CC3-4C3C7D0F137B}: NameServer = 212.158.128.2
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - www.BitComet.com - C:\Program Files (x86)\BitComet\tools\BitCometService.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PandoraService (PanService) - Pandora.TV - C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files (x86)\Tunngle\TnglCtrl.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11280 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
taskeng.exe {2C2F182A-9CB9-44EE-A5CD-4D58F7CC768B}
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe"
"C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe"
"C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe"
"C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE"
"C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe"
"C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\Clownfish\Clownfish.exe"
"C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe"
"C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe"
"C:\Program Files (x86)\Steam\Steam.exe" -silent
"C:\Program Files (x86)\LOLReplay\LOLRecorder.exe" -minimize
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe"
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
C:\Windows\SysWOW64\DllHost.exe /Processid:{3F6B5E16-092A-41ED-930B-0B4125D91D4E}
"C:\Program Files (x86)\Portrait Displays\Pivot Software\floater.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\Acer Display\eDisplay Management\DTHtml.exe" -Customer=ACR -startup_folder -DT_Startup
"C:\Program Files (x86)\Common Files\Portrait Displays\Shared\HookManager.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 532 536 544 65536 540
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"
C:\Windows\system32\sppsvc.exe
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Users\Ondrej\Desktop\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Ondrej\AppData\Roaming\Mozilla\Firefox\Profiles\5bh6hcvu.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "keyword.URL" - "http://www.google.com/search?btnI=I%27m ... e=UTF-8&q="

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.4.402.287 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.7.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\SysWOW64\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.4.402.287 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIBitCometAgent.xpt

C:\Program Files (x86)\Mozilla Firefox\plugins\
np-mswmp.dll
npBitCometAgent.dll
nppdf32.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\Ondrej\AppData\Roaming\Mozilla\Firefox\Profiles\5bh6hcvu.default\extensions\
{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27 63944]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~2\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-09-04 449512]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-09-04 157672]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-07-28 11101800]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2012-03-07 4081008]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2012-04-17 3671872]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2012-07-13 17418928]
"SpybotSD TeaTimer"=C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]
"Clownfish"=C:\Program Files (x86)\Clownfish\Clownfish.exe [2012-09-27 1122040]
"KiesTrayAgent"=C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [2011-03-17 3373456]
"KiesPDLR"=C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [2011-03-17 19872]
"KiesPreload"=C:\Program Files (x86)\Samsung\Kies\Kies.exe [2011-03-17 896912]
"Steam"=C:\Program Files (x86)\Steam\Steam.exe [2011-09-25 1242448]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"PivotSoftware"=C:\Program Files (x86)\Portrait Displays\Pivot Software\wpctrl.exe [2009-03-03 694824]
"DT ACR"=C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe [2010-04-30 96880]
"BCU"=C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe [2009-10-15 375000]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-27 919008]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
LOLRecorder.lnk - C:\Program Files (x86)\LOLReplay\LOLRecorder.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2012-05-29 249344]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SynchronousUserGroupPolicy"=0
"SynchronousMachineGroupPolicy"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoInstrumentation"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=181
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Downloads\Borderlands.2-SKIDROW\Borderlands.2.Update.3-SKIDROW\Borderlands.2.Update.3.exe"="C:\Downloads\Borderlands.2-SKIDROW\Borderlands.2.Update.3-SKIDROW\Borderlands.2.Update.3.exe:*:Enabled:Windows Messanger"
"C:\Users\Ondrej\AppData\Roaming\RNN1GHJKIG.exe"="C:\Users\Ondrej\AppData\Roaming\RNN1GHJKIG.exe:*:Enabled:Windows Messanger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"vidc.ffds"=ff_vfw.dll
"vidc.lags"=lagarith.dll
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.scr - open - C:\Windows\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2012-10-14 22:14:00 ----D---- C:\_OTM
2012-10-14 21:45:05 ----D---- C:\Program Files\trend micro
2012-10-14 21:25:21 ----SHD---- C:\$RECYCLE.BIN
2012-10-14 21:19:09 ----SD---- C:\ComboFix
2012-10-14 20:47:21 ----A---- C:\AdwCleaner[S2].txt
2012-10-14 20:46:10 ----A---- C:\AdwCleaner[R2].txt
2012-10-14 20:41:27 ----A---- C:\AdwCleaner[R1].txt
2012-10-14 17:12:07 ----D---- C:\Program Files\CCleaner
2012-10-14 16:55:04 ----D---- C:\rsit
2012-10-14 16:55:04 ----D---- C:\Program Files (x86)\trend micro
2012-10-14 15:56:47 ----D---- C:\Users\Ondrej\AppData\Roaming\Malwarebytes
2012-10-14 15:29:59 ----A---- C:\Windows\zip.exe
2012-10-14 15:29:59 ----A---- C:\Windows\SWSC.exe
2012-10-14 15:29:59 ----A---- C:\Windows\SWREG.exe
2012-10-14 15:29:59 ----A---- C:\Windows\sed.exe
2012-10-14 15:29:59 ----A---- C:\Windows\PEV.exe
2012-10-14 15:29:59 ----A---- C:\Windows\MBR.exe
2012-10-14 15:29:59 ----A---- C:\Windows\grep.exe
2012-10-14 15:29:16 ----D---- C:\Qoobox
2012-10-14 15:28:59 ----D---- C:\Windows\erdnt
2012-10-12 21:30:23 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2012-10-12 21:30:23 ----A---- C:\Windows\system32\kerberos.dll
2012-10-12 21:30:05 ----A---- C:\Windows\system32\crypt32.dll
2012-10-12 21:30:04 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll
2012-10-12 21:30:04 ----A---- C:\Windows\SYSWOW64\cryptnet.dll
2012-10-12 21:30:04 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2012-10-12 21:30:04 ----A---- C:\Windows\system32\cryptsvc.dll
2012-10-12 21:30:04 ----A---- C:\Windows\system32\cryptnet.dll
2012-10-12 21:29:27 ----A---- C:\Windows\SYSWOW64\tzres.dll
2012-10-12 21:29:27 ----A---- C:\Windows\system32\tzres.dll
2012-10-12 21:28:34 ----A---- C:\Windows\SYSWOW64\wow32.dll
2012-10-12 21:28:34 ----A---- C:\Windows\SYSWOW64\user.exe
2012-10-12 21:28:34 ----A---- C:\Windows\SYSWOW64\setup16.exe
2012-10-12 21:28:34 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2012-10-12 21:28:34 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2012-10-12 21:28:34 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2012-10-12 21:28:34 ----A---- C:\Windows\SYSWOW64\instnm.exe
2012-10-12 21:28:34 ----A---- C:\Windows\system32\wow64win.dll
2012-10-12 21:28:34 ----A---- C:\Windows\system32\wow64cpu.dll
2012-10-12 21:28:34 ----A---- C:\Windows\system32\wow64.dll
2012-10-12 21:28:34 ----A---- C:\Windows\system32\winsrv.dll
2012-10-12 21:28:34 ----A---- C:\Windows\system32\ntvdm64.dll
2012-10-12 21:28:34 ----A---- C:\Windows\system32\KernelBase.dll
2012-10-12 21:28:34 ----A---- C:\Windows\system32\kernel32.dll
2012-10-12 21:28:34 ----A---- C:\Windows\system32\conhost.exe
2012-10-12 21:28:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-12 21:28:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-12 21:28:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-12 21:28:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-12 21:28:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-10-12 21:28:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-12 21:28:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2012-10-12 21:28:33 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-10-12 21:28:27 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2012-10-12 21:28:27 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-12 21:28:27 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2012-10-12 21:28:27 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-10-12 21:28:27 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-12 21:28:27 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-10-12 21:28:27 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-10-12 21:28:27 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-12 21:28:27 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-10-12 21:28:27 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2012-10-12 21:28:27 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-10-12 21:28:27 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-10-12 21:28:27 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2012-10-12 21:28:26 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2012-10-12 21:28:26 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-10-12 21:28:26 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-12 21:28:26 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-12 21:28:26 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-12 21:28:26 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-10-12 21:28:26 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-10-12 21:28:26 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-10-12 21:28:26 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-10-12 21:28:26 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-10-12 21:28:26 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-12 21:28:26 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-12 21:28:26 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-10-12 21:28:26 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-10-12 21:28:26 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-12 21:28:26 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-10-12 21:28:26 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-12 21:28:26 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-12 21:28:26 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-12 21:28:26 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-10-12 21:28:26 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-10-12 21:28:26 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-12 21:28:26 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-10-12 21:28:26 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-12 21:28:26 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-10-12 21:28:26 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-12 21:28:26 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-10-12 21:28:26 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-10-12 21:28:26 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-10-12 21:28:26 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-10-12 21:28:26 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-12 21:28:26 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-10-12 21:28:26 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-10-12 21:28:26 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-10-12 21:28:26 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-10-12 21:27:24 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2012-10-12 21:27:24 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2012-10-12 21:27:24 ----A---- C:\Windows\system32\ntoskrnl.exe
2012-10-12 21:27:07 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2012-10-12 21:27:07 ----A---- C:\Windows\system32\wintrust.dll
2012-10-12 21:26:58 ----A---- C:\Windows\system32\drivers\ntfs.sys
2012-10-12 20:05:39 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-10-09 17:34:28 ----A---- C:\Windows\SYSWOW64\nvoglv32.dll
2012-10-09 17:34:28 ----A---- C:\Windows\SYSWOW64\nvcuvenc.dll
2012-10-09 17:34:28 ----A---- C:\Windows\system32\nvopencl.dll
2012-10-09 17:34:28 ----A---- C:\Windows\system32\nvhdap64.dll
2012-10-09 17:34:28 ----A---- C:\Windows\system32\nvcuvid.dll
2012-10-09 17:34:28 ----A---- C:\Windows\system32\nvcuvenc.dll
2012-10-09 17:34:28 ----A---- C:\Windows\system32\nvcuda.dll
2012-10-09 17:34:28 ----A---- C:\Windows\system32\drivers\nvhda64v.sys
2012-10-09 17:34:27 ----A---- C:\Windows\SYSWOW64\nvopencl.dll
2012-10-09 17:34:27 ----A---- C:\Windows\SYSWOW64\nvinit.dll
2012-10-09 17:34:27 ----A---- C:\Windows\SYSWOW64\nvcuvid.dll
2012-10-09 17:34:27 ----A---- C:\Windows\SYSWOW64\nvcuda.dll
2012-10-09 17:34:27 ----A---- C:\Windows\SYSWOW64\nvcompiler.dll
2012-10-09 17:34:27 ----A---- C:\Windows\system32\nvoglv64.dll
2012-10-09 17:34:27 ----A---- C:\Windows\system32\nvinitx.dll
2012-10-09 17:34:27 ----A---- C:\Windows\system32\nvdispgenco64.dll
2012-10-09 17:34:27 ----A---- C:\Windows\system32\nvcompiler.dll
2012-10-09 17:34:27 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2012-10-09 17:34:26 ----A---- C:\Windows\SYSWOW64\nvumdshim.dll
2012-10-09 17:09:33 ----D---- C:\Program Files\Common Files\Macrovision Shared
2012-10-09 17:08:36 ----D---- C:\Users\Ondrej\AppData\Roaming\Autodesk
2012-10-09 17:08:36 ----D---- C:\ProgramData\Autodesk
2012-10-09 17:08:36 ----D---- C:\Program Files\Common Files\Autodesk Shared
2012-10-09 17:08:36 ----D---- C:\Program Files\AutoCAD 2010
2012-10-07 14:06:43 ----D---- C:\Program Files (x86)\LOLReplay
2012-10-05 13:42:42 ----D---- C:\$WINDOWS.~BT
2012-10-03 20:54:06 ----D---- C:\Program Files (x86)\2K Games
2012-10-02 22:09:10 ----A---- C:\Windows\system32\drivers\VBoxDrv.sys
2012-10-02 22:08:50 ----A---- C:\Windows\system32\drivers\VBoxUSBMon.sys
2012-10-02 22:08:38 ----D---- C:\Program Files\Oracle
2012-10-02 20:04:14 ----D---- C:\Users\Ondrej\AppData\Roaming\SpeedyPC Software
2012-10-02 20:04:14 ----D---- C:\Users\Ondrej\AppData\Roaming\DriverCure
2012-10-02 19:11:37 ----D---- C:\Users\Ondrej\AppData\Roaming\Anvisoft
2012-10-02 19:10:49 ----D---- C:\ProgramData\Anvisoft
2012-10-02 19:10:47 ----D---- C:\Program Files (x86)\Anvisoft
2012-10-02 18:58:54 ----A---- C:\TDSSKiller.2.8.10.0_02.10.2012_18.58.54_log.txt
2012-10-02 18:17:01 ----D---- C:\Program Files\Enigma Software Group
2012-10-02 17:12:33 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2012-10-02 17:12:33 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2012-10-02 17:12:33 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2012-10-02 17:12:33 ----A---- C:\Windows\SYSWOW64\ieui.dll
2012-10-02 17:12:33 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2012-10-02 17:12:33 ----A---- C:\Windows\system32\mshtmled.dll
2012-10-02 17:12:33 ----A---- C:\Windows\system32\mshtml.dll
2012-10-02 17:12:33 ----A---- C:\Windows\system32\msfeeds.dll
2012-10-02 17:12:33 ----A---- C:\Windows\system32\ieui.dll
2012-10-02 17:12:33 ----A---- C:\Windows\system32\ieframe.dll
2012-10-02 17:12:32 ----A---- C:\Windows\SYSWOW64\wininet.dll
2012-10-02 17:12:32 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2012-10-02 17:12:32 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2012-10-02 17:12:32 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2012-10-02 17:12:32 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2012-10-02 17:12:32 ----A---- C:\Windows\SYSWOW64\jscript.dll
2012-10-02 17:12:32 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2012-10-02 17:12:32 ----A---- C:\Windows\system32\wininet.dll
2012-10-02 17:12:32 ----A---- C:\Windows\system32\vbscript.dll
2012-10-02 17:12:32 ----A---- C:\Windows\system32\urlmon.dll
2012-10-02 17:12:32 ----A---- C:\Windows\system32\jsproxy.dll
2012-10-02 17:12:32 ----A---- C:\Windows\system32\jscript9.dll
2012-10-02 17:12:32 ----A---- C:\Windows\system32\jscript.dll
2012-10-02 17:12:32 ----A---- C:\Windows\system32\ieUnatt.exe
2012-10-02 17:12:31 ----A---- C:\Windows\SYSWOW64\url.dll
2012-10-02 17:12:31 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2012-10-02 17:12:31 ----A---- C:\Windows\system32\url.dll
2012-10-02 17:12:31 ----A---- C:\Windows\system32\iertutil.dll
2012-10-02 17:11:45 ----A---- C:\Windows\system32\OxpsConverter.exe
2012-10-02 17:11:23 ----A---- C:\Windows\SYSWOW64\d3d10level9.dll
2012-10-02 17:11:23 ----A---- C:\Windows\system32\d3d10level9.dll
2012-10-02 17:10:46 ----A---- C:\Windows\system32\drivers\tcpip.sys
2012-10-02 17:10:46 ----A---- C:\Windows\system32\drivers\netio.sys
2012-10-02 17:10:46 ----A---- C:\Windows\system32\drivers\FWPKCLNT.SYS
2012-10-02 17:10:28 ----A---- C:\Windows\system32\drivers\RNDISMP.sys
2012-10-02 17:10:28 ----A---- C:\Windows\system32\drivers\ndis.sys
2012-10-02 17:10:08 ----A---- C:\Windows\SYSWOW64\win32spl.dll
2012-10-02 17:10:08 ----A---- C:\Windows\system32\win32spl.dll
2012-10-02 17:10:08 ----A---- C:\Windows\system32\spoolsv.exe
2012-10-02 17:10:08 ----A---- C:\Windows\splwow64.exe
2012-10-02 17:09:50 ----A---- C:\Windows\SYSWOW64\netapi32.dll
2012-10-02 17:09:50 ----A---- C:\Windows\SYSWOW64\browcli.dll
2012-10-02 17:09:50 ----A---- C:\Windows\system32\netapi32.dll
2012-10-02 17:09:50 ----A---- C:\Windows\system32\browser.dll
2012-10-02 17:09:50 ----A---- C:\Windows\system32\browcli.dll
2012-10-02 17:09:02 ----A---- C:\Windows\SYSWOW64\srclient.dll
2012-10-02 17:09:02 ----A---- C:\Windows\system32\srcore.dll
2012-10-02 17:08:48 ----A---- C:\Windows\system32\localspl.dll
2012-10-02 17:08:33 ----A---- C:\Windows\system32\win32k.sys
2012-10-02 17:08:18 ----A---- C:\Windows\SYSWOW64\msxml6.dll
2012-10-02 17:08:18 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
2012-10-02 17:08:18 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2012-10-02 17:08:18 ----A---- C:\Windows\system32\msxml6.dll
2012-10-02 17:08:18 ----A---- C:\Windows\system32\msxml3r.dll
2012-10-02 17:08:18 ----A---- C:\Windows\system32\msxml3.dll
2012-10-02 17:07:07 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2012-10-02 17:07:07 ----A---- C:\Windows\SYSWOW64\schannel.dll
2012-10-02 17:07:07 ----A---- C:\Windows\SYSWOW64\secur32.dll
2012-10-02 17:07:07 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2012-10-02 17:07:07 ----A---- C:\Windows\system32\schannel.dll
2012-10-02 17:07:07 ----A---- C:\Windows\system32\ncrypt.dll
2012-10-02 17:07:07 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2012-10-02 17:07:07 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2012-10-02 17:07:07 ----A---- C:\Windows\system32\drivers\cng.sys
2012-10-02 17:06:46 ----A---- C:\Windows\SYSWOW64\shell32.dll
2012-10-02 17:06:46 ----A---- C:\Windows\system32\shell32.dll
2012-10-02 17:06:26 ----A---- C:\Windows\SYSWOW64\cdosys.dll
2012-10-02 17:06:26 ----A---- C:\Windows\system32\cdosys.dll
2012-10-02 17:05:54 ----A---- C:\Windows\system32\rdrmemptylst.exe
2012-10-02 17:05:54 ----A---- C:\Windows\system32\rdpwsx.dll
2012-10-02 17:05:54 ----A---- C:\Windows\system32\rdpcorekmts.dll
2012-10-02 17:05:47 ----A---- C:\Windows\SYSWOW64\qdvd.dll
2012-10-02 17:05:47 ----A---- C:\Windows\system32\qdvd.dll
2012-10-02 17:05:39 ----A---- C:\Windows\system32\rdpcorets.dll
2012-10-02 17:05:39 ----A---- C:\Windows\system32\drivers\rdpwd.sys
2012-10-02 17:01:52 ----A---- C:\Windows\system32\profsvc.dll
2012-10-02 17:01:44 ----A---- C:\Windows\SYSWOW64\msi.dll
2012-10-02 17:01:44 ----A---- C:\Windows\system32\msi.dll
2012-10-02 16:48:11 ----A---- C:\Windows\system32\RegistryDefragBootTime.exe
2012-10-02 16:36:36 ----D---- C:\ProgramData\IObit
2012-10-02 16:33:55 ----D---- C:\Users\Ondrej\AppData\Roaming\IObit
2012-10-02 16:33:54 ----D---- C:\Program Files (x86)\IObit
2012-10-02 16:33:30 ----D---- C:\Program Files\IObit
2012-09-29 12:55:44 ----D---- C:\ProgramData\ESET
2012-09-29 12:55:44 ----D---- C:\Program Files\ESET
2012-09-26 18:47:31 ----D---- C:\Windows\SYSWOW64\C2MP
2012-09-24 20:36:32 ----D---- C:\Users\Ondrej\AppData\Roaming\Soldat
2012-09-24 20:05:53 ----D---- C:\Program Files (x86)\Payday The Heist
2012-09-24 19:40:39 ----D---- C:\Program Files (x86)\Steam
2012-09-24 17:48:24 ----D---- C:\Program Files (x86)\Tunngle
2012-09-18 20:59:10 ----D---- C:\Program Files (x86)\Left 4 Dead 2
2012-09-17 18:34:28 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2012-09-17 18:14:28 ----D---- C:\Program Files (x86)\Borland
2012-09-17 18:10:51 ----D---- C:\Program Files (x86)\Microsoft Visual Studio .NET 2003
2012-09-16 12:44:27 ----D---- C:\Program Files (x86)\GeoGebra

======List of files/folders modified in the last 1 month======

2012-10-14 22:18:44 ----D---- C:\Windows\Temp
2012-10-14 22:16:55 ----D---- C:\Users\Ondrej\AppData\Roaming\Skype
2012-10-14 22:15:04 ----D---- C:\ProgramData\NVIDIA
2012-10-14 22:14:11 ----D---- C:\Windows
2012-10-14 22:14:00 ----D---- C:\Windows\Tasks
2012-10-14 21:54:43 ----D---- C:\Windows\system32\config
2012-10-14 21:45:05 ----RD---- C:\Program Files
2012-10-14 21:43:29 ----D---- C:\Windows\System32
2012-10-14 21:43:29 ----D---- C:\Windows\inf
2012-10-14 21:43:29 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-10-14 21:08:21 ----D---- C:\Windows\system32\drivers
2012-10-14 21:02:59 ----A---- C:\Windows\system.ini
2012-10-14 21:02:49 ----D---- C:\Windows\system32\drivers\etc
2012-10-14 20:59:30 ----D---- C:\Windows\SYSWOW64\drivers
2012-10-14 20:59:30 ----D---- C:\Windows\SysWOW64
2012-10-14 20:59:30 ----D---- C:\Windows\AppPatch
2012-10-14 20:59:30 ----D---- C:\Program Files (x86)\Common Files
2012-10-14 17:45:21 ----D---- C:\ProgramData
2012-10-14 17:29:16 ----RD---- C:\Program Files (x86)
2012-10-14 17:21:44 ----D---- C:\Windows\system32\catroot2
2012-10-14 17:14:18 ----D---- C:\ProgramData\Spybot - Search & Destroy
2012-10-14 17:14:17 ----D---- C:\Users\Ondrej\AppData\Roaming\TS3Client
2012-10-14 17:13:56 ----D---- C:\Windows\Logs
2012-10-14 17:13:56 ----D---- C:\Windows\debug
2012-10-14 17:12:09 ----D---- C:\Windows\system32\Tasks
2012-10-14 15:30:23 ----SHD---- C:\System Volume Information
2012-10-14 14:36:23 ----D---- C:\Windows\system32\NDF
2012-10-14 12:03:21 ----D---- C:\Program Files (x86)\SpeedFan
2012-10-14 11:52:36 ----D---- C:\ProgramData\TrackMania
2012-10-13 16:51:09 ----D---- C:\Users\Ondrej\AppData\Roaming\BitComet
2012-10-13 08:28:05 ----D---- C:\Windows\winsxs
2012-10-12 22:20:46 ----D---- C:\Windows\SYSWOW64\es-ES
2012-10-12 22:20:46 ----D---- C:\Windows\SYSWOW64\cs-CZ
2012-10-12 22:20:46 ----D---- C:\Windows\system32\es-ES
2012-10-12 22:20:46 ----D---- C:\Windows\system32\cs-CZ
2012-10-12 21:30:22 ----D---- C:\Windows\system32\catroot
2012-10-12 21:23:24 ----D---- C:\Users\Ondrej\AppData\Roaming\DAEMON Tools Lite
2012-10-12 20:31:08 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2012-10-12 16:17:08 ----D---- C:\Downloads
2012-10-12 14:58:57 ----D---- C:\Users\Ondrej\AppData\Roaming\GarenaPlus
2012-10-12 14:58:56 ----D---- C:\ProgramData\GarenaMessenger
2012-10-11 14:59:33 ----SD---- C:\Users\Ondrej\AppData\Roaming\Microsoft
2012-10-09 17:38:00 ----SHD---- C:\Windows\Installer
2012-10-09 17:37:57 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2012-10-09 17:37:12 ----D---- C:\Windows\system32\DriverStore
2012-10-09 17:35:53 ----D---- C:\Temp
2012-10-09 17:35:16 ----D---- C:\Program Files\NVIDIA Corporation
2012-10-09 17:11:16 ----RSD---- C:\Windows\assembly
2012-10-09 17:11:16 ----D---- C:\Windows\Microsoft.NET
2012-10-09 17:10:56 ----D---- C:\Windows\Downloaded Program Files
2012-10-09 17:10:44 ----D---- C:\Windows\Help
2012-10-09 17:09:33 ----D---- C:\Program Files\Common Files
2012-10-09 17:09:11 ----RSD---- C:\Windows\Fonts
2012-10-04 15:16:32 ----D---- C:\Windows\rescache
2012-10-03 21:04:44 ----D---- C:\ProgramData\Tunngle
2012-10-03 20:51:05 ----D---- C:\Users\Ondrej\AppData\Roaming\NVIDIA
2012-10-03 18:42:32 ----D---- C:\Users\Ondrej\AppData\Roaming\Tunngle
2012-10-02 22:09:10 ----DC---- C:\Windows\system32\DRVSTORE
2012-10-02 20:19:49 ----D---- C:\Windows\SYSWOW64\migration
2012-10-02 20:19:49 ----D---- C:\Windows\system32\migration
2012-10-02 20:19:49 ----D---- C:\Program Files\Internet Explorer
2012-10-02 20:19:49 ----D---- C:\Program Files (x86)\Internet Explorer
2012-10-02 19:40:49 ----D---- C:\ProgramData\Adobe
2012-10-02 19:37:03 ----D---- C:\Users\Ondrej\AppData\Roaming\DeepBurner
2012-10-02 19:36:49 ----D---- C:\Windows\Panther
2012-10-02 18:45:23 ----D---- C:\Windows\system32\appmgmt
2012-09-29 12:47:43 ----D---- C:\Windows\Prefetch
2012-09-28 21:49:37 ----D---- C:\Program Files (x86)\TERA
2012-09-28 07:44:18 ----D---- C:\Windows\LiveKernelReports
2012-09-28 00:18:28 ----A---- C:\Windows\system32\MRT.exe
2012-09-24 21:05:25 ----D---- C:\Users\Ondrej\AppData\Roaming\Hamachi
2012-09-19 16:42:02 ----D---- C:\Program Files (x86)\Garena Plus
2012-09-18 21:13:40 ----D---- C:\Windows\SYSWOW64\directx
2012-09-18 07:37:19 ----D---- C:\Windows\system32\wdi
2012-09-17 18:17:25 ----RD---- C:\Users
2012-09-17 18:16:09 ----D---- C:\ProgramData\Microsoft Help
2012-09-17 18:12:09 ----SD---- C:\ProgramData\Microsoft
2012-09-17 18:10:52 ----D---- C:\Program Files (x86)\Microsoft Office
2012-09-17 18:10:51 ----D---- C:\Program Files (x86)\Microsoft.NET
2012-09-17 18:09:53 ----D---- C:\Windows\Registration
2012-09-17 18:09:38 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 speedfan;speedfan; C:\Windows\SysWOW64\speedfan.sys [2011-03-18 29592]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2012-05-29 560184]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 AppleCharger;AppleCharger; C:\Windows\system32\DRIVERS\AppleCharger.sys [2010-04-27 21544]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528]
R1 VBoxDrv;VirtualBox Service; C:\Windows\system32\DRIVERS\VBoxDrv.sys [2012-09-13 237400]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [2012-09-13 119640]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2012-03-14 137144]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-06-16 283200]
R3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2012-10-14 25640]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2012-08-05 33344]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-07-28 2445672]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2012-07-03 189288]
R3 PdiPorts;Portrait Displays low level device driver; C:\Windows\system32\DRIVERS\PdiPorts.sys [2009-12-17 20592]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-03-22 347680]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle); C:\Windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2012-09-13 131416]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [2012-09-13 146264]
S1 Uim_IM;Universal Image Mounter Plugin; C:\Windows\System32\Drivers\Uim_IMx64.sys [2010-01-15 158736]
S1 UimBus;Universal Image Mounter Controller; C:\Windows\system32\DRIVERS\uimx64.sys [2010-01-15 48144]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver; C:\Windows\System32\Drivers\ssadadb.sys [2011-05-13 36328]
S3 ATICDSDr;ATICDSDr; \??\C:\Users\Ondrej\AppData\Local\Temp\ATICDSDr.sys []
S3 Bridge;@%SystemRoot%\system32\bridgeres.dll,-3; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 dgderdrv;dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys []
S3 esgiguard;esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys []
S3 etdrv;etdrv; \??\C:\Windows\etdrv.sys [2012-05-29 25640]
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys []
S3 GVTDrv64;GVTDrv64; \??\C:\Windows\GVTDrv64.sys [2012-05-30 30528]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\ssadserd.sys [2011-05-13 146920]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 usbbus;LGE Mobile Composite USB Device; C:\Windows\system32\DRIVERS\lgx64bus.sys [2008-11-11 17920]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\Windows\system32\DRIVERS\lgx64diag.sys [2008-11-11 27136]
S3 USBModem;LGE Mobile USB Modem; C:\Windows\system32\DRIVERS\lgx64modem.sys [2008-11-11 33792]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
R2 BCUService;Browser Configuration Utility Service; C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464]
R2 DTSRVC;Portrait Displays Display Tune Service; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe [2010-04-30 121456]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-03-07 913144]
R2 ES lite Service;ES lite Service for program management.; C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-08-30 1258856]
R2 PanService;PandoraService; C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [2011-12-21 578264]
R2 PdiService;Portrait Displays SDK Service; C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2009-12-17 109168]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2012-07-12 76888]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-08-30 382312]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-11 136176]
S2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe []
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
S3 AppleChargerSrv;AppleChargerSrv; C:\Windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service; C:\Program Files (x86)\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-10-09 1030600]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-11 136176]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-12 115168]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2011-03-16 407336]
S3 TunngleService;TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2012-07-19 738152]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-05-29 1255736]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]

-----------------EOF-----------------

Dvouklikem na soubor C:\Program Files\trend micro\Ondrej.exe spusťte HijackThis. Klikněte na "Do a system scan only" a v otevřeném okně vlevo ve čtverečcích zaškretněte:

O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)

Klikněte na >FixChecked<. Pak znovu spusťte OTM a klikněte na >CleanUp!<. OTM po sobě uklidí. Nakonec restartujte PC.

OK udělal jsem to a zatím to vypadá dobře, podívám se na přijaté bajty za 30 min. Každopádně velké díky za pomoc. Oceňuji Vaši práci a třeba v příštím roce, na vysoké škole se tomuhle tématu budu věnovat také. Přeju hodně zdaru a co nejméně nově vytvořených virů

No tak nevím zda to fungovalo tak jak mělo. Už teď mam 100 ping a velikost přijatých bajtů je 10x větší než bajtů odeslaných. Je možné, že to takhle má být, ale ten ping je vysoký.

Souhlasím, že ping je vysoký. Zkuste:

1. Startmenu>přík. řádek>(napsat) netsh winsock reset>Enter a restart PC. Příkaz resetuje TCP/IP protokol.
2. Restartujte modem, příp. další síť. prvek v datové cestě.

No vypadá to, že by to mohlo fungovat. Díky

Nemáte zač!