Pomalé internetové spojení - pokračování

Zpráva

tomasr · #1 Příspěvek od **tomasr** » 23 pro 2012 17:25

Vlákno http://forum.viry.cz/viewtopic.php?f=13&t=126656 je již uzamčené, tak jsem otevřel nopvé. Jelikož mi superantispaware nalezl spoustu infikovaných souborů (mezi nimi i 4 v avastu), tak ještě přikládám log z MBAM

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Verze databáze: v2012.12.23.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Rychetský :: RYCHETSKY-THINK [administrátor]

23.12.2012 17:21:20
mbam-log-2012-12-23 (17-25-11).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 208719
Uplynulý čas: 2 minut, 21 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 18
HKCR\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Funmoods) -> Žádná instrukce nebyla provedena.
HKCR\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} (PUP.Funmoods) -> Žádná instrukce nebyla provedena.
HKCR\esrv.funmoodsESrvc.1 (PUP.Funmoods) -> Žádná instrukce nebyla provedena.
HKCR\esrv.funmoodsESrvc (PUP.Funmoods) -> Žádná instrukce nebyla provedena.
HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Žádná instrukce nebyla provedena.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Žádná instrukce nebyla provedena.
HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Žádná instrukce nebyla provedena.
HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Žádná instrukce nebyla provedena.
HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Žádná instrukce nebyla provedena.
HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Žádná instrukce nebyla provedena.
HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Žádná instrukce nebyla provedena.
HKCR\f (PUP.Funmoods) -> Žádná instrukce nebyla provedena.
HKCR\CLSID\{f34c9277-6577-4dff-b2d7-7d58092f272f} (PUP.Datamngr) -> Žádná instrukce nebyla provedena.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F34C9277-6577-4DFF-B2D7-7D58092F272F} (PUP.Datamngr) -> Žádná instrukce nebyla provedena.
HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Žádná instrukce nebyla provedena.
HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\Funmoods (PUP.FunMoods) -> Žádná instrukce nebyla provedena.
HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> Žádná instrukce nebyla provedena.

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 2
C:\Users\Rychetský\AppData\LocalLow\Funmoods (PUP.FunMoods) -> Žádná instrukce nebyla provedena.
C:\Users\Rychetský\AppData\LocalLow\Funmoods\Funmoods (PUP.FunMoods) -> Žádná instrukce nebyla provedena.

Nalezené soubory: 1
C:\Users\Rychetský\AppData\Local\funmoods.crx (PUP.Funmoods) -> Žádná instrukce nebyla provedena.

(konec)

#2 Příspěvek od **Márty84** » 23 pro 2012 18:01

Zdravim

Jsou to zbytky toho, co uz smazal ComboFix. Vsechno to nechte odstranit.

Muzete najit log ze SAS, pripadne se podivat do jeho karanteny a zkopirovat sem co nasel?

tomasr · #3 Příspěvek od **tomasr** » 23 pro 2012 18:40

Také zdravím,
smazal jsem je a sas opět našel tyto věci, ikdyž jsem je až na ten avast smazal. Co by se s tím dalo dělat?

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/23/2012 at 06:38 PM

Application Version : 5.6.1014

Core Rules Database Version : 9775
Trace Rules Database Version: 7587

Scan type : Quick Scan
Total Scan Time : 00:02:42

Operating System Information
Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 794
Memory threats detected : 1
Registry items scanned : 61362
Registry threats detected : 84
File items scanned : 10632
File threats detected : 7

Security.HiJack[ImageFileExecutionOptions]
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\7ZA.EXE
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\7ZA.EXE#debugger
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CONVERTINKSTORE.EXE
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CONVERTINKSTORE.EXE#debugger
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CSSLAUNCHER.EXE
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CSSLAUNCHER.EXE#debugger
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DM.EXE
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DM.EXE#debugger
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DPINST64.EXE
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DPINST64.EXE#debugger
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DW20.EXE
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DW20.EXE#debugger
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DWTRIG20.EXE
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DWTRIG20.EXE#debugger
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ENUMCD.EXE
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ENUMCD.EXE#debugger
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FLICKLEARNINGWIZARD.EXE
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FLICKLEARNINGWIZARD.EXE#debugger
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IA.EXE
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IA.EXE#debugger
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ICONVRTR.EXE
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ICONVRTR.EXE#debugger
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IFRMEWRK.EXE
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IFRMEWRK.EXE#debugger
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IMFRMWRK.EXE
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IMFRMWRK.EXE#debugger
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\INKWATSON.EXE
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\INKWATSON.EXE#debugger
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\INPUTPERSONALIZATION.EXE
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\INPUTPERSONALIZATION.EXE#debugger
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\INSTALLER64.EXE
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\INSTALLER64.EXE#debugger
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IPRODIFX.EXE
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IPRODIFX.EXE#debugger
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ITFRMWRK.EXE
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ITFRMWRK.EXE#debugger
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IWRAP.EXE
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IWRAP.EXE#debugger
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LPU.EXE
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LPU.EXE#debugger
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MAPDRV.EXE
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MAPDRV.EXE#debugger
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MIP.EXE
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MIP.EXE#debugger
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MODNAME.EXE
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MODNAME.EXE#debugger
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSINFO32.EXE
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSINFO32.EXE#debugger
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSOXMLED.EXE
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSOXMLED.EXE#debugger
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PANUI.EXE
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PANUI.EXE#debugger
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SHAPECOLLECTOR.EXE
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SHAPECOLLECTOR.EXE#debugger
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\STARTSUSERVICE.EXE
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\STARTSUSERVICE.EXE#debugger
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TABTIP.EXE
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TABTIP.EXE#debugger
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TPISYSIDSU.EXE
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TPISYSIDSU.EXE#debugger
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TVSU.EXE
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TVSU.EXE#debugger
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TVSUCOMMANDLAUNCHER.EXE
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TVSUCOMMANDLAUNCHER.EXE#debugger
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TVSUKERNEL.EXE
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TVSUKERNEL.EXE#debugger
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TVSUREGISTRATION.EXE
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TVSUREGISTRATION.EXE#debugger
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TVTBIOSCHECK.EXE
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TVTBIOSCHECK.EXE#debugger
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UACSDK.EXE
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UACSDK.EXE#debugger
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UNCSERVER.EXE
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UNCSERVER.EXE#debugger
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UNCSETTING.EXE
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UNCSETTING.EXE#debugger
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WINBIOS.EXE
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WINBIOS.EXE#debugger
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WLIDSVC.EXE
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WLIDSVC.EXE#debugger
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WLIDSVCM.EXE
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WLIDSVCM.EXE#debugger

Trojan.Agent/Gen-Agent
C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\AVASTSVC.EXE
C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\AVASTSVC.EXE
(x86) HKLM\System\CurrentControlSet\Services\AVAST! ANTIVIRUS
(x86) HKLM\System\CurrentControlSet\Enum\Root\LEGACY_AVAST! ANTIVIRUS

Adware.Tracking Cookie
.imedia.cz [ C:\USERS\RYCHETSKý\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P706QTFS.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\RYCHETSKý\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P706QTFS.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\RYCHETSKý\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P706QTFS.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\RYCHETSKý\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P706QTFS.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\RYCHETSKý\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P706QTFS.DEFAULT\COOKIES.SQLITE ]
.imedia.cz [ C:\USERS\RYCHETSKý\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P706QTFS.DEFAULT\COOKIES.SQLITE ]

#4 Příspěvek od **Márty84** » 23 pro 2012 18:49

Zkontrolujte tento soubor C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\AVASTSVC.EXE na virustotal, pripadne jotti http://forum.viry.cz/viewtopic.php?f=29&t=5846

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Search a program zacne pracovat.
Az skonci, vyplivne na vas log (pokud ne, najdete ho zde C:\AdwCleaner[R?].txt ), ten mi sem zkopirujte.

tomasr · #5 Příspěvek od **tomasr** » 23 pro 2012 19:02

virustotal:
https://www.virustotal.com/file/d3f5ba7 ... /analysis/

adwCleaner:
# AdwCleaner v2.101 - Logfile created 12/23/2012 at 18:59:38
# Updated 16/12/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Rychetský - RYCHETSKY-THINK
# Boot Mode : Normal
# Running from : C:\Users\Rychetský\Desktop\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

File Found : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml
File Found : C:\Users\Rychetský\AppData\Roaming\Mozilla\Firefox\Profiles\p706qtfs.default\searchplugins\Search_Results.xml
Folder Found : C:\Program Files\Babylon
Folder Found : C:\ProgramData\boost_interprocess
Folder Found : C:\ProgramData\Browser Manager
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Folder Found : C:\ProgramData\Partner
Folder Found : C:\ProgramData\SweetIM
Folder Found : C:\Users\Rychetský\AppData\Local\APN
Folder Found : C:\Users\Rychetský\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Folder Found : C:\Users\Rychetský\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdloijijlkoblmigdofommgnheckmaki
Folder Found : C:\Users\Rychetský\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Folder Found : C:\Users\Rychetský\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Folder Found : C:\Users\Rychetský\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Folder Found : C:\Users\Rychetský\AppData\Local\Ilivid
Folder Found : C:\Users\Rychetský\AppData\LocalLow\SweetIM
Folder Found : C:\Users\Rychetský\AppData\Roaming\Media Finder
Folder Found : C:\Users\Rychetský\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
Folder Found : C:\Windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}

***** [Registry] *****

Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\MediaFinder
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKCU\Software\SweetIM
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Found : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Key Found : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Key Found : HKLM\SOFTWARE\Classes\MF
Key Found : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Key Found : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\sim-packages
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\Software\Funmoods
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Key Found : HKLM\Software\SweetIM
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Found : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Found : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKU\S-1-5-21-4038708335-2182828578-3519129814-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-21-4038708335-2182828578-3519129814-1001\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Key Found : HKU\S-1-5-21-4038708335-2182828578-3519129814-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKU\S-1-5-21-4038708335-2182828578-3519129814-1001\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=irtest1&chnl=irtest1&cd=2XzutAtN2Y1L1Qzu0FtD0D0E0FtC0A0CtCyCzz0D0C0F0BtCtN0D0TzutBtDtCtBtDyCtBtD&cr=1560511177

-\\ Mozilla Firefox v17.0.1 (cs)

Profile name : default
File : C:\Users\Rychetský\AppData\Roaming\Mozilla\Firefox\Profiles\p706qtfs.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v12.0.742.112

File : C:\Users\Rychetský\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [11068 octets] - [23/12/2012 18:59:17]
AdwCleaner[R2].txt - [11050 octets] - [23/12/2012 18:59:38]

########## EOF - C:\AdwCleaner[R2].txt - [11111 octets] ##########

#6 Příspěvek od **Márty84** » 23 pro 2012 19:12

Ty soubory Avastu budou OK, cili falesny polach SAS. Je zajimave, ze na Virustotalu to SAS taky nedetekuje

Znovu ukoncete vsechny programy a spustte AdwCleaner jako spravce.
Tentokrat kliknete na Delete
Program zacne pracovat (muze dojit k restartu pc) a vyplivne dalsi log (pripadne bude zde C:\AdwCleaner [S1].txt ). Ten mi sem zase zkopirujte.

tomasr · #7 Příspěvek od **tomasr** » 23 pro 2012 19:46

To je fakt divné. Uživatelé tam ten soubor ale označujou jako malware.
Má smysl instalovat ten anti PUP malware?

# AdwCleaner v2.101 - Logfile created 12/23/2012 at 19:23:00
# Updated 16/12/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Rychetský - RYCHETSKY-THINK
# Boot Mode : Normal
# Running from : C:\Users\Rychetský\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\ProgramData\Browser Manager
File Deleted : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml
File Deleted : C:\Users\Rychetský\AppData\Roaming\Mozilla\Firefox\Profiles\p706qtfs.default\searchplugins\Search_Results.xml
Folder Deleted : C:\Program Files\Babylon
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\SweetIM
Folder Deleted : C:\Users\Rychetský\AppData\Local\APN
Folder Deleted : C:\Users\Rychetský\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Folder Deleted : C:\Users\Rychetský\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdloijijlkoblmigdofommgnheckmaki
Folder Deleted : C:\Users\Rychetský\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Folder Deleted : C:\Users\Rychetský\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Folder Deleted : C:\Users\Rychetský\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Folder Deleted : C:\Users\Rychetský\AppData\Local\Ilivid
Folder Deleted : C:\Users\Rychetský\AppData\LocalLow\SweetIM
Folder Deleted : C:\Users\Rychetský\AppData\Roaming\Media Finder
Folder Deleted : C:\Users\Rychetský\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
Folder Deleted : C:\Windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}

***** [Registry] *****

Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\MediaFinder
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\SweetIM
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\MF
Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\sim-packages
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\Funmoods
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Key Deleted : HKLM\Software\SweetIM
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=irtest1&chnl=irtest1&cd=2XzutAtN2Y1L1Qzu0FtD0D0E0FtC0A0CtCyCzz0D0C0F0BtCtN0D0TzutBtDtCtBtDyCtBtD&cr=1560511177 --> hxxp://www.google.com

-\\ Mozilla Firefox v17.0.1 (cs)

Profile name : default
File : C:\Users\Rychetský\AppData\Roaming\Mozilla\Firefox\Profiles\p706qtfs.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v12.0.742.112

File : C:\Users\Rychetský\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [11068 octets] - [23/12/2012 18:59:17]
AdwCleaner[R2].txt - [11129 octets] - [23/12/2012 18:59:38]
AdwCleaner[S1].txt - [10757 octets] - [23/12/2012 19:23:00]

########## EOF - C:\AdwCleaner[S1].txt - [10818 octets] ##########

#8 Příspěvek od **Márty84** » 23 pro 2012 19:50

Ja bych to neinstaloval, ani nevim co to je

Dejte sem log z RSIT http://forum.viry.cz/viewtopic.php?f=13&t=105895

tomasr · #9 Příspěvek od **tomasr** » 23 pro 2012 21:33

No je to v tipech toho adwCleaneru ... nejaka utilita, ktera hlida instalaci pup adwaru, což jsou podle mne takovy ty listicky, ktery se cpou pri instalacich ruznych freewsre her, a tak. Bohužel na tomhle pc se instaluje vše aniž by se četlo o co vlastně jde (BFU), tak přemýšlim, jak tohle martyrium pro priste neabsolvovat:)

Logfile of random's system information tool 1.09 (written by random/random)
Run by Rychetský at 2012-12-23 21:32:49
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 184 GB (79%) free of 233 GB
Total RAM: 4007 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:32:54, on 23.12.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
C:\Users\Rychetský\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Program Files (x86)\Lenovo\Client Security Solution\password_manager.exe
C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
C:\Program Files\trend micro\Rychetský.exe
C:\Users\Rychetský\Downloads\RSIT.exe
C:\Program Files (x86)\trend micro\Rychetský.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.myplaycity.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.myplaycity.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O2 - BHO: IEPlugin - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\Rychetský\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\Rychetský\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CE-96B8-444553540000} - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
O23 - Service: @C:\Windows\system32\CxAudMsg64.exe,-100 (CxAudMsg) - Unknown owner - C:\Windows\system32\CxAudMsg64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HyperW7 Service (HyperW7Svc) - Lenovo Group Limited - C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\Windows\system32\ibmpmsvc.exe (file missing)
O23 - Service: Intel(R) Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo Camera Mute (LENOVO.CAMMUTE) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Lenovo Keyboard Noise Reduction (LENOVO.TPKNRSVC) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
O23 - Service: Lenovo Auto Scroll (Lenovo.VIRTSCRLSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PC Speed Up Service (PCSUService) - Unknown owner - C:\Program Files (x86)\Zrychleni Pocitace\PCSUService.exe
O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Cisco EnergyWise Enabler (PwmEWSvc) - Lenovo Group Limited - C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Conexant SmartAudio service (SAService) - Conexant Systems, Inc. - C:\Windows\system32\SAsrv.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files (x86)\Lenovo\System Update\SUService.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Unknown owner - C:\Windows\System32\TPHDEXLG64.exe (file missing)
O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VIPAppService - Symantec Corporation - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13429 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\PC SpeedUp Service Deactivator.job
C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
C:\Windows\tasks\SystemToolsDailyTest.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Rychetský\AppData\Roaming\Mozilla\Firefox\Profiles\p706qtfs.default

prefs.js - "browser.startup.homepage" - "http://www.google.cz"

"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF
"VIP1X@verisign.com"=C:\Program Files (x86)\Symantec\VIP Access Client\

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.5.502.135 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\Rychetský\AppData\Roaming\Mozilla\Firefox\Profiles\p706qtfs.default\extensions\
{ea614400-e918-4741-9a97-7a972ff7c30b}

C:\Users\Rychetský\AppData\Roaming\Mozilla\Firefox\Profiles\p706qtfs.default\searchplugins\
myplaycity.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-02-03 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-10-30 1227736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2012-09-19 192144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2}]
IePasswordManagerHelper Class - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll [2011-06-10 767288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C63CD127-A1CB-4D49-A4F7-D6F88A917BE6}]
Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll [2012-02-13 2105968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-02-03 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-10-30 1227736]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2012-09-19 192144]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-05-12 336384]
"PWMTRV"=rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor []
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-10-30 4297136]
"seznam-listicka-distribuce"=C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [2012-09-13 1009288]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"cz.seznam.software.autoupdate"=C:\Users\Rychetský\AppData\Roaming\Seznam.cz\szninstall.exe [2012-09-13 1009288]
"cz.seznam.software.szndesktop"=C:\Users\Rychetský\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [2012-11-12 91704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCAD"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\7za.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\convertinkstore.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csslauncher.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dm.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpinst64.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dw20.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dwtrig20.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\enumcd.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\flicklearningwizard.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ia.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iconvrtr.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ifrmewrk.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\imfrmwrk.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\inkwatson.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\inputpersonalization.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\installer64.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iprodifx.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\itfrmwrk.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iwrap.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lpu.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mapdrv.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mip.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\modname.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msinfo32.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoxmled.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\panui.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shapecollector.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\startsuservice.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tabtip.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tpisysidsu.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tvsu.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tvsucommandlauncher.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tvsukernel.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tvsuregistration.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tvtbioscheck.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uacsdk.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uncserver.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uncsetting.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winbios.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wlidsvc.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wlidsvcm.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"msacm.siren"=sirenacm.dll
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"msacm.dvacm"=C:\PROGRA~2\COMMON~1\ULEADS~1\vio\dvacm.acm

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2012-12-23 21:32:49 ----D---- C:\Program Files (x86)\trend micro
2012-12-23 20:22:52 ----D---- C:\rsit
2012-12-23 19:23:00 ----A---- C:\AdwCleaner[S1].txt
2012-12-23 18:59:38 ----A---- C:\AdwCleaner[R2].txt
2012-12-23 18:59:17 ----A---- C:\AdwCleaner[R1].txt
2012-12-23 17:17:10 ----D---- C:\Users\Rychetský\AppData\Roaming\Malwarebytes
2012-12-23 17:16:59 ----D---- C:\ProgramData\Malwarebytes
2012-12-23 17:16:58 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-12-23 15:32:46 ----D---- C:\Windows\temp
2012-12-23 15:32:33 ----A---- C:\ComboFix.txt
2012-12-23 15:19:39 ----D---- C:\$RECYCLE.BIN
2012-12-21 22:14:44 ----R---- C:\ComboFix.exe
2012-12-21 19:02:06 ----A---- C:\Windows\zip.exe
2012-12-21 19:02:06 ----A---- C:\Windows\SWSC.exe
2012-12-21 19:02:06 ----A---- C:\Windows\SWREG.exe
2012-12-21 19:02:06 ----A---- C:\Windows\sed.exe
2012-12-21 19:02:06 ----A---- C:\Windows\PEV.exe
2012-12-21 19:02:06 ----A---- C:\Windows\NIRCMD.exe
2012-12-21 19:02:06 ----A---- C:\Windows\MBR.exe
2012-12-21 19:02:06 ----A---- C:\Windows\grep.exe
2012-12-21 19:02:01 ----AD---- C:\Qoobox
2012-12-21 19:01:48 ----D---- C:\Windows\erdnt
2012-12-21 17:18:21 ----D---- C:\Users\Rychetský\AppData\Roaming\SUPERAntiSpyware.com
2012-12-21 17:17:07 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2012-12-17 09:21:16 ----A---- C:\debug.txt
2012-12-14 06:21:06 ----D---- C:\Program Files (x86)\MyPlayCity.com
2012-12-13 08:35:17 ----D---- C:\Program Files (x86)\Phenomedia AG
2012-12-13 08:34:26 ----D---- C:\Windows\_ISTMP1.DIR
2012-12-13 08:34:24 ----D---- C:\ProgramData\Browser Manager
2012-12-13 06:28:48 ----D---- C:\Program Files (x86)\phenomedia
2012-12-12 21:46:36 ----A---- C:\Windows\SysWOW64\vbscript.dll
2012-12-12 21:46:36 ----A---- C:\Windows\SysWOW64\mshtmled.dll
2012-12-12 21:46:35 ----A---- C:\Windows\SysWOW64\url.dll
2012-12-12 21:46:35 ----A---- C:\Windows\SysWOW64\ieUnatt.exe
2012-12-12 21:46:35 ----A---- C:\Windows\SysWOW64\ieui.dll
2012-12-12 21:46:34 ----A---- C:\Windows\SysWOW64\urlmon.dll
2012-12-12 21:46:33 ----A---- C:\Windows\SysWOW64\msfeeds.dll
2012-12-12 21:46:32 ----A---- C:\Windows\SysWOW64\wininet.dll
2012-12-12 21:46:32 ----A---- C:\Windows\SysWOW64\jscript9.dll
2012-12-12 21:46:32 ----A---- C:\Windows\SysWOW64\jscript.dll
2012-12-12 21:46:31 ----A---- C:\Windows\SysWOW64\jsproxy.dll
2012-12-12 21:46:31 ----A---- C:\Windows\SysWOW64\iertutil.dll
2012-12-12 21:46:29 ----A---- C:\Windows\SysWOW64\mshtml.dll
2012-12-12 21:46:27 ----A---- C:\Windows\SysWOW64\ieframe.dll
2012-12-12 05:51:52 ----A---- C:\Windows\SysWOW64\tzres.dll
2012-12-12 05:51:42 ----A---- C:\Windows\SysWOW64\atmlib.dll
2012-12-12 05:51:42 ----A---- C:\Windows\SysWOW64\atmfd.dll
2012-12-12 05:51:33 ----A---- C:\Windows\SysWOW64\kernel32.dll
2012-12-12 05:51:32 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-12-12 05:51:32 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-12-12 05:51:32 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-12-12 05:51:32 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-12-12 05:51:32 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-12-12 05:51:32 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-12-12 05:51:32 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-12-12 05:51:32 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-12-12 05:51:32 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-12-12 05:51:32 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-12-12 05:51:32 ----A---- C:\Windows\SysWOW64\wow32.dll
2012-12-12 05:51:32 ----A---- C:\Windows\SysWOW64\setup16.exe
2012-12-12 05:51:32 ----A---- C:\Windows\SysWOW64\ntvdm64.dll
2012-12-12 05:51:32 ----A---- C:\Windows\SysWOW64\KernelBase.dll
2012-12-12 05:51:32 ----A---- C:\Windows\SysWOW64\instnm.exe
2012-12-12 05:51:31 ----AH---- C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-12-12 05:51:31 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-12-12 05:51:31 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-12-12 05:51:31 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-12-12 05:51:31 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-12-12 05:51:31 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-12-12 05:51:31 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-12-12 05:51:31 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-12-12 05:51:31 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-12-12 05:51:31 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-12-12 05:51:31 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-12-12 05:51:31 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-12-12 05:51:31 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-12-12 05:51:31 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-12-12 05:51:31 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-12-12 05:51:31 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-12-12 05:51:31 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-12-12 05:51:31 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-12-12 05:51:31 ----A---- C:\Windows\SysWOW64\user.exe
2012-12-12 05:51:23 ----A---- C:\Windows\SysWOW64\dpnet.dll
2012-12-10 17:48:14 ----D---- C:\Users\Rychetský\AppData\Roaming\Autodesk
2012-12-10 11:03:42 ----D---- C:\ProgramData\Mozilla
2012-12-10 11:03:41 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2012-12-08 11:04:18 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-12-05 15:43:31 ----D---- C:\Program Files (x86)\hpmonitor
2012-12-05 07:43:49 ----D---- C:\Users\Rychetský\AppData\Roaming\RegistryKeys
2012-12-04 10:44:29 ----D---- C:\Program Files (x86)\Seznam.cz
2012-12-04 10:44:18 ----D---- C:\Users\Rychetský\AppData\Roaming\Seznam.cz
2012-12-04 10:44:06 ----D---- C:\Program Files (x86)\Zrychleni Pocitace
2012-11-28 15:53:21 ----D---- C:\Program Files (x86)\Arkanoid 3
2012-11-28 15:43:29 ----D---- C:\Users\Rychetský\AppData\Roaming\DeepVoyage
2012-11-28 15:26:19 ----D---- C:\ProgramData\rionix

======List of files/folders modified in the last 1 month======

2012-12-23 21:32:54 ----D---- C:\Windows\Prefetch
2012-12-23 21:32:49 ----RD---- C:\Program Files (x86)
2012-12-23 20:22:52 ----RD---- C:\Program Files
2012-12-23 19:30:05 ----D---- C:\Windows\System32
2012-12-23 19:30:05 ----D---- C:\Windows\inf
2012-12-23 19:27:40 ----A---- C:\Windows\SysWOW64\log.txt
2012-12-23 19:25:48 ----D---- C:\Windows
2012-12-23 19:23:02 ----SHD---- C:\Windows\Installer
2012-12-23 19:23:02 ----D---- C:\ProgramData
2012-12-23 15:19:53 ----A---- C:\Windows\system.ini
2012-12-23 15:00:21 ----D---- C:\Windows\SysWOW64\drivers
2012-12-23 15:00:21 ----D---- C:\Windows\SysWOW64
2012-12-23 15:00:21 ----D---- C:\Windows\AppPatch
2012-12-23 15:00:20 ----D---- C:\Program Files (x86)\Common Files
2012-12-23 10:13:44 ----D---- C:\Windows\winsxs
2012-12-23 10:02:51 ----D---- C:\Windows\Tasks
2012-12-22 03:00:27 ----SHD---- C:\System Volume Information
2012-12-21 21:48:18 ----D---- C:\ProgramData\PCDr
2012-12-21 17:53:06 ----D---- C:\SWTOOLS
2012-12-21 17:37:45 ----SD---- C:\ProgramData\Microsoft
2012-12-21 17:37:45 ----D---- C:\Program Files (x86)\Microsoft
2012-12-21 17:32:01 ----HDC---- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2012-12-21 16:50:07 ----D---- C:\Users\Rychetský\AppData\Roaming\Skype
2012-12-14 16:16:36 ----SD---- C:\Users\Rychetský\AppData\Roaming\Microsoft
2012-12-14 16:16:25 ----A---- C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-12-13 07:01:57 ----D---- C:\Windows\rescache
2012-12-13 06:33:24 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2012-12-13 06:27:54 ----D---- C:\Program Files (x86)\Common Files\InstallShield
2012-12-13 05:37:58 ----D---- C:\Windows\SysWOW64\cs-CZ
2012-12-13 05:37:55 ----D---- C:\Windows\SysWOW64\migration
2012-12-13 05:37:55 ----D---- C:\Program Files (x86)\Internet Explorer
2012-12-12 21:46:23 ----D---- C:\ProgramData\Microsoft Help
2012-12-11 09:39:48 ----D---- C:\Windows\twain_32
2012-12-11 09:37:08 ----D---- C:\Program Files (x86)\Microsoft Office
2012-12-11 09:37:03 ----RSD---- C:\Windows\Fonts
2012-12-11 09:37:03 ----D---- C:\Windows\Help
2012-12-11 09:26:12 ----D---- C:\ProgramData\McAfee
2012-12-10 11:03:49 ----D---- C:\Users\Rychetský\AppData\Roaming\Mozilla
2012-12-09 13:25:23 ----D---- C:\Program Files (x86)\Superhry.cz
2012-12-06 11:41:20 ----D---- C:\Windows\AppCompat
2012-12-06 11:41:20 ----D---- C:\ProgramData\Lenovo
2012-12-06 11:41:18 ----D---- C:\Windows\registration
2012-11-28 15:58:31 ----D---- C:\ProgramData\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R0 Shockprf;Shockprf; C:\Windows\System32\DRIVERS\Apsx64.sys []
R0 TPDIGIMN;TPDIGIMN; C:\Windows\System32\DRIVERS\ApsHM64.sys []
R1 aswKbd;aswKbd; C:\Windows\SysWOW64\drivers\aswKbd.sys []
R1 aswRdr;aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys []
R1 aswSnx;aswSnx; C:\Windows\SysWOW64\drivers\aswSnx.sys []
R1 aswSP;aswSP; C:\Windows\SysWOW64\drivers\aswSP.sys []
R1 aswTdi;avast! Network Shield Support; C:\Windows\SysWOW64\drivers\aswTdi.sys []
R1 lenovo.smi;Lenovo System Interface Driver; C:\Windows\system32\DRIVERS\smiifx64.sys []
R1 PHCORE;PHCORE; \??\C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS [2011-07-09 32104]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R1 TPPWRIF;TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys []
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys []
R2 aswFsBlk;aswFsBlk; C:\Windows\SysWOW64\drivers\aswFsBlk.sys []
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys []
R2 risdxc;risdxc; C:\Windows\system32\DRIVERS\risdxc64.sys []
R2 smihlp;SMI Helper Driver (smihlp); \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 13840]
R3 5U877;USB Video Device; C:\Windows\system32\DRIVERS\5U877.sys []
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys []
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys []
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT64.sys []
R3 IBMPMDRV;IBMPMDRV; C:\Windows\system32\DRIVERS\ibmpmdrv.sys []
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys []
R3 intelkmd;intelkmd; C:\Windows\system32\DRIVERS\igdpmd64.sys []
R3 iwdbus;IWD Bus Enumerator; C:\Windows\system32\DRIVERS\iwdbus.sys []
R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys []
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\Windows\system32\DRIVERS\NETwNs64.sys []
R3 psadd;Lenovo Parties Service Access Device Driver; C:\Windows\system32\DRIVERS\psadd.sys []
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys []
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys []
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys []
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys []
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys []
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys []
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys []
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys []
S3 BTWAMPFL;btwampfl; C:\Windows\system32\DRIVERS\btwampfl.sys []
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys []
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\DRIVERS\btwavdt.sys []
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys []
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys []
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys []
S3 intaud_WaveExtensible;Intel WiDi Audio Device; C:\Windows\system32\drivers\intelaud.sys []
S3 PCDSRVC{127174DC-C366ED8B-06020200}_0;PCDSRVC{127174DC-C366ED8B-06020200}_0 - PCDR Kernel Mode Service Helper Driver; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [2011-06-27 25584]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys []
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys []
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys []
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys []
S3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys []
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys []
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe []
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-10-30 44808]
R2 btwdins;Bluetooth Service; C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe [2011-04-28 968480]
R2 CxAudMsg;@C:\Windows\system32\CxAudMsg64.exe,-100; C:\Windows\system32\CxAudMsg64.exe []
R2 IBMPMSVC;ThinkPad PM Service; C:\Windows\system32\ibmpmsvc.exe []
R2 LENOVO.CAMMUTE;Lenovo Camera Mute; C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe [2011-05-31 41320]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction; C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-05-31 59240]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2011-02-22 326168]
R2 PCSUService;PC Speed Up Service; C:\Program Files (x86)\Zrychleni Pocitace\PCSUService.exe [2012-11-07 312176]
R2 PSI_SVC_2;Protexis Licensing V2; C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [2010-03-11 193824]
R2 SAService;Conexant SmartAudio service; C:\Windows\system32\SAsrv.exe [2011-01-07 446592]
R2 TPHKLOAD;Lenovo Hotkey Client Loader; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256]
R2 TPHKSVC;On Screen Display; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2008-01-10 61440]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]
R2 VIPAppService;VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2012-02-13 84080]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-23 136176]
S2 HyperW7Svc;HyperW7 Service; C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe [2011-07-09 144232]
S2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2011-07-28 844560]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
S2 SUService;System Update; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [2011-07-26 28672]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-14 250808]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-19 44376]
S3 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2011-07-28 1517328]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-23 136176]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-31 194032]
S3 jhi_service;Intel(R) Identity Protection Technology Host Interface Service; C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-11-29 115168]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-28 340240]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 Power Manager DBC Service;Power Manager DBC Service; C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-08-31 87400]
S3 PwmEWSvc;Cisco EnergyWise Enabler; C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2011-08-31 173416]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\Windows\System32\TPHDEXLG64.exe []
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe []
S4 avast! Firewall;avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe []
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

#10 Příspěvek od **Márty84** » 23 pro 2012 21:41

Tu utilitku nemam vyzkousenou, takze ji nemuzu s cistym svedomim doporucit

Je tam 64bit system, takze potrebuju log z tohoto RSIT http://images.malwareremoval.com/random/RSITx64.exe

tomasr · #11 Příspěvek od **tomasr** » 23 pro 2012 21:53

Ten se zasek dycky, tak jsem dal tu 32ku, ale teď se mi to podařilo.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Rychetský at 2012-12-23 21:52:19
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 184 GB (79%) free of 233 GB
Total RAM: 4007 MB (57% free)

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
winlogon.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
"C:\Program Files (x86)\Zrychleni Pocitace\PCSUService.exe"
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-33921ef4-ff71-4e7a-bef0-0ba625b954fd -SystemEventPortName:HostProcess-fae7d24a-abac-4612-bd6f-cfc7c235820c -IoCancelEventPortName:HostProcess-76d334dd-d5d8-46ee-aed9-0767491c0ba8 -NonStateChangingEventPortName:HostProcess-fc3c9151-6e25-4834-881d-40056a1a0e10 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:3d830fcf-75b9-416a-bd3e-2508b7d78fb1
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe"
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\system32\WLANExt.exe 23918736
\??\C:\Windows\system32\conhost.exe "-4522346691097944267-15452999985518975-654542837-1374102893-16707356751136649964
C:\Windows\System32\spoolsv.exe
taskeng.exe {607C467D-B305-4870-B722-88111C322377}
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe"
"C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe"
"C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE"
"C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe"
C:\Windows\system32\CxAudMsg64.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe"
"C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe"
"C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe"
"C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe"
"C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe"
C:\Windows\SysWOW64\SAsrv.exe
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 2108
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
"C:\Windows\System32\TpShocks.exe"
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe"
"C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
"C:\Windows\System32\rundll32.exe" C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
atieclxx
taskhost.exe USER
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\rundll32.exe "C:\Program Files\LENOVO\HOTKEY\hotkey.dll",InstallAudioHotkeyHook
C:\PROGRA~1\Lenovo\HOTKEY\MKRMSG.EXE /UEFI\\.\pipe\{C6A9690C-33AE-4a55-8B65-9498CC0A7B34}.MediaKey
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE /UEFI\\.\pipe\{C6A9690C-33AE-4a55-8B65-9498CC0A7B34}.OnScreenDisplay
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
szndesktop.exe default start
"C:\Windows\System32\rundll32.exe" C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
"C:\Program Files\Lenovo\Client Security Solution\password_manager.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Lenovo\Client Security Solution\password_manager.exe"
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Windows\system32\wuauclt.exe"
taskeng.exe {E18083A3-E126-4334-B040-0EDD5187D079}
"C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe" /start
"C:\Program Files\trend micro\Rychetský.exe" /silentautolog
"C:\Windows\system32\taskmgr.exe" /4
"C:\Windows\system32\NOTEPAD.EXE" C:\rsit\log.txt
C:\Windows\system32\igfxsrvc.exe -Embedding
"C:\Users\Rychetský\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\PC SpeedUp Service Deactivator.job
C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
C:\Windows\tasks\SystemToolsDailyTest.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Rychetský\AppData\Roaming\Mozilla\Firefox\Profiles\p706qtfs.default

prefs.js - "browser.startup.homepage" - "http://www.google.cz"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.5.502.135 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.5.502.135 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\Rychetský\AppData\Roaming\Mozilla\Firefox\Profiles\p706qtfs.default\extensions\
{ea614400-e918-4741-9a97-7a972ff7c30b}

C:\Users\Rychetský\AppData\Roaming\Mozilla\Firefox\Profiles\p706qtfs.default\searchplugins\
myplaycity.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2012-10-30 1502288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2012-09-19 253584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C63CD127-A1CB-4D49-A4F7-D6F88A917BE6}]
Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll [2012-02-13 2440304]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-02-03 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-10-30 1227736]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2012-09-19 192144]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2}]
IePasswordManagerHelper Class - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll [2011-06-10 767288]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C63CD127-A1CB-4D49-A4F7-D6F88A917BE6}]
Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll [2012-02-13 2105968]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-02-03 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2012-10-30 1502288]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2012-09-19 253584]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-10-30 1227736]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2012-09-19 192144]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-05-19 2789160]
"IntelPAN"=C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [2011-07-28 1935120]
"TpShocks"=C:\Windows\system32\TpShocks.exe [2011-03-30 380776]
"SmartAudio"=C:\Program Files\CONEXANT\SAII\SAIICpl.exe [2011-04-26 310912]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-08-09 167704]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-08-09 392472]
"Persistence"=C:\Windows\system32\igfxpers.exe [2011-08-09 416024]
"LENOVO.TPKNRRES"=C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [2011-05-31 40808]
"cssauth"=C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [2011-06-10 5990200]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"cz.seznam.software.autoupdate"=C:\Users\Rychetský\AppData\Roaming\Seznam.cz\szninstall.exe [2012-09-13 1009288]
"cz.seznam.software.szndesktop"=C:\Users\Rychetský\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [2012-11-12 91704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALCKRESI.EXE]
C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [2011-05-25 281960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTT]
C:\Program Files\PC-Doctor\EnableToolbarW32.exe [2011-06-27 23120]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSpeedUp]
C:\Program Files (x86)\Zrychleni Pocitace\PCSUNotifier.exe [2012-11-07 255856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2012-11-01 5629312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2011-11-23 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
C:\PROGRA~1\ThinkPad\BLUETO~1\BTTray.exe [2011-04-28 1218336]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-05-12 336384]
"PWMTRV"=rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor []
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-10-30 4297136]
"seznam-listicka-distribuce"=C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [2012-09-13 1009288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2011-08-08 390144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll [2010-12-08 135504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCAD"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\7za.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\convertinkstore.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csslauncher.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dm.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpinst64.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dw20.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dwtrig20.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\enumcd.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\flicklearningwizard.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ia.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iconvrtr.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ifrmewrk.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\imfrmwrk.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\inkwatson.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\inputpersonalization.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\installer64.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iprodifx.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\itfrmwrk.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iwrap.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lpu.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mapdrv.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mip.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\modname.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msinfo32.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoxmled.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\panui.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shapecollector.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\startsuservice.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tabtip.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tpisysidsu.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tvsu.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tvsucommandlauncher.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tvsukernel.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tvsuregistration.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tvtbioscheck.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uacsdk.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uncserver.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uncsetting.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winbios.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wlidsvc.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wlidsvcm.exe]
"Debugger=""C:\Program Files (x86)\Zrychleni Pocitace\PCSUSD.exe" /debugexe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2012-12-23 21:32:49 ----D---- C:\Program Files (x86)\trend micro
2012-12-23 20:22:52 ----D---- C:\rsit
2012-12-23 20:22:52 ----D---- C:\Program Files\trend micro
2012-12-23 19:23:00 ----A---- C:\AdwCleaner[S1].txt
2012-12-23 18:59:38 ----A---- C:\AdwCleaner[R2].txt
2012-12-23 18:59:17 ----A---- C:\AdwCleaner[R1].txt
2012-12-23 17:17:10 ----D---- C:\Users\Rychetský\AppData\Roaming\Malwarebytes
2012-12-23 17:16:59 ----D---- C:\ProgramData\Malwarebytes
2012-12-23 17:16:58 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-12-23 17:16:58 ----A---- C:\Windows\system32\drivers\mbam.sys
2012-12-23 15:32:46 ----D---- C:\Windows\temp
2012-12-23 15:32:33 ----A---- C:\ComboFix.txt
2012-12-23 15:19:39 ----D---- C:\$RECYCLE.BIN
2012-12-21 22:14:44 ----R---- C:\ComboFix.exe
2012-12-21 19:02:06 ----A---- C:\Windows\zip.exe
2012-12-21 19:02:06 ----A---- C:\Windows\SWSC.exe
2012-12-21 19:02:06 ----A---- C:\Windows\SWREG.exe
2012-12-21 19:02:06 ----A---- C:\Windows\sed.exe
2012-12-21 19:02:06 ----A---- C:\Windows\PEV.exe
2012-12-21 19:02:06 ----A---- C:\Windows\NIRCMD.exe
2012-12-21 19:02:06 ----A---- C:\Windows\MBR.exe
2012-12-21 19:02:06 ----A---- C:\Windows\grep.exe
2012-12-21 19:02:01 ----AD---- C:\Qoobox
2012-12-21 19:01:48 ----D---- C:\Windows\erdnt
2012-12-21 17:18:21 ----D---- C:\Users\Rychetský\AppData\Roaming\SUPERAntiSpyware.com
2012-12-21 17:17:07 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2012-12-21 17:17:07 ----D---- C:\Program Files\SUPERAntiSpyware
2012-12-17 09:21:16 ----A---- C:\debug.txt
2012-12-14 06:21:06 ----D---- C:\Program Files (x86)\MyPlayCity.com
2012-12-13 08:35:17 ----D---- C:\Program Files (x86)\Phenomedia AG
2012-12-13 08:34:26 ----D---- C:\Windows\_ISTMP1.DIR
2012-12-13 08:34:24 ----D---- C:\ProgramData\Browser Manager
2012-12-13 06:28:48 ----D---- C:\Program Files (x86)\phenomedia
2012-12-12 21:46:36 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2012-12-12 21:46:36 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2012-12-12 21:46:36 ----A---- C:\Windows\system32\mshtmled.dll
2012-12-12 21:46:35 ----A---- C:\Windows\SYSWOW64\url.dll
2012-12-12 21:46:35 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2012-12-12 21:46:35 ----A---- C:\Windows\SYSWOW64\ieui.dll
2012-12-12 21:46:35 ----A---- C:\Windows\system32\url.dll
2012-12-12 21:46:35 ----A---- C:\Windows\system32\ieUnatt.exe
2012-12-12 21:46:35 ----A---- C:\Windows\system32\ieui.dll
2012-12-12 21:46:34 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2012-12-12 21:46:34 ----A---- C:\Windows\system32\urlmon.dll
2012-12-12 21:46:33 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2012-12-12 21:46:33 ----A---- C:\Windows\system32\msfeeds.dll
2012-12-12 21:46:33 ----A---- C:\Windows\system32\jscript9.dll
2012-12-12 21:46:32 ----A---- C:\Windows\SYSWOW64\wininet.dll
2012-12-12 21:46:32 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2012-12-12 21:46:32 ----A---- C:\Windows\SYSWOW64\jscript.dll
2012-12-12 21:46:32 ----A---- C:\Windows\system32\wininet.dll
2012-12-12 21:46:32 ----A---- C:\Windows\system32\jsproxy.dll
2012-12-12 21:46:31 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2012-12-12 21:46:31 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2012-12-12 21:46:31 ----A---- C:\Windows\system32\vbscript.dll
2012-12-12 21:46:31 ----A---- C:\Windows\system32\jscript.dll
2012-12-12 21:46:31 ----A---- C:\Windows\system32\iertutil.dll
2012-12-12 21:46:29 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2012-12-12 21:46:28 ----A---- C:\Windows\system32\mshtml.dll
2012-12-12 21:46:27 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2012-12-12 21:46:27 ----A---- C:\Windows\system32\ieframe.dll
2012-12-12 05:51:52 ----A---- C:\Windows\SYSWOW64\tzres.dll
2012-12-12 05:51:52 ----A---- C:\Windows\system32\tzres.dll
2012-12-12 05:51:43 ----A---- C:\Windows\system32\win32k.sys
2012-12-12 05:51:42 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2012-12-12 05:51:42 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2012-12-12 05:51:42 ----A---- C:\Windows\system32\atmlib.dll
2012-12-12 05:51:42 ----A---- C:\Windows\system32\atmfd.dll
2012-12-12 05:51:33 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2012-12-12 05:51:33 ----A---- C:\Windows\system32\winsrv.dll
2012-12-12 05:51:33 ----A---- C:\Windows\system32\KernelBase.dll
2012-12-12 05:51:33 ----A---- C:\Windows\system32\kernel32.dll
2012-12-12 05:51:33 ----A---- C:\Windows\system32\conhost.exe
2012-12-12 05:51:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-12-12 05:51:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-12-12 05:51:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2012-12-12 05:51:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-12-12 05:51:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-12-12 05:51:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-12-12 05:51:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-12-12 05:51:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-12-12 05:51:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-12-12 05:51:32 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2012-12-12 05:51:32 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-12-12 05:51:32 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-12-12 05:51:32 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-12-12 05:51:32 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-12-12 05:51:32 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-12-12 05:51:32 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-12-12 05:51:32 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-12-12 05:51:32 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-12-12 05:51:32 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-12-12 05:51:32 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-12-12 05:51:32 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-12-12 05:51:32 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-12-12 05:51:32 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-12-12 05:51:32 ----A---- C:\Windows\SYSWOW64\wow32.dll
2012-12-12 05:51:32 ----A---- C:\Windows\SYSWOW64\setup16.exe
2012-12-12 05:51:32 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2012-12-12 05:51:32 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2012-12-12 05:51:32 ----A---- C:\Windows\SYSWOW64\instnm.exe
2012-12-12 05:51:32 ----A---- C:\Windows\system32\wow64win.dll
2012-12-12 05:51:32 ----A---- C:\Windows\system32\wow64cpu.dll
2012-12-12 05:51:32 ----A---- C:\Windows\system32\wow64.dll
2012-12-12 05:51:32 ----A---- C:\Windows\system32\ntvdm64.dll
2012-12-12 05:51:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2012-12-12 05:51:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-12-12 05:51:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2012-12-12 05:51:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-12-12 05:51:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-12-12 05:51:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-12-12 05:51:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-12-12 05:51:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-12-12 05:51:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2012-12-12 05:51:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-12-12 05:51:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-12-12 05:51:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-12-12 05:51:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-12-12 05:51:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-12-12 05:51:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-12-12 05:51:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-12-12 05:51:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-12-12 05:51:31 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2012-12-12 05:51:31 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-12-12 05:51:31 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-12-12 05:51:31 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-12-12 05:51:31 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-12-12 05:51:31 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-12-12 05:51:31 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-12-12 05:51:31 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-12-12 05:51:31 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-12-12 05:51:31 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-12-12 05:51:31 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-12-12 05:51:31 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-12-12 05:51:31 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-12-12 05:51:31 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-12-12 05:51:31 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-12-12 05:51:31 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-12-12 05:51:31 ----A---- C:\Windows\SYSWOW64\user.exe
2012-12-12 05:51:23 ----A---- C:\Windows\SYSWOW64\dpnet.dll
2012-12-12 05:51:23 ----A---- C:\Windows\system32\dpnet.dll
2012-12-10 17:48:14 ----D---- C:\Users\Rychetský\AppData\Roaming\Autodesk
2012-12-10 11:03:42 ----D---- C:\ProgramData\Mozilla
2012-12-10 11:03:41 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2012-12-08 11:04:18 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-12-05 15:43:31 ----D---- C:\Program Files (x86)\hpmonitor
2012-12-05 07:43:49 ----D---- C:\Users\Rychetský\AppData\Roaming\RegistryKeys
2012-12-04 10:44:29 ----D---- C:\Program Files (x86)\Seznam.cz
2012-12-04 10:44:18 ----D---- C:\Users\Rychetský\AppData\Roaming\Seznam.cz
2012-12-04 10:44:06 ----D---- C:\Program Files (x86)\Zrychleni Pocitace
2012-11-28 15:53:21 ----D---- C:\Program Files (x86)\Arkanoid 3
2012-11-28 15:43:29 ----D---- C:\Users\Rychetský\AppData\Roaming\DeepVoyage
2012-11-28 15:26:19 ----D---- C:\ProgramData\rionix

======List of files/folders modified in the last 1 month======

2012-12-23 21:33:06 ----D---- C:\Windows\Prefetch
2012-12-23 21:32:49 ----RD---- C:\Program Files (x86)
2012-12-23 20:22:52 ----RD---- C:\Program Files
2012-12-23 19:38:57 ----D---- C:\Windows\system32\config
2012-12-23 19:30:05 ----D---- C:\Windows\System32
2012-12-23 19:30:05 ----D---- C:\Windows\inf
2012-12-23 19:30:05 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-12-23 19:27:40 ----A---- C:\Windows\SYSWOW64\log.txt
2012-12-23 19:25:48 ----D---- C:\Windows
2012-12-23 19:23:02 ----SHD---- C:\Windows\Installer
2012-12-23 19:23:02 ----D---- C:\ProgramData
2012-12-23 17:16:58 ----D---- C:\Windows\system32\drivers
2012-12-23 15:19:53 ----A---- C:\Windows\system.ini
2012-12-23 15:19:36 ----D---- C:\Windows\system32\drivers\etc
2012-12-23 15:00:21 ----D---- C:\Windows\SYSWOW64\drivers
2012-12-23 15:00:21 ----D---- C:\Windows\SysWOW64
2012-12-23 15:00:21 ----D---- C:\Windows\AppPatch
2012-12-23 15:00:20 ----D---- C:\Program Files (x86)\Common Files
2012-12-23 10:13:44 ----D---- C:\Windows\winsxs
2012-12-23 10:02:51 ----D---- C:\Windows\Tasks
2012-12-22 03:00:37 ----D---- C:\Windows\system32\catroot2
2012-12-22 03:00:37 ----D---- C:\Windows\system32\catroot
2012-12-22 03:00:27 ----SHD---- C:\System Volume Information
2012-12-21 21:48:18 ----D---- C:\ProgramData\PCDr
2012-12-21 17:53:06 ----D---- C:\SWTOOLS
2012-12-21 17:37:45 ----SD---- C:\ProgramData\Microsoft
2012-12-21 17:37:45 ----D---- C:\Program Files (x86)\Microsoft
2012-12-21 17:32:01 ----HDC---- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2012-12-21 17:31:59 ----D---- C:\Windows\system32\Tasks
2012-12-21 16:50:07 ----D---- C:\Users\Rychetský\AppData\Roaming\Skype
2012-12-14 16:16:36 ----SD---- C:\Users\Rychetský\AppData\Roaming\Microsoft
2012-12-14 16:16:25 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2012-12-13 07:01:57 ----D---- C:\Windows\rescache
2012-12-13 06:33:24 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2012-12-13 05:37:58 ----D---- C:\Windows\SYSWOW64\cs-CZ
2012-12-13 05:37:58 ----D---- C:\Windows\system32\cs-CZ
2012-12-13 05:37:55 ----D---- C:\Windows\SYSWOW64\migration
2012-12-13 05:37:55 ----D---- C:\Windows\system32\migration
2012-12-13 05:37:55 ----D---- C:\Program Files\Internet Explorer
2012-12-13 05:37:55 ----D---- C:\Program Files (x86)\Internet Explorer
2012-12-12 21:47:49 ----A---- C:\Windows\system32\MRT.exe
2012-12-12 21:46:23 ----D---- C:\ProgramData\Microsoft Help
2012-12-11 09:39:48 ----D---- C:\Windows\twain_32
2012-12-11 09:37:08 ----D---- C:\Program Files (x86)\Microsoft Office
2012-12-11 09:37:03 ----RSD---- C:\Windows\Fonts
2012-12-11 09:37:03 ----D---- C:\Windows\Help
2012-12-11 09:26:12 ----D---- C:\ProgramData\McAfee
2012-12-10 11:03:49 ----D---- C:\Users\Rychetský\AppData\Roaming\Mozilla
2012-12-10 06:32:11 ----D---- C:\Windows\system32\NDF
2012-12-09 13:25:23 ----D---- C:\Program Files (x86)\Superhry.cz
2012-12-06 11:41:56 ----D---- C:\Windows\system32\wfp
2012-12-06 11:41:55 ----D---- C:\Windows\system32\wbem
2012-12-06 11:41:21 ----D---- C:\Windows\system32\DriverStore
2012-12-06 11:41:20 ----D---- C:\Windows\AppCompat
2012-12-06 11:41:20 ----D---- C:\ProgramData\Lenovo
2012-12-06 11:41:18 ----D---- C:\Windows\registration
2012-12-05 07:49:56 ----D---- C:\Windows\system32\CodeIntegrity
2012-11-28 15:58:31 ----D---- C:\ProgramData\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-11-05 438808]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 Shockprf;Shockprf; C:\Windows\System32\DRIVERS\Apsx64.sys [2011-03-30 139888]
R0 TPDIGIMN;TPDIGIMN; C:\Windows\System32\DRIVERS\ApsHM64.sys [2011-03-30 23664]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2012-10-30 21136]
R1 aswRdr;aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [2012-10-15 54072]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2012-10-30 984144]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2012-10-30 370288]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2012-10-30 59728]
R1 lenovo.smi;Lenovo System Interface Driver; C:\Windows\system32\DRIVERS\smiifx64.sys [2010-09-07 15472]
R1 PHCORE;PHCORE; \??\C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS [2011-07-09 32104]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R1 TPPWRIF;TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [2011-08-31 14960]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2012-10-30 25232]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
R2 risdxc;risdxc; C:\Windows\system32\DRIVERS\risdxc64.sys [2011-05-26 101888]
R2 smihlp;SMI Helper Driver (smihlp); \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 13840]
R3 5U877;USB Video Device; C:\Windows\system32\DRIVERS\5U877.sys [2011-03-05 166016]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-05-11 9319424]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-05-11 304128]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT64.sys [2011-03-24 1576064]
R3 IBMPMDRV;IBMPMDRV; C:\Windows\system32\DRIVERS\ibmpmdrv.sys [2011-08-11 39024]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
R3 intelkmd;intelkmd; C:\Windows\system32\DRIVERS\igdpmd64.sys [2011-08-09 12289472]
R3 iwdbus;IWD Bus Enumerator; C:\Windows\system32\DRIVERS\iwdbus.sys [2011-06-22 25496]
R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\Windows\system32\DRIVERS\NETwNs64.sys [2011-08-04 8604672]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\Windows\system32\DRIVERS\psadd.sys [2011-11-23 40248]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-12-28 412776]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2011-05-19 1442352]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2011-11-23 552960]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-11-23 80384]
S3 BTWAMPFL;btwampfl; C:\Windows\system32\DRIVERS\btwampfl.sys [2011-04-27 436776]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2011-04-27 150568]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\DRIVERS\btwavdt.sys [2011-04-27 164392]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2011-04-27 39976]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2011-04-27 21544]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 intaud_WaveExtensible;Intel WiDi Audio Device; C:\Windows\system32\drivers\intelaud.sys [2011-06-22 34200]
S3 PCDSRVC{127174DC-C366ED8B-06020200}_0;PCDSRVC{127174DC-C366ED8B-06020200}_0 - PCDR Kernel Mode Service Helper Driver; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [2011-06-27 25584]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2009-07-14 38400]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-05-11 203264]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-10-30 44808]
R2 btwdins;Bluetooth Service; C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe [2011-04-28 968480]
R2 CxAudMsg;@C:\Windows\system32\CxAudMsg64.exe,-100; C:\Windows\system32\CxAudMsg64.exe [2010-12-16 198784]
R2 IBMPMSVC;ThinkPad PM Service; C:\Windows\system32\ibmpmsvc.exe [2011-08-11 45928]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute; C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe [2011-05-31 41320]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction; C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-05-31 59240]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2011-02-22 326168]
R2 PCSUService;PC Speed Up Service; C:\Program Files (x86)\Zrychleni Pocitace\PCSUService.exe [2012-11-07 312176]
R2 PSI_SVC_2;Protexis Licensing V2; C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [2010-03-11 193824]
R2 SAService;Conexant SmartAudio service; C:\Windows\system32\SAsrv.exe []
R2 TPHKLOAD;Lenovo Hotkey Client Loader; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256]
R2 TPHKSVC;On Screen Display; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2008-01-10 61440]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]
R2 VIPAppService;VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2012-02-13 84080]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-23 136176]
S2 HyperW7Svc;HyperW7 Service; C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe [2011-07-09 144232]
S2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2011-07-28 844560]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
S2 SUService;System Update; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [2011-07-26 28672]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-14 250808]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-19 44376]
S3 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2011-07-28 1517328]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-23 136176]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-31 194032]
S3 jhi_service;Intel(R) Identity Protection Technology Host Interface Service; C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-11-29 115168]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-28 340240]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Power Manager DBC Service;Power Manager DBC Service; C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-08-31 87400]
S3 PwmEWSvc;Cisco EnergyWise Enabler; C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2011-08-31 173416]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\Windows\System32\TPHDEXLG64.exe [2011-03-30 47728]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-01-01 1255736]
S4 avast! Firewall;avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe []
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

#12 Příspěvek od **Márty84** » 23 pro 2012 22:00

Odinstalujte Zrychleni Pocitace. Dokaze to nadelat vic skody nez uzitku.

Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte na plochu.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s

Kliknete na Prohledat
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).

tomasr · #13 Příspěvek od **tomasr** » 24 pro 2012 00:26

Žádnej report to nevytvoří. Hodí to hlášku a pak už to nepokračuje: Cannot create file c:\Users\Rychetský\Desktop\cmd.bat

#14 Příspěvek od **Márty84** » 24 pro 2012 00:29

Tuhle chybu OTL obcas udela

Spustte ho znovu, ale s timto upravenym skriptem.

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

*crack* /s
*keygen* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s

tomasr · #15 Příspěvek od **tomasr** » 24 pro 2012 08:50

Už to šlo:).

OTL logfile created on: 24.12.2012 8:23:44 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rychetský\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,91 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 60,25% Memory free
7,82 Gb Paging File | 6,02 Gb Available in Paging File | 76,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 227,84 Gb Total Space | 179,00 Gb Free Space | 78,56% Space Free | Partition Type: NTFS
Drive E: | 224,74 Gb Total Space | 218,28 Gb Free Space | 97,13% Space Free | Partition Type: NTFS
Drive Q: | 11,72 Gb Total Space | 0,85 Gb Free Space | 7,28% Space Free | Partition Type: NTFS

Computer Name: RYCHETSKY-THINK | User Name: Rychetský | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.12.23 22:09:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rychetský\Desktop\OTL.exe
PRC - [2012.11.12 11:05:50 | 000,455,736 | ---- | M] () -- C:\Users\Rychetský\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.02.13 01:25:20 | 000,084,080 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
PRC - [2011.08.31 19:03:00 | 000,062,824 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
PRC - [2011.08.11 11:04:16 | 000,328,552 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2011.07.26 08:18:46 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe
PRC - [2011.07.12 08:53:26 | 000,101,736 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe
PRC - [2011.07.12 08:53:20 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2011.06.10 14:28:14 | 000,824,632 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\Client Security Solution\password_manager.exe
PRC - [2011.05.31 19:48:36 | 000,059,240 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
PRC - [2011.05.31 19:48:34 | 000,040,808 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
PRC - [2011.05.31 19:48:18 | 000,041,320 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe
PRC - [2011.02.24 09:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2011.02.22 04:19:12 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.02.22 04:19:08 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011.01.07 04:28:42 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\SysWOW64\SASrv.exe
PRC - [2010.03.11 23:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009.05.28 07:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
PRC - [2008.01.10 12:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

========== Modules (No Company Name) ==========

MOD - [2012.11.12 11:05:50 | 000,455,736 | ---- | M] () -- C:\Users\Rychetský\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
MOD - [2012.11.12 11:04:36 | 000,890,936 | ---- | M] () -- C:\Users\Rychetský\AppData\Roaming\Seznam.cz\bin\lightspeed.dll
MOD - [2012.09.13 14:45:58 | 000,058,424 | ---- | M] () -- C:\Users\Rychetský\AppData\Roaming\Seznam.cz\bin\libfoxloader.dll
MOD - [2009.05.28 07:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe

========== Services (SafeList) ==========

SRV:64bit: - File not found [Disabled | Unknown] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012.07.11 19:54:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2011.08.11 03:20:42 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2011.07.28 06:04:48 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011.07.28 05:48:34 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011.07.28 05:44:18 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011.07.12 08:54:00 | 000,133,992 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV:64bit: - [2011.07.12 08:53:42 | 000,145,256 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV:64bit: - [2011.07.12 08:53:26 | 000,101,736 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV:64bit: - [2011.07.12 08:53:20 | 000,142,696 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV:64bit: - [2011.07.09 02:53:20 | 000,144,232 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe -- (HyperW7Svc)
SRV:64bit: - [2011.05.31 19:48:36 | 000,059,240 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV:64bit: - [2011.05.31 19:48:18 | 000,041,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV:64bit: - [2011.05.11 14:53:46 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011.04.28 08:41:18 | 000,968,480 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2011.03.30 04:15:36 | 000,047,728 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV:64bit: - [2010.12.16 23:18:08 | 000,198,784 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg)
SRV:64bit: - [2010.09.23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.12.14 16:16:25 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.11.29 09:26:17 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.02.13 01:25:20 | 000,084,080 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe -- (VIPAppService)
SRV - [2011.08.31 19:03:00 | 000,173,416 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe -- (PwmEWSvc)
SRV - [2011.08.31 19:03:00 | 000,087,400 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2011.07.26 08:18:46 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2011.02.24 09:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2011.02.22 04:19:12 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011.02.22 04:19:08 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011.01.07 04:28:42 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\SASrv.exe -- (SAService)
SRV - [2010.03.18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.11 23:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.01.10 12:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.10.30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012.10.30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012.10.30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012.10.30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012.10.30 23:51:55 | 000,021,136 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2012.10.30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012.10.15 17:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.11.23 16:28:11 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2011.11.23 15:52:37 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.11.23 15:52:37 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.08.31 19:03:00 | 000,014,960 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2011.08.11 03:20:42 | 000,039,024 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2011.08.09 00:32:02 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2011.08.04 02:28:32 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011.07.22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011.07.12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011.07.09 02:53:24 | 000,032,104 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys -- (PHCORE)
DRV:64bit: - [2011.06.27 16:06:54 | 000,025,584 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor\pcdsrvc_x64.pkms -- (PCDSRVC{127174DC-C366ED8B-06020200}_0)
DRV:64bit: - [2011.06.22 00:19:14 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011.06.22 00:19:12 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011.05.26 02:23:00 | 000,101,888 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdxc64.sys -- (risdxc)
DRV:64bit: - [2011.05.19 13:06:46 | 001,442,352 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.05.11 18:16:38 | 009,319,424 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.05.11 14:16:54 | 000,304,128 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.04.27 16:50:38 | 000,436,776 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2011.04.27 16:50:32 | 000,164,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011.04.27 16:50:32 | 000,150,568 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2011.04.27 16:50:32 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2011.04.27 16:50:32 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2011.03.30 04:13:40 | 000,139,888 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2011.03.30 04:11:48 | 000,023,664 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2011.03.24 07:36:20 | 001,576,064 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011.03.05 03:18:42 | 000,166,016 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877)
DRV:64bit: - [2010.12.28 19:45:54 | 000,412,776 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.05 15:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.10.19 08:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.10.14 17:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.09.07 06:09:36 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.13 22:47:34 | 000,013,840 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchT ... urceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.myplaycity.com/
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{5B8C614A-1C81-C508-7CB4-51FFA468AC18}: "URL" = http://www.google.com/search?q={searchT ... urceid=ie7
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://start.funmoods.com/results.php?f ... 1560511177

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-4038708335-2182828578-3519129814-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.myplaycity.com/
IE - HKU\S-1-5-21-4038708335-2182828578-3519129814-1001\..\SearchScopes,Backup.Old.DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-4038708335-2182828578-3519129814-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-4038708335-2182828578-3519129814-1001\..\SearchScopes\{2FC0EAC9-9E95-4F7F-9014-DBFA0CC3D401}: "URL" = http://encyklopedie.seznam.cz/search?q= ... arch_14875
IE - HKU\S-1-5-21-4038708335-2182828578-3519129814-1001\..\SearchScopes\{31C03895-73EC-48C9-AD93-24ED955A9956}: "URL" = http://search.seznam.cz/?q={searchTerms ... arch_14875
IE - HKU\S-1-5-21-4038708335-2182828578-3519129814-1001\..\SearchScopes\{4ABA807A-A619-42B9-8337-ADE4CB5B7FA6}: "URL" = http://slovnik.seznam.cz/?q={searchTerm ... arch_14875
IE - HKU\S-1-5-21-4038708335-2182828578-3519129814-1001\..\SearchScopes\{5B8C614A-1C81-C508-7CB4-51FFA468AC18}: "URL" = http://www.google.com/search?q={searchT ... urceid=ie7
IE - HKU\S-1-5-21-4038708335-2182828578-3519129814-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?sourceid=i ... CZ464CZ465
IE - HKU\S-1-5-21-4038708335-2182828578-3519129814-1001\..\SearchScopes\{86BE892F-78E6-4F60-9DD7-FCD6D09B6586}: "URL" = http://www.zbozi.cz/?q={searchTerms}&r= ... arch_14875
IE - HKU\S-1-5-21-4038708335-2182828578-3519129814-1001\..\SearchScopes\{9A33C4AC-D6D5-4064-BF9A-9F7D3E2B122C}: "URL" = http://www.mapy.cz/?query={searchTerms} ... arch_14875
IE - HKU\S-1-5-21-4038708335-2182828578-3519129814-1001\..\SearchScopes\{DF172A12-5B28-4F97-B848-0779B4351C5D}: "URL" = http://slovnik.seznam.cz/?q={searchTerm ... arch_14875
IE - HKU\S-1-5-21-4038708335-2182828578-3519129814-1001\..\SearchScopes\{EBAD98B6-BAA9-471A-A6F6-ED51DF7984EC}: "URL" = http://www.firmy.cz/phr/{searchTerms}?s ... arch_14875
IE - HKU\S-1-5-21-4038708335-2182828578-3519129814-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.cz"
FF - prefs.js..extensions.enabledAddons: %7Bea614400-e918-4741-9a97-7a972ff7c30b%7D:2.5.9
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.11.04 15:11:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\VIP1X@verisign.com: C:\Program Files (x86)\Symantec\VIP Access Client\ [2012.12.06 11:41:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.10 11:03:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F74D5734-46F5-4B16-96F0-1E7FBF41B750}: C:\Program Files (x86)\Lenovo\Client Security Solution\PWM Firefox Extension\2.0b12 [2011.12.31 21:28:02 | 000,000,000 | ---D | M]

[2012.12.13 08:23:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rychetský\AppData\Roaming\Mozilla\Extensions
[2012.12.13 08:24:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rychetský\AppData\Roaming\Mozilla\Firefox\Profiles\p706qtfs.default\extensions
[2012.12.10 11:05:37 | 000,000,000 | ---D | M] (Seznam liĹˇtiÄŤka) -- C:\Users\Rychetský\AppData\Roaming\Mozilla\Firefox\Profiles\p706qtfs.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
[2012.10.25 07:34:54 | 000,001,999 | ---- | M] () -- C:\Users\Rychetský\AppData\Roaming\Mozilla\Firefox\Profiles\p706qtfs.default\searchplugins\myplaycity.xml
[2012.12.13 08:23:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.12.10 11:03:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2012.12.10 11:03:40 | 000,000,000 | ---D | M] (Seznam liĹˇtiÄŤka) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
File not found (No name found) -- C:\USERS\RYCHETSKĂ˝\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P706QTFS.DEFAULT\EXTENSIONS\{EA614400-E918-4741-9A97-7A972FF7C30B}
[2012.11.29 09:26:57 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.11.29 12:32:34 | 000,002,208 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\heureka-cz.xml
[2012.11.29 12:32:34 | 000,000,638 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\jyxo-cz.xml
[2012.11.29 12:32:34 | 000,001,367 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\seznam-cz.xml
[2012.11.29 12:32:34 | 000,000,654 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\slunecnice-cz.xml
[2012.11.29 12:32:35 | 000,001,179 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-cz.xml

========== Chrome ==========

CHR - homepage: http://www.searchnu.com/406
CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.searchnu.com/406
CHR - Extension: No name found = C:\Users\Rychetský\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\
CHR - Extension: No name found = C:\Users\Rychetský\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: No name found = C:\Users\Rychetský\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\
CHR - Extension: No name found = C:\Users\Rychetský\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\

O1 HOSTS File: ([2012.12.23 15:19:36 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-4038708335-2182828578-3519129814-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.)
O4 - HKLM..\Run: [seznam-listicka-distribuce] C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-4038708335-2182828578-3519129814-1001..\Run: [cz.seznam.software.autoupdate] C:\Users\Rychetský\AppData\Roaming\Seznam.cz\szninstall.exe ()
O4 - HKU\S-1-5-21-4038708335-2182828578-3519129814-1001..\Run: [cz.seznam.software.szndesktop] C:\Users\Rychetský\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4038708335-2182828578-3519129814-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4038708335-2182828578-3519129814-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-4038708335-2182828578-3519129814-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-4038708335-2182828578-3519129814-1001\..Trusted Domains: localhost ([]http in Internet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CE-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{72AA96F8-1FE1-41F5-A331-19BB2B421F07}: DhcpNameServer = 10.0.0.138
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.dvacm - C:\Program Files (x86)\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2012.12.23 22:11:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Rychetský\Desktop\OTL.exe
[2012.12.23 21:32:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro
[2012.12.23 20:22:52 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2012.12.23 20:22:52 | 000,000,000 | ---D | C] -- C:\rsit
[2012.12.23 17:17:10 | 000,000,000 | ---D | C] -- C:\Users\Rychetský\AppData\Roaming\Malwarebytes
[2012.12.23 17:17:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.23 17:16:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.23 17:16:58 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.12.23 17:16:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.12.23 15:32:46 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.12.23 15:19:39 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012.12.22 03:00:32 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.22 03:00:32 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012.12.22 03:00:32 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.12.22 03:00:32 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012.12.21 22:14:44 | 005,012,898 | R--- | C] (Swearware) -- C:\ComboFix.exe
[2012.12.21 19:02:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.12.21 19:02:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.12.21 19:02:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.12.21 19:02:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.12.21 19:01:48 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.12.21 17:18:21 | 000,000,000 | ---D | C] -- C:\Users\Rychetský\AppData\Roaming\SUPERAntiSpyware.com
[2012.12.21 17:17:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.12.21 17:17:07 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.12.21 17:17:07 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.12.20 14:36:21 | 000,000,000 | ---D | C] -- C:\Users\Rychetský\AppData\Local\{9C42CB0E-A6DE-46E3-A53E-A8816506EE26}
[2012.12.19 19:12:16 | 000,000,000 | ---D | C] -- C:\Users\Rychetský\AppData\Local\{0095E821-A6DF-4A40-823F-18AE80FE8B6E}
[2012.12.14 16:16:36 | 000,000,000 | ---D | C] -- C:\Users\Rychetský\AppData\Local\Macromedia
[2012.12.14 06:21:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPlayCity.com
[2012.12.14 06:21:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPlayCity.com
[2012.12.13 10:37:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Moorhuhn 2
[2012.12.13 08:35:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Phenomedia AG
[2012.12.13 08:35:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Moorhuhn Winter-Edition
[2012.12.13 08:34:26 | 000,000,000 | ---D | C] -- C:\Windows\_ISTMP1.DIR
[2012.12.13 08:34:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2012.12.13 06:28:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\phenomedia
[2012.12.13 06:28:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Moorhuhn Remake
[2012.12.13 06:08:56 | 000,000,000 | ---D | C] -- C:\Users\Rychetský\AppData\Local\Torch
[2012.12.12 21:46:36 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.12.12 21:46:36 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.12.12 21:46:35 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.12.12 21:46:35 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.12.12 21:46:35 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.12.12 21:46:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.12.12 21:46:35 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.12.12 21:46:35 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.12.12 21:46:34 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.12.12 21:46:34 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.12.12 21:46:33 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.12.12 21:46:33 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.12.12 21:46:32 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.12.12 21:46:31 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.12.12 21:46:31 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.12.12 05:51:33 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012.12.12 05:51:33 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012.12.12 05:51:33 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012.12.12 05:51:33 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012.12.12 05:51:32 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012.12.12 05:51:32 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012.12.12 05:51:32 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012.12.12 05:51:32 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012.12.12 05:51:32 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012.12.12 05:51:32 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012.12.12 05:51:32 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012.12.12 05:51:32 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012.12.12 05:51:32 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012.12.12 05:51:32 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012.12.12 05:51:32 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012.12.12 05:51:32 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.12 05:51:32 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.12 05:51:32 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.12 05:51:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.12 05:51:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.12 05:51:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012.12.12 05:51:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012.12.12 05:51:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.12 05:51:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.12 05:51:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.12 05:51:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.12 05:51:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.12 05:51:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012.12.12 05:51:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.12 05:51:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012.12.12 05:51:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012.12.12 05:51:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012.12.12 05:51:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.12 05:51:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012.12.12 05:51:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012.12.12 05:51:31 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012.12.12 05:51:31 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.12 05:51:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012.12.12 05:51:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.12 05:51:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.12 05:51:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012.12.12 05:51:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012.12.12 05:51:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.12 05:51:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012.12.12 05:51:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012.12.12 05:51:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012.12.12 05:51:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.12 05:51:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.12 05:51:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.12 05:51:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012.12.12 05:51:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012.12.12 05:51:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012.12.12 05:51:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012.12.12 05:51:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.12 05:51:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012.12.12 05:51:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012.12.12 05:51:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.12 05:51:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.12 05:51:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.12 05:51:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.12 05:51:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.12 05:51:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.12 05:51:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012.12.12 05:51:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012.12.12 05:51:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.12 05:51:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.12 05:51:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012.12.12 05:51:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012.12.12 05:51:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012.12.12 05:51:23 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012.12.12 05:51:23 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012.12.11 06:40:48 | 000,000,000 | ---D | C] -- C:\Users\Rychetský\Documents\DocuForReview1
[2012.12.11 06:16:29 | 000,000,000 | ---D | C] -- C:\Users\Rychetský\Documents\121116_CO2ProjectCoalBunkers
[2012.12.10 17:48:14 | 000,000,000 | ---D | C] -- C:\Users\Rychetský\AppData\Roaming\Autodesk
[2012.12.10 17:47:59 | 000,000,000 | ---D | C] -- C:\Users\Rychetský\AppData\Local\Autodesk
[2012.12.10 11:03:49 | 000,000,000 | ---D | C] -- C:\Users\Rychetský\AppData\Local\Mozilla
[2012.12.10 11:03:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.12.10 11:03:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.12.08 11:04:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.12.05 15:43:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\hpmonitor
[2012.12.05 15:43:24 | 000,000,000 | ---D | C] -- C:\Users\Rychetský\AppData\Local\{4B0B4645-1327-4907-91E0-AE6DD29DC5CE}
[2012.12.05 07:43:49 | 000,000,000 | ---D | C] -- C:\Users\Rychetský\AppData\Roaming\RegistryKeys
[2012.12.04 10:44:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Seznam.cz
[2012.12.04 10:44:18 | 000,000,000 | ---D | C] -- C:\Users\Rychetský\AppData\Roaming\Seznam.cz
[2012.11.28 15:53:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Arkanoid 3
[2012.11.28 15:43:29 | 000,000,000 | ---D | C] -- C:\Users\Rychetský\AppData\Roaming\DeepVoyage
[2012.11.28 15:26:19 | 000,000,000 | ---D | C] -- C:\ProgramData\rionix

========== Files - Modified Within 30 Days ==========

[2012.12.24 08:25:09 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012.12.24 08:17:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.24 07:55:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.24 04:30:47 | 000,031,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.24 04:30:47 | 000,031,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.24 03:21:23 | 001,577,410 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.24 03:21:23 | 000,666,656 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2012.12.24 03:21:23 | 000,652,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.24 03:21:23 | 000,140,320 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2012.12.24 03:21:23 | 000,121,292 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.24 03:17:21 | 000,337,440 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.24 03:16:39 | 3151,417,344 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.23 22:09:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rychetský\Desktop\OTL.exe
[2012.12.23 18:55:45 | 000,547,175 | ---- | M] () -- C:\Users\Rychetský\Desktop\adwcleaner.exe
[2012.12.23 15:19:36 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.12.23 15:15:22 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012.12.23 14:55:28 | 005,012,898 | R--- | M] (Swearware) -- C:\ComboFix.exe
[2012.12.22 20:40:38 | 000,002,179 | ---- | M] () -- C:\Users\Rychetský\Desktop\Action Ball 2.lnk
[2012.12.16 18:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.12.16 15:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012.12.16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012.12.14 16:16:25 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.12.14 16:16:25 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.12.13 05:38:49 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012.12.06 11:43:25 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt

========== Files Created - No Company Name ==========

[2012.12.23 22:16:28 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012.12.23 18:55:40 | 000,547,175 | ---- | C] () -- C:\Users\Rychetský\Desktop\adwcleaner.exe
[2012.12.22 20:40:38 | 000,002,179 | ---- | C] () -- C:\Users\Rychetský\Desktop\Action Ball 2.lnk
[2012.12.21 19:02:06 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.12.21 19:02:06 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.12.21 19:02:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.12.21 19:02:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.12.21 19:02:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.12.10 11:03:42 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.02.13 14:39:12 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011.11.23 16:19:29 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.11.23 16:16:31 | 000,003,914 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2011.11.23 16:15:24 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.11.23 16:15:23 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.11.23 16:15:22 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011.11.23 16:15:22 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.11.23 16:15:22 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011.11.23 16:15:22 | 000,003,914 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.11.23 16:06:25 | 001,556,632 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.11.23 15:38:52 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011.05.12 08:57:52 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll

========== ZeroAccess Check ==========

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012.12.10 17:48:14 | 000,000,000 | ---D | M] -- C:\Users\Rychetský\AppData\Roaming\Autodesk
[2012.11.28 15:46:34 | 000,000,000 | ---D | M] -- C:\Users\Rychetský\AppData\Roaming\DeepVoyage
[2012.06.29 09:25:00 | 000,000,000 | ---D | M] -- C:\Users\Rychetský\AppData\Roaming\Friday's games
[2012.06.27 09:23:06 | 000,000,000 | ---D | M] -- C:\Users\Rychetský\AppData\Roaming\FriendsGamesNetwork
[2011.12.31 18:08:55 | 000,000,000 | ---D | M] -- C:\Users\Rychetský\AppData\Roaming\Leadertech
[2011.12.31 14:03:03 | 000,000,000 | ---D | M] -- C:\Users\Rychetský\AppData\Roaming\Lenovo
[2011.12.31 18:16:41 | 000,000,000 | ---D | M] -- C:\Users\Rychetský\AppData\Roaming\PCDr
[2011.12.31 18:46:46 | 000,000,000 | ---D | M] -- C:\Users\Rychetský\AppData\Roaming\PwrMgr
[2012.12.05 07:43:49 | 000,000,000 | ---D | M] -- C:\Users\Rychetský\AppData\Roaming\RegistryKeys
[2012.12.24 08:23:17 | 000,000,000 | ---D | M] -- C:\Users\Rychetský\AppData\Roaming\Seznam.cz
[2011.12.31 18:14:36 | 000,000,000 | ---D | M] -- C:\Users\Rychetský\AppData\Roaming\Ulead Systems

========== Purity Check ==========

========== Custom Scans ==========

< >
[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 06:08:49 | 000,032,556 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.12.31 18:05:31 | 000,000,466 | ---- | C] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
[2011.12.31 18:05:31 | 000,000,528 | ---- | C] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012.06.24 08:41:47 | 000,000,914 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

< >

< MD5 for: ATAPI.SYS >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2010.11.21 04:24:27 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\SysNative\autochk.exe
[2010.11.21 04:24:27 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe
[2010.11.21 04:23:53 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SysWOW64\autochk.exe
[2010.11.21 04:23:53 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: CDROM.SYS >
[2010.11.21 04:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\drivers\cdrom.sys
[2010.11.21 04:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys
[2010.11.21 04:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2011.11.23 15:48:32 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011.11.23 15:48:32 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011.11.23 15:48:32 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.11.23 15:48:32 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.11.23 15:48:32 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.11.23 15:48:32 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.11.23 15:48:32 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: HAL.DLL >
[2010.11.21 04:24:08 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\SysNative\hal.dll
[2010.11.21 04:24:08 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_094ef8137049c196\hal.dll

< MD5 for: SCECLI.DLL >
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\erdnt\cache86\scecli.dll
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\erdnt\cache64\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< MD5 for: SVCHOST.EXE >
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012.09.29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2011.09.29 18:41:37 | 001,912,176 | ---- | M] (Microsoft Corporation) MD5=3810F06A4D74A7D62641EE73D6B3C660 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69c\tcpip.sys
[2010.11.21 04:24:08 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2012.08.22 19:06:13 | 001,901,936 | ---- | M] (Microsoft Corporation) MD5=7880A26B7D3B96FDA8EFD9F985036B1D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22097_none_117a13de9661c145\tcpip.sys
[2012.03.30 11:26:36 | 001,901,424 | ---- | M] (Microsoft Corporation) MD5=885B202006EE17AE99B9FBCEC9AF88C9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23a\tcpip.sys
[2011.11.23 15:47:26 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys
[2011.11.23 15:52:04 | 001,914,752 | ---- | M] (Microsoft Corporation) MD5=A0EB71E0DC047C7CC95CD6AB4036296E -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_11a276c29643d7ec\tcpip.sys
[2012.03.30 12:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740d\tcpip.sys
[2011.11.23 15:47:26 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=B77977AEB2FF159D01DB08A309989C5F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys
[2011.11.23 15:52:04 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=F0E98C00A09FDF791525829A1D14240F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_11327af77d12659c\tcpip.sys
[2012.08.22 19:12:50 | 001,913,200 | ---- | M] (Microsoft Corporation) MD5=F782CAD3CEDBB3F9FFE3BF2775D92DDC -- C:\Windows\erdnt\cache64\tcpip.sys
[2012.08.22 19:12:50 | 001,913,200 | ---- | M] (Microsoft Corporation) MD5=F782CAD3CEDBB3F9FFE3BF2775D92DDC -- C:\Windows\SysNative\drivers\tcpip.sys
[2012.08.22 19:12:50 | 001,913,200 | ---- | M] (Microsoft Corporation) MD5=F782CAD3CEDBB3F9FFE3BF2775D92DDC -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17939_none_113380f37d117668\tcpip.sys
[2011.09.29 17:29:28 | 001,923,952 | ---- | M] (Microsoft Corporation) MD5=FC62769E7BFF2896035AEED399108162 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f09b257d43f3eb\tcpip.sys

< MD5 for: USERINIT.EXE >
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

pokracovani reportu v dalsim prispevku ...

VIRY.CZ

Pomalé internetové spojení - pokračování

Pomalé internetové spojení - pokračování

Re: Pomalé internetové spojení - pokračování

Re: Pomalé internetové spojení - pokračování

Re: Pomalé internetové spojení - pokračování

Re: Pomalé internetové spojení - pokračování

Re: Pomalé internetové spojení - pokračování

Re: Pomalé internetové spojení - pokračování

Re: Pomalé internetové spojení - pokračování

Re: Pomalé internetové spojení - pokračování

Re: Pomalé internetové spojení - pokračování

Re: Pomalé internetové spojení - pokračování

Re: Pomalé internetové spojení - pokračování

Re: Pomalé internetové spojení - pokračování

Re: Pomalé internetové spojení - pokračování

Re: Pomalé internetové spojení - pokračování