Preventivni prohlidka

[Radek04]

Dobrý den, moc bych prosil o preventivku PC, predem dekuji

Logfile of random's system information tool 1.09 (written by random/random)
Run by Radek at 2013-03-19 12:28:28
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 11 GB (22%) free of 50 GB
Total RAM: 8190 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:28:29, on 19.3.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16470)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Microsoft Office\Office12\POWERPNT.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Radek\Downloads\RSIT.exe
C:\Program Files (x86)\trend micro\Radek.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT3220468
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: uTorrentControl_v2 - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10568 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
uTorrentControl_v2 Toolbar - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-03-07 461216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-10-30 1227736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-01-31 4528760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-03-07 170912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-10-30 1227736]
{7473b6bd-4691-4744-a82b-7854eb3d70b6} - uTorrentControl_v2 Toolbar - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-10-30 4297136]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"=C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [2012-11-24 3093624]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-01-08 18705664]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2011-01-20 1305408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.mjpg"=pvmjpg30.dll
"vidc.VP60"=C:\Windows\system32\vp6vfw.dll
"vidc.VP61"=C:\Windows\system32\vp6vfw.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-03-19 03:14:49 ----D---- C:\Program Files (x86)\Microsoft WSE
2013-03-15 02:10:24 ----A---- C:\Windows\SysWOW64\vbscript.dll
2013-03-15 02:10:24 ----A---- C:\Windows\SysWOW64\mshtmled.dll
2013-03-15 02:10:24 ----A---- C:\Windows\SysWOW64\ieui.dll
2013-03-15 02:10:23 ----A---- C:\Windows\SysWOW64\url.dll
2013-03-15 02:10:23 ----A---- C:\Windows\SysWOW64\ieUnatt.exe
2013-03-15 02:10:22 ----A---- C:\Windows\SysWOW64\urlmon.dll
2013-03-15 02:10:21 ----A---- C:\Windows\SysWOW64\wininet.dll
2013-03-15 02:10:21 ----A---- C:\Windows\SysWOW64\msfeeds.dll
2013-03-15 02:10:20 ----A---- C:\Windows\SysWOW64\jscript9.dll
2013-03-15 02:10:20 ----A---- C:\Windows\SysWOW64\jscript.dll
2013-03-15 02:10:19 ----A---- C:\Windows\SysWOW64\iertutil.dll
2013-03-15 02:10:18 ----A---- C:\Windows\SysWOW64\jsproxy.dll
2013-03-15 02:10:17 ----A---- C:\Windows\SysWOW64\mshtml.dll
2013-03-15 02:10:14 ----A---- C:\Windows\SysWOW64\ieframe.dll
2013-03-09 22:19:10 ----D---- C:\Windows\pss
2013-03-09 14:15:06 ----D---- C:\Program Files (x86)\Common Files\Macrovision Shared
2013-03-07 13:39:40 ----A---- C:\Windows\SysWOW64\javaws.exe
2013-03-07 13:39:35 ----A---- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-03-07 13:39:35 ----A---- C:\Windows\SysWOW64\javaw.exe
2013-03-07 13:39:35 ----A---- C:\Windows\SysWOW64\java.exe
2013-03-07 13:39:30 ----D---- C:\Program Files (x86)\Java
2013-03-07 02:12:35 ----A---- C:\Windows\eReg.dat
2013-03-07 01:17:48 ----D---- C:\Users\Radek\AppData\Roaming\calibre
2013-03-07 01:07:08 ----D---- C:\Program Files (x86)\Calibre2
2013-03-05 21:39:38 ----D---- C:\ProgramData\Media Center Programs
2013-03-04 16:57:02 ----D---- C:\Users\Radek\AppData\Roaming\picpick
2013-03-04 16:56:56 ----D---- C:\Program Files (x86)\PicPick
2013-02-28 23:46:52 ----A---- C:\Windows\SysWOW64\XAudio2_7.dll
2013-02-28 23:46:52 ----A---- C:\Windows\SysWOW64\XAPOFX1_5.dll
2013-02-28 23:46:51 ----A---- C:\Windows\SysWOW64\xactengine3_7.dll
2013-02-28 23:46:50 ----A---- C:\Windows\SysWOW64\D3DCompiler_43.dll
2013-02-28 23:46:49 ----A---- C:\Windows\SysWOW64\d3dx11_43.dll
2013-02-28 23:46:49 ----A---- C:\Windows\SysWOW64\d3dcsx_43.dll
2013-02-28 23:46:48 ----A---- C:\Windows\SysWOW64\d3dx10_43.dll
2013-02-28 23:46:47 ----A---- C:\Windows\SysWOW64\XAudio2_6.dll
2013-02-28 23:46:47 ----A---- C:\Windows\SysWOW64\XAPOFX1_4.dll
2013-02-28 23:46:47 ----A---- C:\Windows\SysWOW64\D3DX9_43.dll
2013-02-28 23:46:46 ----A---- C:\Windows\SysWOW64\xactengine3_6.dll
2013-02-28 23:46:45 ----A---- C:\Windows\SysWOW64\X3DAudio1_7.dll
2013-02-28 23:46:44 ----A---- C:\Windows\SysWOW64\XAudio2_5.dll
2013-02-28 23:46:43 ----A---- C:\Windows\SysWOW64\xactengine3_5.dll
2013-02-28 23:46:43 ----A---- C:\Windows\SysWOW64\D3DCompiler_42.dll
2013-02-28 23:46:42 ----A---- C:\Windows\SysWOW64\d3dcsx_42.dll
2013-02-28 23:46:41 ----A---- C:\Windows\SysWOW64\d3dx11_42.dll
2013-02-28 23:46:40 ----A---- C:\Windows\SysWOW64\D3DX9_42.dll
2013-02-28 23:46:40 ----A---- C:\Windows\SysWOW64\d3dx10_42.dll
2013-02-28 23:46:39 ----A---- C:\Windows\SysWOW64\d3dx10_41.dll
2013-02-28 23:46:39 ----A---- C:\Windows\SysWOW64\D3DCompiler_41.dll
2013-02-28 23:46:38 ----A---- C:\Windows\SysWOW64\D3DX9_41.dll
2013-02-28 23:46:37 ----A---- C:\Windows\SysWOW64\XAudio2_4.dll
2013-02-28 23:46:37 ----A---- C:\Windows\SysWOW64\XAPOFX1_3.dll
2013-02-28 23:46:36 ----A---- C:\Windows\SysWOW64\xactengine3_4.dll
2013-02-28 23:46:36 ----A---- C:\Windows\SysWOW64\X3DAudio1_6.dll
2013-02-28 23:46:35 ----A---- C:\Windows\SysWOW64\d3dx10_40.dll
2013-02-28 23:46:35 ----A---- C:\Windows\SysWOW64\D3DCompiler_40.dll
2013-02-28 23:46:34 ----A---- C:\Windows\SysWOW64\D3DX9_40.dll
2013-02-28 23:46:33 ----A---- C:\Windows\SysWOW64\XAudio2_3.dll
2013-02-28 23:46:33 ----A---- C:\Windows\SysWOW64\XAPOFX1_2.dll
2013-02-28 23:46:33 ----A---- C:\Windows\SysWOW64\xactengine3_3.dll
2013-02-28 23:46:32 ----A---- C:\Windows\SysWOW64\X3DAudio1_5.dll
2013-02-28 23:46:30 ----A---- C:\Windows\SysWOW64\xactengine3_2.dll
2013-02-28 23:45:02 ----D---- C:\Windows\SysWOW64\directx

======List of files/folders modified in the last 1 month======

2013-03-19 12:28:29 ----D---- C:\Windows\Temp
2013-03-19 12:28:29 ----D---- C:\Program Files (x86)\trend micro
2013-03-19 12:25:29 ----D---- C:\Users\Radek\AppData\Roaming\Skype
2013-03-19 12:09:02 ----SHD---- C:\System Volume Information
2013-03-19 12:03:15 ----D---- C:\ProgramData\NVIDIA
2013-03-19 03:15:26 ----D---- C:\Users\Radek\AppData\Roaming\uTorrent
2013-03-19 03:14:53 ----SHD---- C:\Windows\Installer
2013-03-19 03:14:53 ----D---- C:\Windows\SysWOW64
2013-03-19 03:14:52 ----RSD---- C:\Windows\assembly
2013-03-19 03:14:49 ----RD---- C:\Program Files (x86)
2013-03-19 03:10:53 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2013-03-19 03:08:55 ----D---- C:\Windows\Prefetch
2013-03-19 00:53:57 ----D---- C:\Users\Radek\AppData\Roaming\vlc
2013-03-18 23:42:34 ----D---- C:\ProgramData\PMB Files
2013-03-16 20:03:15 ----D---- C:\Windows\System32
2013-03-16 20:03:15 ----D---- C:\Windows\inf
2013-03-15 13:42:16 ----SD---- C:\Users\Radek\AppData\Roaming\Microsoft
2013-03-15 13:31:14 ----D---- C:\Windows\winsxs
2013-03-15 13:30:52 ----D---- C:\Windows\SysWOW64\migration
2013-03-15 13:30:52 ----D---- C:\Program Files (x86)\Internet Explorer
2013-03-14 17:48:12 ----A---- C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-03-09 22:19:10 ----D---- C:\Windows
2013-03-09 22:18:23 ----D---- C:\Users\Radek\AppData\Roaming\Adobe
2013-03-09 14:21:26 ----RD---- C:\Program Files
2013-03-09 14:20:44 ----D---- C:\Program Files (x86)\Adobe
2013-03-09 14:20:00 ----D---- C:\Program Files (x86)\Common Files\Adobe
2013-03-09 14:19:55 ----RSD---- C:\Windows\Fonts
2013-03-09 14:18:59 ----D---- C:\Windows\SysWOW64\drivers
2013-03-09 14:18:40 ----D---- C:\ProgramData\Adobe
2013-03-09 14:15:06 ----D---- C:\Program Files (x86)\Common Files
2013-03-07 13:39:31 ----A---- C:\Windows\SysWOW64\npDeployJava1.dll
2013-03-07 13:39:31 ----A---- C:\Windows\SysWOW64\deployJava1.dll
2013-03-05 21:39:38 ----HD---- C:\ProgramData

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R1 aswRdr;aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys []
R1 aswSnx;aswSnx; C:\Windows\SysWOW64\drivers\aswSnx.sys []
R1 aswSP;aswSP; C:\Windows\SysWOW64\drivers\aswSP.sys []
R1 aswTdi;avast! Network Shield Support; C:\Windows\SysWOW64\drivers\aswTdi.sys []
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys []
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys []
R2 adfs;adfs; C:\Windows\SysWOW64\drivers\adfs.sys [2008-08-14 74720]
R2 aswFsBlk;aswFsBlk; C:\Windows\SysWOW64\drivers\aswFsBlk.sys []
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys []
R2 SSPORT;SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys []
R3 MarvinBus;Pinnacle Marvin Bus 64; C:\Windows\system32\DRIVERS\MarvinBus64.sys []
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys []
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys []
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys []
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys []
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys []
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys []
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-12-18 65192]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-10-30 44808]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [2007-09-20 853288]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
R2 Skype C2C Service;Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-01-31 3289208]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-23 116648]
S2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-12-29 1260472]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-14 253656]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-03-09 1038088]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2013-03-09 655624]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-23 116648]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [2007-09-20 382248]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe []

-----------------EOF-----------------

[Mc_Murphy]

Zdravím.

Vydrž minutku, na logu se intenzivně pracuje.

[Mc_Murphy]

Pokud to jde, odinstaluj uTorrentControl_v2 Toolbar a taky Pando Media Booster (Pando Networks\Media Booster) - obojí jsou zdržovačky.
Program Skype odeber v jeho nastaveních ze spouštění při startu systému - taky zdržuje. Program spouštěj až po náběhu systému pouze v případě potřeby.


Stáhni AdwCleaner - http://general-changelog-team.fr/fr/dow ... adwcleaner

• Ulož jej nejlépe na Plochu.
• Ukonči všechny programy!!
• Spusť AdwCleaner.
• Pokud používáš operační systém Windows Vista či Windows 7, klikni na AdwCleaner pravým myšítkem a dej Run As Administrator či Spustit jako správce.
• Klikni na [Vymazat].
• Proběhne scan a pak se objeví log, který bude případně uložen na systémovém disku jako C:\AdwCleaner [S1].txt - jeho obsah mi sem vlož.

[Radek04]

PMB odinstalovany spolu s Toolbarem, zde je log

# AdwCleaner v2.115 - Log vytvooen 19/03/2013 v 13:43:40
# Aktualizováno 17/03/2013 Xplode
# Operaení systém : Windows 7 Professional Service Pack 1 (64 bits)
# Uživatel : Radek - RADEK-PC
# Spuštin systém : Normální
# Spuštino z : C:\Users\Radek\Desktop\adwcleaner.exe
# Volba [Vymazat]


***** [Služby] *****


***** [Soubory / Složky] *****

Složka Vymazáno : C:\Program Files (x86)\Conduit
Složka Vymazáno : C:\Users\Radek\AppData\Local\Conduit
Složka Vymazáno : C:\Users\Radek\AppData\LocalLow\Conduit

***** [Registry] *****

Klíe Vymazáno : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Klíe Vymazáno : HKCU\Software\AppDataLow\Software\SmartBar
Klíe Vymazáno : HKCU\Software\Conduit
Klíe Vymazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Klíe Vymazáno : HKLM\Software\Conduit
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

***** [Internetové prohlížeee] *****

-\\ Internet Explorer v9.0.8112.16470

Zaminino : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT3220468 --> hxxp://www.google.com

-\\ Google Chrome v25.0.1364.172

Soubor : C:\Users\Radek\AppData\Local\Google\Chrome\User Data\Default\Preferences

Vymazáno [l.1978] : homepage = "hxxp://search.conduit.com/?SearchSource=10&ctid=CT3220468",

-\\ Opera v12.12.1707.0

Soubor : C:\Users\Radek\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Soubor je eistý.

*************************

AdwCleaner[S1].txt - [1761 octets] - [19/03/2013 13:43:40]

########## EOF - C:\AdwCleaner[S1].txt - [1821 octets] ##########

[Mc_Murphy]

OK, takže teď stáhni RogueKiller - http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

• Ulož jej nejlépe na Plochu.
• Ukonči všechny programy!
• Spusť RogueKiller. Pokud používáš operační systém Windows Vista či Windows 7, klikni na jeho ikonu pravým myšítkem a dej Run As Administrator či Spustit jako správce.
• Počkej, než program dokončí Prescan.
• Potom klikni na tlačítko [Prohledat] a počkej, až prohlídka proběhne.
• Klikni na tlačítko [Zpráva] - otevře se log, ten mi sem vlož.
• Detailní postup včetně obrázků najdeš zde: http://forum.viry.cz/viewtopic.php?f=24&t=120452

[Radek04]

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : Radek [Práva správce]
Mód : Kontrola -- Datum : 03/19/2013 15:20:30
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 5 ¤¤¤
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> NALEZENO
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> NALEZENO
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO] ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000AAKS-00V1A0 ATA Device +++++
--- User ---
[MBR] 4ee7e0627ed060927710aa7a2a24e34b
[BSP] fc0e8caa288dd263fbf80d301bfe3eda : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 50000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 102606848 | Size: 426838 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[1]_S_03192013_02d1520.txt >>
RKreport[1]_S_03192013_02d1520.txt

[Mc_Murphy]

Takže provedeme opravy.

• Ukonči všechny programy!
• Spusť RogueKiller. Pokud používáš operační systém Windows Vista či Windows 7, klikni na jeho ikonu pravým myšítkem a dej Run As Administrator či Spustit jako správce.
• Počkej, než program dokončí Prescan.
• Zvol možnost [Prohledat] a počkej, až prohlídka proběhne.
• V záložce Registry nech všechny nálezy označeny.
• Klikni na tlačítko [Smazat] a následně na [Zpráva] - otevře se log, ten mi sem vlož.

A vlož mi sem prosím také nový aktuální log ze RSITu, ať se podívám, co se povedlo a co zatím ne.

[Radek04]

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : Radek [Práva správce]
Mód : Odebrat -- Datum : 03/19/2013 16:53:07
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 5 ¤¤¤
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> NAHRAZENO (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> NAHRAZENO (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NAHRAZENO (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NAHRAZENO (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRAZENO (0)

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO] ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000AAKS-00V1A0 ATA Device +++++
--- User ---
[MBR] 4ee7e0627ed060927710aa7a2a24e34b
[BSP] fc0e8caa288dd263fbf80d301bfe3eda : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 50000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 102606848 | Size: 426838 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[2]_D_03192013_02d1653.txt >>
RKreport[1]_S_03192013_02d1520.txt ; RKreport[2]_D_03192013_02d1653.txt

[Mc_Murphy]

A vlož mi sem prosím také nový aktuální log ze RSITu, ať se podívám, co se povedlo a co zatím ne.

[Radek04]

Tady je

Logfile of random's system information tool 1.09 (written by random/random)
Run by Radek at 2013-03-19 17:36:29
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 12 GB (23%) free of 50 GB
Total RAM: 8190 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:36:30, on 19.3.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16470)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files (x86)\trend micro\Radek.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9664 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
"C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe"
"C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="3964.0.1842271718\2121330138" --supports-dual-gpus=false --gpu-vendor-id=0x10de --gpu-device-id=0x0611 --gpu-driver-vendor=NVIDIA --gpu-driver-version=9.18.13.1090 --ignored=" --type=renderer " /prefetch:12
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=ForceCompositingMode/thread/InfiniteCache/No/NewTabButton/default/OmniboxHQPNewScoringMax1400/Standard/OmniboxHQPOnlyCountMatchesAtWordBoundaries/Standard/OmniboxHQPReplaceHUPRearrangeNumComponents/Standard/OmniboxSearchSuggestTrialStarted2013Q1/6/OneClickSignIn/Standard/OverlappedReadImpact/OverlappedReadDisabled/Prerender/PrerenderEnabled/PrerenderLocalPredictor/Control/SideloadWipeout/Enabled/SpdyCwnd/cwnd16/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_04/UMA-Uniformity-Trial-1-Percent/group_71/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-50-Percent/default/ --renderer-print-preview --enable-threaded-compositing --channel="3964.2.697239311\1446945415" /prefetch:3
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="3964.3.15147016\2115561812" --lang=cs --ignored=" --type=renderer " /prefetch:13
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=ForceCompositingMode/thread/InfiniteCache/No/NewTabButton/default/OmniboxHQPNewScoringMax1400/Standard/OmniboxHQPOnlyCountMatchesAtWordBoundaries/Standard/OmniboxHQPReplaceHUPRearrangeNumComponents/Standard/OmniboxSearchSuggestTrialStarted2013Q1/6/OneClickSignIn/Standard/OverlappedReadImpact/OverlappedReadDisabled/Prerender/PrerenderEnabled/PrerenderLocalPredictor/Control/SideloadWipeout/Enabled/SpdyCwnd/cwnd16/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_04/UMA-Uniformity-Trial-1-Percent/group_71/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-50-Percent/default/ --extension-process --renderer-print-preview --enable-threaded-compositing --channel="3964.13.1029687593\2132664230" /prefetch:3
"C:\Users\Radek\Desktop\RogueKiller.exe"
C:\Windows\splwow64.exe 8192
"C:\Windows\system32\calc.exe"
"C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe" "C:\Users\Radek\Downloads\financni_analyza_jako_nastroj_rizeni_firmy.pdf"
"C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe" --channel=4112.1.1583428465 --type=renderer "C:\Users\Radek\Downloads\financni_analyza_jako_nastroj_rizeni_firmy.pdf"
"C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE" /n /dde
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe12_ Global\UsGthrCtrlFltPipeMssGthrPipe12 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 524 528 536 65536 532
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\Users\Radek\Downloads\RSITx64 (1).exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2012-10-30 1502288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-01-19 551840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-01-31 6304888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-01-19 209824]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-03-07 461216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-10-30 1227736]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-01-31 4528760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-03-07 170912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2012-10-30 1502288]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-10-30 1227736]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-01-08 18705664]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2011-01-20 1305408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03 946352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe [2007-09-20 202024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2011-01-20 1305408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2007-09-20 1836328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^LOLRecorder.lnk]
C:\PROGRA~2\LOLREP~1\LOLREC~1.EXE [2012-08-23 522752]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-10-30 4297136]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-03-19 13:43:40 ----A---- C:\AdwCleaner[S1].txt
2013-03-19 03:14:49 ----D---- C:\Program Files (x86)\Microsoft WSE
2013-03-15 02:10:24 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2013-03-15 02:10:24 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2013-03-15 02:10:24 ----A---- C:\Windows\SYSWOW64\ieui.dll
2013-03-15 02:10:24 ----A---- C:\Windows\system32\mshtmled.dll
2013-03-15 02:10:23 ----A---- C:\Windows\SYSWOW64\url.dll
2013-03-15 02:10:23 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2013-03-15 02:10:23 ----A---- C:\Windows\system32\url.dll
2013-03-15 02:10:23 ----A---- C:\Windows\system32\ieUnatt.exe
2013-03-15 02:10:23 ----A---- C:\Windows\system32\ieui.dll
2013-03-15 02:10:22 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2013-03-15 02:10:22 ----A---- C:\Windows\system32\urlmon.dll
2013-03-15 02:10:22 ----A---- C:\Windows\system32\jscript9.dll
2013-03-15 02:10:21 ----A---- C:\Windows\SYSWOW64\wininet.dll
2013-03-15 02:10:21 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2013-03-15 02:10:21 ----A---- C:\Windows\system32\msfeeds.dll
2013-03-15 02:10:20 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2013-03-15 02:10:20 ----A---- C:\Windows\SYSWOW64\jscript.dll
2013-03-15 02:10:20 ----A---- C:\Windows\system32\wininet.dll
2013-03-15 02:10:20 ----A---- C:\Windows\system32\jsproxy.dll
2013-03-15 02:10:19 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2013-03-15 02:10:19 ----A---- C:\Windows\system32\vbscript.dll
2013-03-15 02:10:19 ----A---- C:\Windows\system32\jscript.dll
2013-03-15 02:10:19 ----A---- C:\Windows\system32\iertutil.dll
2013-03-15 02:10:18 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2013-03-15 02:10:17 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2013-03-15 02:10:15 ----A---- C:\Windows\system32\mshtml.dll
2013-03-15 02:10:14 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2013-03-15 02:10:14 ----A---- C:\Windows\system32\ieframe.dll
2013-03-09 22:19:10 ----D---- C:\Windows\pss
2013-03-09 14:21:26 ----D---- C:\Program Files\Adobe
2013-03-09 14:15:11 ----D---- C:\Program Files\Common Files\Macrovision Shared
2013-03-07 13:39:40 ----A---- C:\Windows\SYSWOW64\javaws.exe
2013-03-07 13:39:35 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2013-03-07 13:39:35 ----A---- C:\Windows\SYSWOW64\javaw.exe
2013-03-07 13:39:35 ----A---- C:\Windows\SYSWOW64\java.exe
2013-03-07 13:39:30 ----D---- C:\Program Files (x86)\Java
2013-03-07 02:12:35 ----A---- C:\Windows\eReg.dat
2013-03-07 02:03:45 ----D---- C:\Windows\system32\appmgmt
2013-03-07 01:17:48 ----D---- C:\Users\Radek\AppData\Roaming\calibre
2013-03-07 01:07:08 ----D---- C:\Program Files (x86)\Calibre2
2013-03-05 21:39:38 ----D---- C:\ProgramData\Media Center Programs
2013-03-04 16:57:02 ----D---- C:\Users\Radek\AppData\Roaming\picpick
2013-03-04 16:56:56 ----D---- C:\Program Files (x86)\PicPick
2013-02-28 23:46:52 ----A---- C:\Windows\SYSWOW64\XAudio2_7.dll
2013-02-28 23:46:52 ----A---- C:\Windows\SYSWOW64\XAPOFX1_5.dll
2013-02-28 23:46:52 ----A---- C:\Windows\system32\XAudio2_7.dll
2013-02-28 23:46:52 ----A---- C:\Windows\system32\XAPOFX1_5.dll
2013-02-28 23:46:51 ----A---- C:\Windows\SYSWOW64\xactengine3_7.dll
2013-02-28 23:46:51 ----A---- C:\Windows\system32\xactengine3_7.dll
2013-02-28 23:46:50 ----A---- C:\Windows\SYSWOW64\D3DCompiler_43.dll
2013-02-28 23:46:50 ----A---- C:\Windows\system32\D3DCompiler_43.dll
2013-02-28 23:46:49 ----A---- C:\Windows\SYSWOW64\d3dx11_43.dll
2013-02-28 23:46:49 ----A---- C:\Windows\SYSWOW64\d3dcsx_43.dll
2013-02-28 23:46:49 ----A---- C:\Windows\system32\d3dx11_43.dll
2013-02-28 23:46:49 ----A---- C:\Windows\system32\d3dcsx_43.dll
2013-02-28 23:46:48 ----A---- C:\Windows\SYSWOW64\d3dx10_43.dll
2013-02-28 23:46:48 ----A---- C:\Windows\system32\d3dx10_43.dll
2013-02-28 23:46:47 ----A---- C:\Windows\SYSWOW64\XAudio2_6.dll
2013-02-28 23:46:47 ----A---- C:\Windows\SYSWOW64\XAPOFX1_4.dll
2013-02-28 23:46:47 ----A---- C:\Windows\SYSWOW64\D3DX9_43.dll
2013-02-28 23:46:47 ----A---- C:\Windows\system32\XAudio2_6.dll
2013-02-28 23:46:47 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2013-02-28 23:46:47 ----A---- C:\Windows\system32\D3DX9_43.dll
2013-02-28 23:46:46 ----A---- C:\Windows\SYSWOW64\xactengine3_6.dll
2013-02-28 23:46:46 ----A---- C:\Windows\system32\xactengine3_6.dll
2013-02-28 23:46:45 ----A---- C:\Windows\SYSWOW64\X3DAudio1_7.dll
2013-02-28 23:46:45 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2013-02-28 23:46:44 ----A---- C:\Windows\SYSWOW64\XAudio2_5.dll
2013-02-28 23:46:44 ----A---- C:\Windows\system32\XAudio2_5.dll
2013-02-28 23:46:43 ----A---- C:\Windows\SYSWOW64\xactengine3_5.dll
2013-02-28 23:46:43 ----A---- C:\Windows\SYSWOW64\D3DCompiler_42.dll
2013-02-28 23:46:43 ----A---- C:\Windows\system32\xactengine3_5.dll
2013-02-28 23:46:43 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2013-02-28 23:46:42 ----A---- C:\Windows\SYSWOW64\d3dcsx_42.dll
2013-02-28 23:46:42 ----A---- C:\Windows\system32\d3dcsx_42.dll
2013-02-28 23:46:41 ----A---- C:\Windows\SYSWOW64\d3dx11_42.dll
2013-02-28 23:46:41 ----A---- C:\Windows\system32\d3dx11_42.dll
2013-02-28 23:46:40 ----A---- C:\Windows\SYSWOW64\D3DX9_42.dll
2013-02-28 23:46:40 ----A---- C:\Windows\SYSWOW64\d3dx10_42.dll
2013-02-28 23:46:40 ----A---- C:\Windows\system32\D3DX9_42.dll
2013-02-28 23:46:40 ----A---- C:\Windows\system32\d3dx10_42.dll
2013-02-28 23:46:39 ----A---- C:\Windows\SYSWOW64\d3dx10_41.dll
2013-02-28 23:46:39 ----A---- C:\Windows\SYSWOW64\D3DCompiler_41.dll
2013-02-28 23:46:39 ----A---- C:\Windows\system32\d3dx10_41.dll
2013-02-28 23:46:39 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2013-02-28 23:46:38 ----A---- C:\Windows\SYSWOW64\D3DX9_41.dll
2013-02-28 23:46:38 ----A---- C:\Windows\system32\D3DX9_41.dll
2013-02-28 23:46:37 ----A---- C:\Windows\SYSWOW64\XAudio2_4.dll
2013-02-28 23:46:37 ----A---- C:\Windows\SYSWOW64\XAPOFX1_3.dll
2013-02-28 23:46:37 ----A---- C:\Windows\system32\XAudio2_4.dll
2013-02-28 23:46:37 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2013-02-28 23:46:36 ----A---- C:\Windows\SYSWOW64\xactengine3_4.dll
2013-02-28 23:46:36 ----A---- C:\Windows\SYSWOW64\X3DAudio1_6.dll
2013-02-28 23:46:36 ----A---- C:\Windows\system32\xactengine3_4.dll
2013-02-28 23:46:36 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2013-02-28 23:46:35 ----A---- C:\Windows\SYSWOW64\d3dx10_40.dll
2013-02-28 23:46:35 ----A---- C:\Windows\SYSWOW64\D3DCompiler_40.dll
2013-02-28 23:46:35 ----A---- C:\Windows\system32\d3dx10_40.dll
2013-02-28 23:46:35 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2013-02-28 23:46:34 ----A---- C:\Windows\SYSWOW64\D3DX9_40.dll
2013-02-28 23:46:34 ----A---- C:\Windows\system32\D3DX9_40.dll
2013-02-28 23:46:33 ----A---- C:\Windows\SYSWOW64\XAudio2_3.dll
2013-02-28 23:46:33 ----A---- C:\Windows\SYSWOW64\XAPOFX1_2.dll
2013-02-28 23:46:33 ----A---- C:\Windows\SYSWOW64\xactengine3_3.dll
2013-02-28 23:46:33 ----A---- C:\Windows\system32\XAudio2_3.dll
2013-02-28 23:46:33 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2013-02-28 23:46:33 ----A---- C:\Windows\system32\xactengine3_3.dll
2013-02-28 23:46:32 ----A---- C:\Windows\SYSWOW64\X3DAudio1_5.dll
2013-02-28 23:46:32 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2013-02-28 23:46:31 ----A---- C:\Windows\system32\XAudio2_2.dll
2013-02-28 23:46:31 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2013-02-28 23:46:30 ----A---- C:\Windows\SYSWOW64\xactengine3_2.dll
2013-02-28 23:46:30 ----A---- C:\Windows\system32\xactengine3_2.dll
2013-02-28 23:46:29 ----A---- C:\Windows\system32\d3dx10_39.dll
2013-02-28 23:46:29 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2013-02-28 23:46:27 ----A---- C:\Windows\system32\D3DX9_39.dll
2013-02-28 23:45:02 ----D---- C:\Windows\SYSWOW64\directx

======List of files/folders modified in the last 1 month======

2013-03-19 17:36:30 ----D---- C:\Windows\Temp
2013-03-19 17:36:30 ----D---- C:\Windows\Prefetch
2013-03-19 17:36:30 ----D---- C:\Program Files (x86)\trend micro
2013-03-19 17:26:14 ----D---- C:\Users\Radek\AppData\Roaming\Skype
2013-03-19 14:35:55 ----SHD---- C:\System Volume Information
2013-03-19 13:58:26 ----D---- C:\Windows\system32\config
2013-03-19 13:45:04 ----D---- C:\ProgramData\NVIDIA
2013-03-19 13:44:59 ----D---- C:\Program Files (x86)\Pando Networks
2013-03-19 13:43:58 ----RD---- C:\Program Files (x86)
2013-03-19 13:41:55 ----HD---- C:\ProgramData
2013-03-19 03:15:26 ----D---- C:\Users\Radek\AppData\Roaming\uTorrent
2013-03-19 03:14:53 ----SHD---- C:\Windows\Installer
2013-03-19 03:14:53 ----D---- C:\Windows\SysWOW64
2013-03-19 03:14:52 ----RSD---- C:\Windows\assembly
2013-03-19 03:10:53 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2013-03-19 00:53:57 ----D---- C:\Users\Radek\AppData\Roaming\vlc
2013-03-16 20:03:15 ----D---- C:\Windows\System32
2013-03-16 20:03:15 ----D---- C:\Windows\inf
2013-03-16 20:03:15 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-03-15 13:42:16 ----SD---- C:\Users\Radek\AppData\Roaming\Microsoft
2013-03-15 13:31:14 ----D---- C:\Windows\winsxs
2013-03-15 13:30:52 ----D---- C:\Windows\SYSWOW64\migration
2013-03-15 13:30:52 ----D---- C:\Windows\system32\migration
2013-03-15 13:30:52 ----D---- C:\Program Files (x86)\Internet Explorer
2013-03-15 13:30:51 ----D---- C:\Program Files\Internet Explorer
2013-03-15 02:11:02 ----A---- C:\Windows\system32\MRT.exe
2013-03-15 02:10:38 ----D---- C:\Windows\system32\catroot
2013-03-15 02:10:36 ----D---- C:\Windows\system32\catroot2
2013-03-14 17:48:12 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2013-03-09 22:19:10 ----D---- C:\Windows
2013-03-09 22:18:23 ----D---- C:\Users\Radek\AppData\Roaming\Adobe
2013-03-09 14:22:06 ----D---- C:\Program Files\Common Files\Adobe
2013-03-09 14:21:26 ----RD---- C:\Program Files
2013-03-09 14:20:44 ----D---- C:\Program Files (x86)\Adobe
2013-03-09 14:19:55 ----RSD---- C:\Windows\Fonts
2013-03-09 14:18:59 ----D---- C:\Windows\SYSWOW64\drivers
2013-03-09 14:18:40 ----D---- C:\ProgramData\Adobe
2013-03-09 14:17:43 ----D---- C:\Windows\system32\drivers
2013-03-09 14:15:11 ----D---- C:\Program Files\Common Files
2013-03-09 14:15:06 ----D---- C:\Program Files (x86)\Common Files
2013-03-07 13:39:31 ----A---- C:\Windows\SYSWOW64\npDeployJava1.dll
2013-03-07 13:39:31 ----A---- C:\Windows\SYSWOW64\deployJava1.dll
2013-02-25 22:04:53 ----D---- C:\Windows\system32\wdi

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 aswRdr;aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [2012-10-15 54072]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2012-10-30 984144]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2012-10-30 370288]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2012-10-30 59728]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-11-25 254528]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-06-27 88632]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2012-10-30 25232]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
R2 SSPORT;SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [2009-07-11 11576]
R3 MarvinBus;Pinnacle Marvin Bus 64; C:\Windows\system32\DRIVERS\MarvinBus64.sys [2005-09-23 261120]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2012-11-24 769168]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-12-18 65192]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-10-30 44808]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [2007-09-20 853288]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2012-12-29 884152]
R2 Skype C2C Service;Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-01-31 3289208]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-23 116648]
S2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-12-29 1260472]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-14 253656]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-03-09 1038088]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2013-03-09 655624]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-23 116648]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [2007-09-20 382248]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-11-28 1255736]

-----------------EOF-----------------

[Mc_Murphy]

Fixni v HJT níže uvedené položky.

• Fixnout znamená, že spustíš HJT, zvolíš možnost [Do a system scan only] a zaškrtneš čtvereček vlevo od mnou vypsaných položek.
• Poté klikneš na [Fix checked] a odsouhlasíš [ANO].
• Položky, které v seznamu nenajdeš, prostě přeskoč.
• HJT najdeš zde: C:\Program Files (x86)\trend micro\Radek.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - (no file)
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll


Dále stáhni utilitu OTM z jednoho z těchto odkazů:

• http://oldtimer.geekstogo.com/OTM.exe
• http://oldtimer.geekstogo.com/OTM.com
• http://oldtimer.geekstogo.com/OTM.scr

Ulož ji na Plochu a dvojklikem spusť.

Do levého okna Paste Instructions for Items to be Moved zkopíruj tento script (pouze zelená písmenka v bílém poli, včetně té dvojtečky před Commands!):

Kód: Vybrat vše

:Commands
[ClearAllRestorePoints]
[ResetHosts]
[Purity]
[EmptyTemp]
[EmptyFlash]

:Services
AdobeARMservice
AdobeFlashPlayerUpdateSvc
gupdate
gupdatem
Nero BackItUp Scheduler 3
NMIndexingService
nvUpdatusService
Skype C2C Service
SkypeUpdate

:Files
C:\Program Files (x86)\Pando Networks
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp /s
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\AdwCleaner[S1].txt

:Reg
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=-
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=-
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"=-
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
"{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=-
"DAEMON Tools Lite"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^LOLRecorder.lnk]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"=-
"SunJavaUpdateSched"=-

Nyní klikni na tlačítko [MoveIt!], čímž vše spustíš.
Po restartu mi sem hoď log, který najdeš v C:\_OTM\MovedFiles\

[Radek04]

HJT kricelo ze neco nejde fixnout...fixnul jsem co slo...neco ale pretrvavalo

All processes killed
========== COMMANDS ==========

Restore point Set: OTM Restore Point
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Radek
->Temp folder emptied: 852606801 bytes
->Temporary Internet Files folder emptied: 96537566 bytes
->Java cache emptied: 1820813 bytes
->Google Chrome cache emptied: 253784662 bytes
->Opera cache emptied: 61344253 bytes
->Flash cache emptied: 24049 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 18928850 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36099040 bytes
RecycleBin emptied: 935175 bytes

Total Files Cleaned = 1 261,00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Radek
->Flash cache emptied: 0 bytes

User: UpdatusUser

Total Flash Files Cleaned = 0,00 mb

========== SERVICES/DRIVERS ==========
Service AdobeARMservice stopped successfully!
Service AdobeARMservice deleted successfully!
Service AdobeFlashPlayerUpdateSvc stopped successfully!
Service AdobeFlashPlayerUpdateSvc deleted successfully!
Service gupdate stopped successfully!
Service gupdate deleted successfully!
Service gupdatem stopped successfully!
Service gupdatem deleted successfully!
Service Nero BackItUp Scheduler 3 stopped successfully!
Service Nero BackItUp Scheduler 3 deleted successfully!
Service NMIndexingService stopped successfully!
Service NMIndexingService deleted successfully!
Service nvUpdatusService stopped successfully!
Service nvUpdatusService deleted successfully!
Service Skype C2C Service stopped successfully!
Service Skype C2C Service deleted successfully!
Service SkypeUpdate stopped successfully!
Service SkypeUpdate deleted successfully!
========== FILES ==========
C:\Program Files (x86)\Pando Networks folder moved successfully.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP52D1.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6A47.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP8C0A.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPD0F5.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPFFE1.tmp folder moved successfully.
C:\Windows\tasks\Adobe Flash Player Updater.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\AdwCleaner[S1].txt moved successfully.
========== REGISTRY ==========
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\Sidebar deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\Sidebar deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar\\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Skype deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^LOLRecorder.lnk\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\GrooveMonitor deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.

OTM by OldTimer - Version 3.1.21.0 log created on 03192013_192512

Files moved on Reboot...
C:\Users\Radek\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

[Mc_Murphy]

V pohodě, to se občas stane, jsou to jen kosmetické úpravy, nic důležitého.
Takže OTM provedlo, co mělo a kromě jiného smazalo téměř 1,3 GB bordýlku.
Uklidím po sobě a máme hotovo.


T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

• Stáhni a spusť.
• Pro potvrzení volby mačkej A, Enter.
• Po použití utilitu smaž ručně.
• Antiviry mohou tuto utilitu chybně označit jako vir - jedná se o falešný poplach - takže v pohodě stáhni (případně vypni při stahování antivir)!

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stáhni a spusť.
• Klikni na CleanUp a potvrď YES.
• Program uklidí a může (nemusí) restartovat PC.

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stáhni a spusť.
• Klikni na Start a potvrď OK.
• Program uklidí a může (nemusí) restartovat PC.
• Po použití utilitu smaž ručně.

Pokud nemáš, stáhni CCleaner z tohoto odkazu.

• Panel čistič
• Vše nech jak je, jen dej Analyzovat a poté Spustit CCleaner.

• Panel registry
• Klikni na Hledej problémy.
• Následně na Opravit problémy - zálohu registrů doporučuji udělat, oprav všechny problémy.
• Postup opakuj, dokud nebude bez problémů - většinou cca 3x.

• Panel nástroje
• Zde můžeš odinstalovat nepotřebné programy.

CCleaner doporučuji používat cca jednou za týden.

... a pokud nejsou žádné dotazy, bylo by to z mé strany vše.

[Mc_Murphy]

Zde se nic neděje, žádné děkuji nebo tak, takže lock.