VIRY.CZ

Logfile of random's system information tool 1.09 (written by random/random)
Run by Tomáš at 2013-04-10 14:44:59
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 199 GB (40%) free of 500 GB
Total RAM: 3963 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:45:14, on 10.4.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16521)
Boot mode: Normal

Running processes:
C:\Windows\vsnp2uvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Windows\MHotKey.exe
C:\Windows\ChiFuncExt.exe
C:\Windows\tsnp2uvc.exe
C:\Program Files (x86)\MSI\MSI Q-Face\WebTest.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\DynamicUSBTool\DynamicUSB.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\ProgramData\File Bulldog Anti-phishing Domain Advisor\filebulldog_antiphishing.exe
C:\Program Files (x86)\Citrix\ICA Client\WFCRUN32.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\Program Files\trend micro\Tomáš.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.filebulldog.com/vmn/6A920 ... 51629E2BC1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: CrossriderApp0004639 - {11111111-1111-1111-1111-110011461139} - C:\Program Files (x86)\SavingsApp\SavingsApp.dll
O2 - BHO: File Bulldog Toolbar - {1393c215-0520-410e-ab29-3badab478ec4} - C:\Program Files (x86)\filebulldogtb\filebulldogDx.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Users\Tomáš\AppData\Local\Seznam.cz\listicka.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll
O3 - Toolbar: MyPlayCity Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: File Bulldog Toolbar - {1393c215-0520-410e-ab29-3badab478ec4} - C:\Program Files (x86)\filebulldogtb\filebulldogDx.dll
O4 - HKLM\..\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files (x86)\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [LchDrvKey] LchDrvKey.exe
O4 - HKLM\..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe
O4 - HKLM\..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe
O4 - HKLM\..\Run: [Q-Face agent] C:\Program Files (x86)\MSI\MSI Q-Face\webtest.exe
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [DynamicUSB] "C:\Program Files (x86)\DynamicUSBTool\DynamicUSB.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [File Bulldog Anti-phishing Domain Advisor] "C:\ProgramData\File Bulldog Anti-phishing Domain Advisor\filebulldog_antiphishing.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: ASDR - Unknown owner - C:\Windows\SysWOW64\ASDR.exe
O23 - Service: ATK Fast User Switch Service (ATKFUSService) - Unknown owner - C:\Windows\system32\ATKFUSService.exe (file missing)
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater14.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 16317 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe /boot
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe /pipeName=0e0f2032-1115-4a31-97b1-105b8a3cdb33 /coreSdkOptions=4382 /logConfFile="C:\Windows\system32\config\systemprofile\AppData\Local\Avg2013\temp\f6203a5d-e05e-4340-b8c0-212076ff3c3c-1a0-oopp.tmp" /loggerName=AVG.RS.Core /binaryPath="C:\Program Files (x86)\AVG\AVG2013\" /registryPath="SYSTEM\CurrentControlSet\Services\Avg\Avg2013" /tempPath="C:\Windows\system32\config\systemprofile\AppData\Local\Avg2013\temp\"
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ATKFUSService.exe
C:\Windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
atieclxx
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\SysWOW64\ASDR.exe
"C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe"
"C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe"
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe"
"C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe"
"C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe"
C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe /HTC:296
"c:\Program Files\Microsoft Security Client\NisSrv.exe"
C:\Windows\Explorer.EXE
"taskhost.exe"
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-e8572cf0-4c24-4701-8193-917c1f77757e -SystemEventPortName:HostProcess-f9e33adb-42a4-4817-9d62-8608d64f09d9 -IoCancelEventPortName:HostProcess-eb2b3164-d17e-489f-a138-a7eac865a6ca -NonStateChangingEventPortName:HostProcess-1bdf67e3-1cac-4d25-9e55-aa5ceb6145f3 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:627061d9-ab98-4741-8040-797b5ce51abe -DeviceGroupId:WpdFsGroup
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Windows\vsnp2uvc.exe"
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe"
"C:\Program Files\ASUS\GamerOSD\ATKFastUserSwitching.exe"
"C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
"C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
"C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
taskeng.exe {14C33240-2129-407F-B2F0-559F37726A28}
C:\Windows\MHotKey.exe
C:\Windows\ChiFuncExt.exe
"C:\Windows\tsnp2uvc.exe"
"C:\Program Files (x86)\MSI\MSI Q-Face\WebTest.exe"
"C:\Program Files (x86)\AVG Secure Search\vprot.exe"
"C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
"C:\Program Files (x86)\DynamicUSBTool\DynamicUSB.exe"
"C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\ProgramData\File Bulldog Anti-phishing Domain Advisor\filebulldog_antiphishing.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Citrix\ICA Client\WFCRUN32.EXE" /HTC:296 -Embedding
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
C:\Windows\system32\svchost.exe -k SDRSVC
"taskhost.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Skype\Phone\Skype.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=9020.16b27f00.284922678 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll" E7CF176E110C211B -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" 9020 "\\.\pipe\gecko-crash-server-pipe.9020" plugin
"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe" --proxy-stub-channel=Flash5440.651D63D8.12309 --host-broker-channel=Flash5440.651D63D8.15436 --host-pid=5440 --host-npapi-version=27 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll"
"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe" --channel=8164.0039F2B4.1692805660 --proxy-stub-channel=Flash5440.651D63D8.12309 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll" --host-npapi-version=27 --type=renderer
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
taskeng.exe {D70CE4B0-B437-44DA-BEFE-6FA15C0730E4}
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL /chkupd
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe66_ Global\UsGthrCtrlFltPipeMssGthrPipe66 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 520 524 532 65536 528
"C:\Users\Tomáš\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Tomáš\AppData\Roaming\Mozilla\Firefox\Profiles\txcdlzvo.default-1357305419362

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "seznam"
prefs.js - "keyword.URL" - "http://search.seznam.cz/?sourceid=undefined&q="

"{FFB96CC1-7EB3-449D-B827-DB661701C6BB}"=C:\Program Files\CheckPoint\ZAForceField\TrustChecker

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.6.602.180 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@checkpoint.com/FFApi]
"Description"=ZoneAlarm Toolbar Api
"Path"=C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.17.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\SysWOW64\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@zylom.com/ZylomGamesPlayer]
"Description"=Zylom Games Player 1.00
"Path"=C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.6.602.180 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.7.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
IICAClient.xpt
nsIZylomPlugin.xpt

C:\Program Files (x86)\Mozilla Firefox\plugins\
CCMSDK.dll
CgpCore.dll
confmgr.dll
ctxlogging.dll
ctxmui.dll
ICAClObj.class
icafile.dll
icalogon.dll
np-mswmp.dll
npicaN.dll
NPOFFICE.DLL
nppdf32.dll
npzylomgamesplayer.dll
sslsdk_b.dll
TcpPServ.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
avg-secure-search.xml
filebulldogtb.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\Tomáš\AppData\Roaming\Mozilla\Firefox\Profiles\txcdlzvo.default-1357305419362\extensions\
{2dc0b034-a3c8-4bc9-af1a-0f04b8a69e0c}
{ea614400-e918-4741-9a97-7a972ff7c30b}

C:\Users\Tomáš\AppData\Roaming\Mozilla\Firefox\Profiles\txcdlzvo.default-1357305419362\searchplugins\
firmycz.xml
mapycz.xml
zbocz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011461139}]
SavingsApp - C:\Program Files (x86)\SavingsApp\SavingsApp.dll [2012-05-31 493440]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1393c215-0520-410e-ab29-3badab478ec4}]
File Bulldog Toolbar - C:\Program Files (x86)\filebulldogtb\filebulldogDx.dll [2013-02-12 87616]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18 66280]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~2\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-04-03 461216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
AVG Security Toolbar - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll [2013-02-18 1929392]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
MyPlayCity Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2011-05-17 1490312]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-04-03 170912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}]
Lištička - C:\Users\Tomáš\AppData\Local\Seznam.cz\listicka.dll [2009-11-02 1411736]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
{95B7759C-8C7F-4BF1-B163-73684A933233} - AVG Security Toolbar - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll [2013-02-18 1929392]
{D4027C7F-154A-4066-A1AD-4243D8127440} - MyPlayCity Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2011-05-17 1490312]
{1393c215-0520-410e-ab29-3badab478ec4} - File Bulldog Toolbar - C:\Program Files (x86)\filebulldogtb\filebulldogDx.dll [2013-02-12 87616]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2009-11-03 8317472]
"snp2uvc"=C:\Windows\vsnp2uvc.exe [2008-09-10 569344]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2013-01-27 1281512]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-03-14 3672640]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"BCU"=C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe [2009-08-04 346320]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-06-14 98304]
"ASUSGamerOSD"=C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe [2009-07-30 380928]
"UpdateLBPShortCut"=C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [2009-05-19 222504]
"CLMLServer"=C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2009-06-03 103720]
"UpdateP2GoShortCut"=C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2009-05-19 222504]
"RemoteControl8"=C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [2009-04-16 91432]
"PDVD8LanguageShortcut"=C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [2009-04-16 50472]
"UpdatePPShortCut"=C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [2009-05-19 222504]
"UCam_Menu"=C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2009-02-17 218408]
"LGODDFU"=C:\Program Files (x86)\lg_fwupdate\fwupdate.exe [2010-02-07 557056]
"UpdatePSTShortCut"=C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [2009-09-29 210216]
"LchDrvKey"=C:\Windows\LchDrvKey.exe [2007-03-28 36864]
"snp2uvc"=C:\Windows\vsnp2uvc.exe [2008-09-10 569344]
"tsnp2uvc"=C:\Windows\tsnp2uvc.exe [2009-03-16 241664]
"Q-Face agent"=C:\Program Files (x86)\MSI\MSI Q-Face\webtest.exe [2008-12-15 20792]
"vProt"=C:\Program Files (x86)\AVG Secure Search\vprot.exe [2013-02-18 1151152]
"ConnectionCenter"=C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [2011-08-11 358336]
"DynamicUSB"=C:\Program Files (x86)\DynamicUSBTool\DynamicUSB.exe [2007-03-02 94208]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03 946352]
""= []
"ApnUpdater"=C:\Program Files (x86)\Ask.com\Updater\Updater.exe [2011-05-17 395144]
"AVG_UI"=C:\Program Files (x86)\AVG\AVG2013\avgui.exe [2012-12-11 3147384]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]
"File Bulldog Anti-phishing Domain Advisor"=C:\ProgramData\File Bulldog Anti-phishing Domain Advisor\filebulldog_antiphishing.exe [2013-02-11 223808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux6"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-04-10 14:44:59 ----D---- C:\rsit
2013-04-10 14:44:59 ----D---- C:\Program Files\trend micro
2013-04-09 11:45:00 ----D---- C:\BF3
2013-04-09 11:35:55 ----D---- C:\A
2013-04-08 16:58:32 ----A---- C:\Windows\system32\drivers\dtsoftbus01.sys
2013-04-08 16:58:23 ----D---- C:\Program Files (x86)\DAEMON Tools Lite
2013-04-08 14:47:59 ----A---- C:\Windows\SYSWOW64\XAudio2_7.dll
2013-04-08 14:47:59 ----A---- C:\Windows\SYSWOW64\XAPOFX1_5.dll
2013-04-08 14:47:59 ----A---- C:\Windows\system32\XAudio2_7.dll
2013-04-08 14:47:59 ----A---- C:\Windows\system32\XAPOFX1_5.dll
2013-04-08 14:47:58 ----A---- C:\Windows\SYSWOW64\xactengine3_7.dll
2013-04-08 14:47:58 ----A---- C:\Windows\system32\xactengine3_7.dll
2013-04-08 14:47:57 ----A---- C:\Windows\SYSWOW64\D3DCompiler_43.dll
2013-04-08 14:47:57 ----A---- C:\Windows\system32\D3DCompiler_43.dll
2013-04-08 14:47:56 ----A---- C:\Windows\SYSWOW64\d3dx11_43.dll
2013-04-08 14:47:56 ----A---- C:\Windows\SYSWOW64\d3dcsx_43.dll
2013-04-08 14:47:56 ----A---- C:\Windows\system32\d3dx11_43.dll
2013-04-08 14:47:56 ----A---- C:\Windows\system32\d3dcsx_43.dll
2013-04-08 14:47:55 ----A---- C:\Windows\SYSWOW64\d3dx10_43.dll
2013-04-08 14:47:55 ----A---- C:\Windows\system32\d3dx10_43.dll
2013-04-08 14:47:54 ----A---- C:\Windows\SYSWOW64\D3DX9_43.dll
2013-04-08 14:47:54 ----A---- C:\Windows\system32\D3DX9_43.dll
2013-04-08 14:47:38 ----A---- C:\Windows\SYSWOW64\d3dx10_40.dll
2013-04-08 14:47:38 ----A---- C:\Windows\SYSWOW64\D3DCompiler_40.dll
2013-04-08 14:47:38 ----A---- C:\Windows\system32\d3dx10_40.dll
2013-04-08 14:47:38 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2013-04-08 14:47:36 ----A---- C:\Windows\SYSWOW64\D3DX9_40.dll
2013-04-08 14:47:36 ----A---- C:\Windows\system32\D3DX9_40.dll
2013-04-08 12:39:03 ----D---- C:\ProgramData\File Bulldog Anti-phishing Domain Advisor
2013-04-08 12:38:35 ----D---- C:\Program Files (x86)\filebulldogtb
2013-04-08 12:37:44 ----D---- C:\Users\Tomáš\AppData\Roaming\DAEMON Tools Lite
2013-04-08 12:34:03 ----D---- C:\ProgramData\DAEMON Tools Lite
2013-04-08 12:03:51 ----D---- C:\Program Files (x86)\EA GAMES
2013-04-07 11:55:24 ----D---- C:\ProgramData\Firefly Studios
2013-04-03 12:43:10 ----A---- C:\Windows\SYSWOW64\javaws.exe
2013-04-03 12:42:58 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2013-04-03 12:42:58 ----A---- C:\Windows\SYSWOW64\javaw.exe
2013-04-03 12:42:58 ----A---- C:\Windows\SYSWOW64\java.exe
2013-04-03 12:42:49 ----D---- C:\Program Files (x86)\Java
2013-04-01 14:01:48 ----D---- C:\Program Files (x86)\JoWooD
2013-03-26 09:46:54 ----A---- C:\Windows\SYSWOW64\FAPAC94.tmp
2013-03-26 09:46:53 ----A---- C:\Windows\SYSWOW64\FAPA86C.tmp
2013-03-26 09:46:33 ----A---- C:\Windows\SYSWOW64\FAP5AC7.tmp
2013-03-26 09:46:20 ----A---- C:\Windows\SYSWOW64\FAP28FB.tmp
2013-03-26 09:46:16 ----A---- C:\Windows\SYSWOW64\FAP1A0A.tmp
2013-03-26 09:45:43 ----A---- C:\Windows\SYSWOW64\FAP97AE.tmp
2013-03-26 09:45:22 ----A---- C:\Windows\SYSWOW64\FAP4680.tmp
2013-03-26 09:44:51 ----A---- C:\Windows\SYSWOW64\FAPCD77.tmp
2013-03-26 09:44:42 ----A---- C:\Windows\SYSWOW64\FAPAC7C.tmp
2013-03-26 09:43:41 ----A---- C:\Windows\SYSWOW64\FAPBDF6.tmp
2013-03-26 09:43:32 ----A---- C:\Windows\SYSWOW64\FAP98E7.tmp
2013-03-26 09:43:14 ----A---- C:\Windows\SYSWOW64\FAP52DF.tmp
2013-03-26 09:35:33 ----A---- C:\Windows\SYSWOW64\FAP4B7C.tmp
2013-03-26 09:34:11 ----A---- C:\Windows\SYSWOW64\FAPA84.tmp
2013-03-26 09:26:52 ----A---- C:\Windows\SYSWOW64\FAP5777.tmp
2013-03-26 09:26:46 ----A---- C:\Windows\SYSWOW64\FAP409A.tmp
2013-03-14 10:02:33 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2013-03-14 10:02:33 ----A---- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe
2013-03-14 10:02:33 ----A---- C:\Windows\SYSWOW64\elshyph.dll
2013-03-14 10:02:33 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2013-03-14 10:02:33 ----A---- C:\Windows\system32\elshyph.dll
2013-03-14 10:02:32 ----A---- C:\Windows\SYSWOW64\wininet.dll
2013-03-14 10:02:32 ----A---- C:\Windows\SYSWOW64\msrating.dll
2013-03-14 10:02:32 ----A---- C:\Windows\SYSWOW64\msls31.dll
2013-03-14 10:02:32 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2013-03-14 10:02:32 ----A---- C:\Windows\SYSWOW64\inseng.dll
2013-03-14 10:02:32 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2013-03-14 10:02:31 ----A---- C:\Windows\SYSWOW64\wextract.exe
2013-03-14 10:02:31 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2013-03-14 10:02:31 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2013-03-14 10:02:31 ----A---- C:\Windows\SYSWOW64\pngfilt.dll
2013-03-14 10:02:31 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2013-03-14 10:02:31 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2013-03-14 10:02:31 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2013-03-14 10:02:31 ----A---- C:\Windows\SYSWOW64\iexpress.exe
2013-03-14 10:02:30 ----A---- C:\Windows\SYSWOW64\occache.dll
2013-03-14 10:02:30 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2013-03-14 10:02:30 ----A---- C:\Windows\SYSWOW64\mshta.exe
2013-03-14 10:02:30 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe
2013-03-14 10:02:30 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll
2013-03-14 10:02:30 ----A---- C:\Windows\SYSWOW64\jscript.dll
2013-03-14 10:02:30 ----A---- C:\Windows\SYSWOW64\imgutil.dll
2013-03-14 10:02:30 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2013-03-14 10:02:30 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2013-03-14 10:02:30 ----A---- C:\Windows\SYSWOW64\IEAdvpack.dll
2013-03-14 10:02:29 ----A---- C:\Windows\SYSWOW64\SetIEInstalledDate.exe
2013-03-14 10:02:29 ----A---- C:\Windows\SYSWOW64\mshtmler.dll
2013-03-14 10:02:29 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2013-03-14 10:02:29 ----A---- C:\Windows\SYSWOW64\ieui.dll
2013-03-14 10:02:29 ----A---- C:\Windows\SYSWOW64\iesysprep.dll
2013-03-14 10:02:28 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2013-03-14 10:02:28 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2013-03-14 10:02:27 ----A---- C:\Windows\SYSWOW64\url.dll
2013-03-14 10:02:27 ----A---- C:\Windows\SYSWOW64\licmgr10.dll
2013-03-14 10:02:27 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2013-03-14 10:02:27 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2013-03-14 10:02:27 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2013-03-14 10:02:27 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2013-03-14 10:02:27 ----A---- C:\Windows\SYSWOW64\ieapfltr.dat
2013-03-14 10:02:27 ----A---- C:\Windows\SYSWOW64\icardie.dll
2013-03-14 10:02:27 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2013-03-14 10:02:26 ----A---- C:\Windows\system32\urlmon.dll
2013-03-14 10:02:26 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2013-03-14 10:02:26 ----A---- C:\Windows\system32\msrating.dll
2013-03-14 10:02:26 ----A---- C:\Windows\system32\msls31.dll
2013-03-14 10:02:26 ----A---- C:\Windows\system32\iertutil.dll
2013-03-14 10:02:25 ----A---- C:\Windows\system32\wininet.dll
2013-03-14 10:02:25 ----A---- C:\Windows\system32\url.dll
2013-03-14 10:02:25 ----A---- C:\Windows\system32\mshtmlmedia.dll
2013-03-14 10:02:25 ----A---- C:\Windows\system32\jsproxy.dll
2013-03-14 10:02:25 ----A---- C:\Windows\system32\iesetup.dll
2013-03-14 10:02:25 ----A---- C:\Windows\system32\iernonce.dll
2013-03-14 10:02:25 ----A---- C:\Windows\system32\iedkcs32.dll
2013-03-14 10:02:25 ----A---- C:\Windows\system32\ieapfltr.dll
2013-03-14 10:02:25 ----A---- C:\Windows\system32\ieapfltr.dat
2013-03-14 10:02:25 ----A---- C:\Windows\system32\ie4uinit.exe
2013-03-14 10:02:25 ----A---- C:\Windows\system32\icardie.dll
2013-03-14 10:02:25 ----A---- C:\Windows\system32\dxtrans.dll
2013-03-14 10:02:25 ----A---- C:\Windows\system32\dxtmsft.dll
2013-03-14 10:02:24 ----A---- C:\Windows\system32\wextract.exe
2013-03-14 10:02:24 ----A---- C:\Windows\system32\webcheck.dll
2013-03-14 10:02:24 ----A---- C:\Windows\system32\vbscript.dll
2013-03-14 10:02:24 ----A---- C:\Windows\system32\mshtmled.dll
2013-03-14 10:02:24 ----A---- C:\Windows\system32\mshtml.dll
2013-03-14 10:02:24 ----A---- C:\Windows\system32\msfeeds.dll
2013-03-14 10:02:24 ----A---- C:\Windows\system32\licmgr10.dll
2013-03-14 10:02:24 ----A---- C:\Windows\system32\inseng.dll
2013-03-14 10:02:24 ----A---- C:\Windows\system32\iexpress.exe
2013-03-14 10:02:24 ----A---- C:\Windows\system32\ieUnatt.exe
2013-03-14 10:02:23 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2013-03-14 10:02:23 ----A---- C:\Windows\system32\pngfilt.dll
2013-03-14 10:02:23 ----A---- C:\Windows\system32\occache.dll
2013-03-14 10:02:23 ----A---- C:\Windows\system32\mshtmler.dll
2013-03-14 10:02:23 ----A---- C:\Windows\system32\mshta.exe
2013-03-14 10:02:23 ----A---- C:\Windows\system32\msfeedssync.exe
2013-03-14 10:02:23 ----A---- C:\Windows\system32\msfeedsbs.dll
2013-03-14 10:02:23 ----A---- C:\Windows\system32\jscript9.dll
2013-03-14 10:02:23 ----A---- C:\Windows\system32\jscript.dll
2013-03-14 10:02:23 ----A---- C:\Windows\system32\imgutil.dll
2013-03-14 10:02:23 ----A---- C:\Windows\system32\iesysprep.dll
2013-03-14 10:02:23 ----A---- C:\Windows\system32\iepeers.dll
2013-03-14 10:02:23 ----A---- C:\Windows\system32\IEAdvpack.dll
2013-03-14 10:02:22 ----A---- C:\Windows\system32\ieui.dll
2013-03-14 10:02:22 ----A---- C:\Windows\system32\ieframe.dll
2013-03-14 09:59:29 ----A---- C:\Windows\system32\drivers\usb8023.sys

======List of files/folders modified in the last 1 month======

2013-04-10 14:44:59 ----RD---- C:\Program Files
2013-04-10 14:44:31 ----D---- C:\Windows\TEMP
2013-04-10 14:30:54 ----D---- C:\Users\Tomáš\AppData\Roaming\Skype
2013-04-10 14:25:09 ----HD---- C:\ProgramData
2013-04-10 14:21:45 ----D---- C:\Windows
2013-04-10 08:49:05 ----D---- C:\Windows\system32\config
2013-04-10 08:42:54 ----D---- C:\Windows\inf
2013-04-10 08:42:53 ----D---- C:\Windows\Logs
2013-04-10 08:40:38 ----D---- C:\ProgramData\MFAData
2013-04-10 08:37:01 ----SHD---- C:\System Volume Information
2013-04-10 08:34:35 ----A---- C:\Windows\SYSWOW64\log.txt
2013-04-09 14:29:50 ----D---- C:\CitrixUSBStore
2013-04-09 12:33:04 ----HD---- C:\Windows\msdownld.tmp
2013-04-09 12:32:59 ----D---- C:\Windows\SYSWOW64\directx
2013-04-08 17:03:03 ----D---- C:\Windows\System32
2013-04-08 17:03:03 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-04-08 16:59:12 ----D---- C:\Windows\system32\drivers
2013-04-08 16:59:06 ----D---- C:\Windows\system32\catroot
2013-04-08 16:58:58 ----D---- C:\Windows\system32\DriverStore
2013-04-08 16:58:23 ----RD---- C:\Program Files (x86)
2013-04-08 16:57:33 ----D---- C:\Windows\Prefetch
2013-04-08 14:47:59 ----D---- C:\Windows\SysWOW64
2013-04-08 14:46:54 ----RSD---- C:\Windows\assembly
2013-04-08 14:45:34 ----SHD---- C:\Windows\Installer
2013-04-08 14:22:55 ----D---- C:\Program Files (x86)\Activision
2013-04-08 12:38:38 ----D---- C:\Users\Tomáš\AppData\Roaming\Mozilla
2013-04-07 12:14:01 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2013-04-07 11:53:03 ----D---- C:\Windows\Downloaded Installations
2013-04-03 12:42:50 ----A---- C:\Windows\SYSWOW64\npDeployJava1.dll
2013-04-03 12:42:50 ----A---- C:\Windows\SYSWOW64\deployJava1.dll
2013-04-02 12:34:28 ----N---- C:\Windows\system32\MpSigStub.exe
2013-04-01 15:12:08 ----D---- C:\Program Files (x86)\lg_fwupdate
2013-04-01 15:12:08 ----A---- C:\Windows\lgfwup.ini
2013-03-30 10:01:10 ----D---- C:\ProgramData\Spybot - Search & Destroy
2013-03-30 09:58:14 ----D---- C:\Program Files (x86)\CCleaner
2013-03-21 20:40:32 ----D---- C:\Windows\SoftwareDistribution
2013-03-20 15:04:03 ----D---- C:\Windows\rescache
2013-03-17 10:21:45 ----A---- C:\Users\Tomáš\AppData\Roaming\burnaware.ini
2013-03-15 09:09:25 ----D---- C:\Windows\Panther
2013-03-14 10:16:10 ----D---- C:\Windows\winsxs
2013-03-14 10:12:42 ----D---- C:\Windows\SYSWOW64\cs-CZ
2013-03-14 10:12:42 ----D---- C:\Windows\system32\cs-CZ
2013-03-14 10:12:42 ----D---- C:\Program Files\Internet Explorer
2013-03-14 10:12:42 ----D---- C:\Program Files (x86)\Internet Explorer
2013-03-14 10:12:41 ----D---- C:\Windows\SYSWOW64\migration
2013-03-14 10:12:41 ----D---- C:\Windows\SYSWOW64\en-US
2013-03-14 10:12:41 ----D---- C:\Windows\system32\migration
2013-03-14 10:12:41 ----D---- C:\Windows\system32\en-US
2013-03-14 10:12:41 ----D---- C:\Windows\PolicyDefinitions
2013-03-14 10:04:43 ----D---- C:\Windows\system32\catroot2
2013-03-14 09:57:40 ----D---- C:\Windows\debug
2013-03-14 00:56:18 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2013-03-13 11:22:37 ----D---- C:\Program Files\Microsoft Silverlight
2013-03-13 11:22:36 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2013-03-13 11:22:35 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2013-03-13 11:20:17 ----D---- C:\Windows\AppPatch
2013-03-13 11:03:41 ----A---- C:\Windows\system32\MRT.exe
2013-03-13 11:01:11 ----A---- C:\Windows\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSHA;AVGIDSHA; C:\Windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
R0 Avgloga;AVG Logging Driver; C:\Windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx64.sys [2012-11-16 111968]
R0 Avgrkx64;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2013-01-20 230320]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
R1 Avgldx64;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
R1 Avgtdia;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
R1 avgtp;avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [2013-02-18 39768]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 ctxusbm;Citrix USB Monitor Driver; C:\Windows\system32\DRIVERS\ctxusbm.sys [2011-08-10 91864]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-04-08 283200]
R1 EIO64;EIO Driver; C:\Windows\system32\DRIVERS\EIO64.sys [2010-02-06 16384]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 asusgsb;ASUS Virtual Video Capture Device Driver; C:\Windows\system32\drivers\asusgsb.sys [2009-02-17 17792]
R3 athur;Wireless Network Adapter Service; C:\Windows\system32\DRIVERS\athurx.sys [2010-01-05 1847296]
R3 AtiHdmiService;ATI Service for HD Audio Codec; C:\Windows\system32\drivers\AtiHdmi.sys [2009-06-04 114192]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-08-18 6037504]
R3 atkdisplf;ASUS Kernel Mode Enhanced Driver; C:\Windows\system32\drivers\ATKDispLowFilter.sys [2009-02-17 39424]
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2009-11-03 2023840]
R3 MSILiveVirtualCamera;MSI Live Virtual Camera; C:\Windows\system32\DRIVERS\MSILiveVirtualCamera.sys [2007-01-29 456192]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-08-20 239616]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2009-01-08 3601920]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys []
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-12-18 65192]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-08-18 203264]
R2 ASDR;ASDR; C:\Windows\SysWOW64\ASDR.exe [2009-07-27 61440]
R2 ATKFUSService;ATK Fast User Switch Service; C:\Windows\system32\ATKFUSService.exe [2009-05-06 62464]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-16 5814904]
R2 avgwd;AVG WatchDog; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
R2 BCUService;Browser Configuration Utility Service; C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-08-04 219360]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2009-09-30 268824]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-01-27 22056]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [2009-04-15 271760]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]
R2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [2013-02-18 968880]
R3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
S2 avgfws;AVG Firewall; C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [2012-11-02 1340976]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-14 253656]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-03-08 115608]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-05-20 1255736]

-----------------EOF-----------------

Zdravim

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte na plochu.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s

Kliknete na Prohledat
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).

Zdravím, po celém dnu scanování mi to napsalo out of memory...? dky M

Jak je to s legalitou systemu? Ultimate neni zrovna bezna domaci verze

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Prohledat a program zacne pracovat.
Az skonci, vyplivne na vas log (pokud ne, najdete ho zde C:\AdwCleaner[R?].txt ), ten mi sem zkopirujte.

Zdravím, tady log. Ten ultimate už byl uvnitř když jsem kupoval.....

TM

# AdwCleaner v2.200 - Log vytvooen 12/04/2013 v 09:57:28
# Aktualizováno 02/04/2013 Xplode
# Operaení systém : Windows 7 Ultimate Service Pack 1 (64 bits)
# Uživatel : Tomáš - TOMÁŠ-PC
# Spuštin systém : Normální
# Spuštino z : C:\Users\Tomáš\Desktop\adwcleaner.exe
# Volba [Prohledat]

***** [Služby] *****

***** [Soubory / Složky] *****

Složka Nalezeno : C:\Program Files (x86)\Ask.com
Složka Nalezeno : C:\Program Files (x86)\AVG Secure Search
Složka Nalezeno : C:\Program Files (x86)\Common Files\AVG Secure Search
Složka Nalezeno : C:\Program Files (x86)\Conduit
Složka Nalezeno : C:\Program Files (x86)\DeviceVM
Složka Nalezeno : C:\Program Files (x86)\SavingsApp
Složka Nalezeno : C:\ProgramData\AVG Secure Search
Složka Nalezeno : C:\ProgramData\Trymedia
Složka Nalezeno : C:\Users\MARIČKA\AppData\Local\AVG Secure Search
Složka Nalezeno : C:\Users\MARIČKA\AppData\Roaming\Mozilla\Firefox\Profiles\tcl5g068.default\extensions\crossriderapp4639@crossrider.com
Složka Nalezeno : C:\Users\Tomáš\AppData\Local\AVG Secure Search
Složka Nalezeno : C:\Users\Tomáš\AppData\Local\SavingsApp
Složka Nalezeno : C:\Users\Tomáš\AppData\LocalLow\AVG Secure Search
Složka Nalezeno : C:\Users\Tomáš\AppData\LocalLow\AVG Security Toolbar
Složka Nalezeno : C:\Users\Tomáš\AppData\LocalLow\Conduit
Složka Nalezeno : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Soubor Nalezeno : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml

***** [Registry] *****

Hodnota Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Hodnota Nalezeno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Hodnota Nalezeno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Klíe Nalezeno : HKCU\Software\APN
Klíe Nalezeno : HKCU\Software\AppDataLow\Software\AskToolbar
Klíe Nalezeno : HKCU\Software\AppDataLow\Software\Conduit
Klíe Nalezeno : HKCU\Software\AppDataLow\Software\Crossrider
Klíe Nalezeno : HKCU\Software\AppDataLow\Software\SavingsApp
Klíe Nalezeno : HKCU\Software\Ask.com
Klíe Nalezeno : HKCU\Software\AVG Secure Search
Klíe Nalezeno : HKCU\Software\InstalledBrowserExtensions
Klíe Nalezeno : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011461139}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011461139}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Klíe Nalezeno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Klíe Nalezeno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Klíe Nalezeno : HKLM\Software\APN
Klíe Nalezeno : HKLM\Software\AskToolbar
Klíe Nalezeno : HKLM\Software\AVG Secure Search
Klíe Nalezeno : HKLM\Software\AVG Security Toolbar
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CrossriderApp0004639.BHO
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CrossriderApp0004639.BHO.1
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CrossriderApp0004639.FBApi
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CrossriderApp0004639.FBApi.1
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CrossriderApp0004639.Sandbox
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CrossriderApp0004639.Sandbox.1
Klíe Nalezeno : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Klíe Nalezeno : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Klíe Nalezeno : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Klíe Nalezeno : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Klíe Nalezeno : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Klíe Nalezeno : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Klíe Nalezeno : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Klíe Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044464439}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Klíe Nalezeno : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Klíe Nalezeno : HKLM\Software\Conduit
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Tracing\SavingsApp_RASAPI32
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Tracing\SavingsApp_RASMANCS
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011461139}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Klíe Nalezeno : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110011461139}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220022462239}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{33333333-3333-3333-3333-330033463339}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{55555555-5555-5555-5555-550055465539}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66666666-6666-6666-6666-660066466639}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77777777-7777-7777-7777-770077467739}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011461139}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011461139}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SavingsApp
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055465539}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066466639}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077467739}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Klíe Nalezeno : HKU\S-1-5-21-28559343-1225308188-4096564683-1001\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Klíe Nalezeno : HKU\S-1-5-21-28559343-1225308188-4096564683-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

***** [Internetové prohlížeee] *****

-\\ Internet Explorer v10.0.9200.16537

[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://isearch.avg.com/tab?cid={3D30C974-A049-44BF-9844-79B7A1851822}&mid=9446d8f4af5a47d1bdfbbdb90fed3b6a-f38e72d02ec97bd88c5031e8359348b0269976c0&lang=cs&ds=AVG&pr=fr&d=2011-11-24 14:54:32&v=9.0.0.22&sap=nt

-\\ Mozilla Firefox v19.0.2 (cs)

Soubor : C:\Users\Tomáš\AppData\Roaming\Mozilla\Firefox\Profiles\txcdlzvo.default-1357305419362\prefs.js

[OK] Soubor je eistý.

Soubor : C:\Users\MARIČKA\AppData\Roaming\Mozilla\Firefox\Profiles\tcl5g068.default\prefs.js

Nalezeno : user_pref("extensions.crossriderapp4639.4639.InstallationTime", 1340632979);
Nalezeno : user_pref("extensions.crossriderapp4639.4639.active", true);
Nalezeno : user_pref("extensions.crossriderapp4639.4639.addressbar", "");
Nalezeno : user_pref("extensions.crossriderapp4639.4639.affid", "0");
Nalezeno : user_pref("extensions.crossriderapp4639.4639.backgroundjs", "\n\n\"undefined\"!=typeof _GPL_BG&&appA[...]
Nalezeno : user_pref("extensions.crossriderapp4639.4639.backgroundver", 5);
Nalezeno : user_pref("extensions.crossriderapp4639.4639.can_run_bg_code", true);
Nalezeno : user_pref("extensions.crossriderapp4639.4639.certdomaininstaller", "");
Nalezeno : user_pref("extensions.crossriderapp4639.4639.changeprevious", false);
Nalezeno : user_pref("extensions.crossriderapp4639.4639.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]
Nalezeno : user_pref("extensions.crossriderapp4639.4639.cookie.InstallationTime.value", "1340632979");
Nalezeno : user_pref("extensions.crossriderapp4639.4639.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...]
Nalezeno : user_pref("extensions.crossriderapp4639.4639.cookie._GPL_aoi.value", "1340632979");
Nalezeno : user_pref("extensions.crossriderapp4639.4639.cookie._GPL_blocklist.expiration", "Thu Sep 06 2012 19:[...]
Nalezeno : user_pref("extensions.crossriderapp4639.4639.cookie._GPL_blocklist.value", "%5B%22nonexistantdomain.[...]
Nalezeno : user_pref("extensions.crossriderapp4639.4639.cookie._GPL_country_code.expiration", "Sat Sep 08 2012 [...]
Nalezeno : user_pref("extensions.crossriderapp4639.4639.cookie._GPL_country_code.value", "%22CZ%22");
Nalezeno : user_pref("extensions.crossriderapp4639.4639.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 [...]
Nalezeno : user_pref("extensions.crossriderapp4639.4639.cookie._GPL_crr.value", "1346950556");
Nalezeno : user_pref("extensions.crossriderapp4639.4639.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 [...]
Nalezeno : user_pref("extensions.crossriderapp4639.4639.cookie._GPL_hotfix20111102645.value", "%221%22");
Nalezeno : user_pref("extensions.crossriderapp4639.4639.cookie._GPL_installer_params.expiration", "Fri Feb 01 2[...]
Nalezeno : user_pref("extensions.crossriderapp4639.4639.cookie._GPL_installer_params.value", "%7B%22source_id%2[...]
Nalezeno : user_pref("extensions.crossriderapp4639.4639.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030[...]
Nalezeno : user_pref("extensions.crossriderapp4639.4639.cookie._GPL_parent_zoneid.value", "%2214019%22");
Nalezeno : user_pref("extensions.crossriderapp4639.4639.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 0[...]
Nalezeno : user_pref("extensions.crossriderapp4639.4639.cookie._GPL_pc_20120828.value", "1346493583226");
Nalezeno : user_pref("extensions.crossriderapp4639.4639.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00[...]
Nalezeno : user_pref("extensions.crossriderapp4639.4639.cookie._GPL_product_id.value", "%221181%22");
Nalezeno : user_pref("extensions.crossriderapp4639.4639.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:[...]
Nalezeno : user_pref("extensions.crossriderapp4639.4639.cookie._GPL_zoneid.value", "%2249259%22");
Nalezeno : user_pref("extensions.crossriderapp4639.4639.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GM[...]
Nalezeno : user_pref("extensions.crossriderapp4639.4639.cookie.dbtest.value", "1346493582800");
Nalezeno : user_pref("extensions.crossriderapp4639.4639.description", "SavingsApp");
Nalezeno : user_pref("extensions.crossriderapp4639.4639.domain", "");
Nalezeno : user_pref("extensions.crossriderapp4639.4639.emailsig", "");
Nalezeno : user_pref("extensions.crossriderapp4639.4639.enablesearch", false);
Nalezeno : user_pref("extensions.crossriderapp4639.4639.exposesites", "");
Nalezeno : user_pref("extensions.crossriderapp4639.4639.fbremoteurl", "");
Nalezeno : user_pref("extensions.crossriderapp4639.4639.group", 0);
Nalezeno : user_pref("extensions.crossriderapp4639.4639.homepage", "");
Nalezeno : user_pref("extensions.crossriderapp4639.4639.iframe", false);
Nalezeno : user_pref("extensions.crossriderapp4639.4639.internaldb.Resources_appVer.expiration", "Fri Feb 01 20[...]
Nalezeno : user_pref("extensions.crossriderapp4639.4639.internaldb.Resources_appVer.value", "33");
Nalezeno : user_pref("extensions.crossriderapp4639.4639.internaldb.Resources_lastVersion.expiration", "Fri Feb [...]
Nalezeno : user_pref("extensions.crossriderapp4639.4639.internaldb.Resources_lastVersion.value", "0");
Nalezeno : user_pref("extensions.crossriderapp4639.4639.internaldb.Resources_meta.expiration", "Fri Feb 01 2030[...]
Nalezeno : user_pref("extensions.crossriderapp4639.4639.internaldb.Resources_meta.value", "%7B%7D");
Nalezeno : user_pref("extensions.crossriderapp4639.4639.internaldb.Resources_nextCheck.expiration", "Fri Sep 07[...]
Nalezeno : user_pref("extensions.crossriderapp4639.4639.internaldb.Resources_nextCheck.value", "true");
Nalezeno : user_pref("extensions.crossriderapp4639.4639.internaldb.Resources_queue.expiration", "Fri Feb 01 203[...]
Nalezeno : user_pref("extensions.crossriderapp4639.4639.internaldb.Resources_queue.value", "%7B%7D");
Nalezeno : user_pref("extensions.crossriderapp4639.4639.internaldb.Resources_remote_resources.expiration", "Fri[...]
Nalezeno : user_pref("extensions.crossriderapp4639.4639.internaldb.Resources_remote_resources.value", "%7B%22re[...]
Nalezeno : user_pref("extensions.crossriderapp4639.4639.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GP[...]
Nalezeno : user_pref("extensions.crossriderapp4639.4639.manifesturl", "");
Nalezeno : user_pref("extensions.crossriderapp4639.4639.name", "SavingsApp");
Nalezeno : user_pref("extensions.crossriderapp4639.4639.newtab", "");
Nalezeno : user_pref("extensions.crossriderapp4639.4639.opensearch", "");
Nalezeno : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_1.code", "appAPI._cr_config={appID:funct[...]
Nalezeno : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_1.name", "base");
Nalezeno : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_1.ver", 3);
Nalezeno : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_1000014.code", "Array.prototype.indexOf|[...]
Nalezeno : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Nalezeno : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_1000014.ver", 4);
Nalezeno : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_1000015.code", "var _GPL_BG={vars:{},rul[...]
Nalezeno : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_1000015.name", "GPL Background (BG)");
Nalezeno : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_1000015.ver", 2);
Nalezeno : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_13.code", "(function(a){a.selectedText=f[...]
Nalezeno : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_13.name", "CrossriderAppUtils");
Nalezeno : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_13.ver", 2);
Nalezeno : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefin[...]
Nalezeno : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_14.name", "CrossriderUtils");
Nalezeno : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_14.ver", 2);
Nalezeno : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_15.code", "(function(f){var u={};var e=M[...]
Nalezeno : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_15.name", "FacebookFFIE");
Nalezeno : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_15.ver", 1);
Nalezeno : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_16.code", "(function(f,b){if(typeof(b)==[...]
Nalezeno : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_16.name", "FFAppAPIWrapper");
Nalezeno : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_16.ver", 3);
Nalezeno : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_17.code", "if(typeof window!==\"undefine[...]
Nalezeno : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_17.name", "jQuery");
Nalezeno : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_17.ver", 3);
Nalezeno : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_21.code", "var CrossriderDebugManager=(f[...]
Nalezeno : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_21.name", "debug");
Nalezeno : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_21.ver", 3);
Nalezeno : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_22.code", "(function(a){appAPI.queueMana[...]
Nalezeno : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_22.name", "resources");
Nalezeno : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_22.ver", 2);
Nalezeno : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_28.code", "var CrossriderInitializerPlug[...]
Nalezeno : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_28.name", "initializer");
Nalezeno : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_28.ver", 2);
Nalezeno : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_4.code", "/*! jQuery v1.7.1 jquery.com |[...]
Nalezeno : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_4.name", "jquery_1_7_1");
Nalezeno : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_4.ver", 3);
Nalezeno : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_47.code", "(function(){appAPI.ready=func[...]
Nalezeno : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_47.name", "resources_background");
Nalezeno : user_pref("extensions.crossriderapp4639.4639.plugins.plugin_47.ver", 1);
Nalezeno : user_pref("extensions.crossriderapp4639.4639.plugins_lists.plugins_0", "17,14,16,47,1000015");
Nalezeno : user_pref("extensions.crossriderapp4639.4639.plugins_lists.plugins_1", "17,14,13,16,15,4,1,21,22,100[...]
Nalezeno : user_pref("extensions.crossriderapp4639.4639.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]
Nalezeno : user_pref("extensions.crossriderapp4639.4639.pluginsversion", 11);
Nalezeno : user_pref("extensions.crossriderapp4639.4639.premium", true);
Nalezeno : user_pref("extensions.crossriderapp4639.4639.publisher", "215 Apps");
Nalezeno : user_pref("extensions.crossriderapp4639.4639.searchstatus", 0);
Nalezeno : user_pref("extensions.crossriderapp4639.4639.setnewtab", false);
Nalezeno : user_pref("extensions.crossriderapp4639.4639.settingsurl", "");
Nalezeno : user_pref("extensions.crossriderapp4639.4639.thankyou", "hxxp://crossrider.com/thank_you/4639");
Nalezeno : user_pref("extensions.crossriderapp4639.4639.updateinterval", 360);
Nalezeno : user_pref("extensions.crossriderapp4639.4639.ver", 33);
Nalezeno : user_pref("extensions.crossriderapp4639.adsOldValue", -1);
Nalezeno : user_pref("extensions.crossriderapp4639.apps", "4639");
Nalezeno : user_pref("extensions.crossriderapp4639.bic", "13823f3d5e7e45baff2eee8442587084");
Nalezeno : user_pref("extensions.crossriderapp4639.cid", 4639);
Nalezeno : user_pref("extensions.crossriderapp4639.firstrun", false);
Nalezeno : user_pref("extensions.crossriderapp4639.hadappinstalled", true);
Nalezeno : user_pref("extensions.crossriderapp4639.installationdate", 1340632979);
Nalezeno : user_pref("extensions.crossriderapp4639.lastcheck", 22449165);
Nalezeno : user_pref("extensions.crossriderapp4639.lastcheckitem", 22449187);
Nalezeno : user_pref("extensions.crossriderapp4639.misc.lastBgWorkerTimer", "1342122187767");
Nalezeno : user_pref("extensions.crossriderapp4639.misc.lastDomWorkerTimer", "1342122187765");
Nalezeno : user_pref("extensions.crossriderapp4639.modetype", "production");
Nalezeno : user_pref("browser.search.selectedEngine", "Search The Web");

*************************

AdwCleaner[R1].txt - [24048 octets] - [12/04/2013 09:56:40]
AdwCleaner[R2].txt - [24006 octets] - [12/04/2013 09:57:28]

########## EOF - C:\AdwCleaner[R2].txt - [24067 octets] ##########

Kupoval kde? V prodejne, nebo od nejakeho znameho?

Znovu ukoncete vsechny programy a spustte AdwCleaner jako spravce.
Tentokrat kliknete na Smazat
Program zacne pracovat (muze dojit k restartu pc) a vyplivne dalsi log (pripadne bude zde C:\AdwCleaner [S1].txt ). Ten mi sem zase zkopirujte.

Znamá...

tady log po čištění:
# AdwCleaner v2.200 - Log vytvooen 12/04/2013 v 11:12:29
# Aktualizováno 02/04/2013 Xplode
# Operaení systém : Windows 7 Ultimate Service Pack 1 (64 bits)
# Uživatel : Tomáš - TOMÁŠ-PC
# Spuštin systém : Normální
# Spuštino z : C:\Users\Tomáš\Desktop\adwcleaner.exe
# Volba [Prohledat]

***** [Služby] *****

***** [Soubory / Složky] *****

Složka Nalezeno : C:\Program Files (x86)\Common Files\AVG Secure Search
Složka Nalezeno : C:\Program Files (x86)\DeviceVM
Soubor Nalezeno : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml

***** [Registry] *****

***** [Internetové prohlížeee] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Registry jsou eisté.

-\\ Mozilla Firefox v20.0.1 (cs)

Soubor : C:\Users\Tomáš\AppData\Roaming\Mozilla\Firefox\Profiles\txcdlzvo.default-1357305419362\prefs.js

[OK] Soubor je eistý.

Soubor : C:\Users\MARIČKA\AppData\Roaming\Mozilla\Firefox\Profiles\tcl5g068.default\prefs.js

[OK] Soubor je eistý.

*************************

AdwCleaner[R1].txt - [24048 octets] - [12/04/2013 09:56:40]
AdwCleaner[R2].txt - [24109 octets] - [12/04/2013 09:57:28]
AdwCleaner[R3].txt - [24170 octets] - [12/04/2013 11:00:11]
AdwCleaner[R4].txt - [1218 octets] - [12/04/2013 11:12:29]
AdwCleaner[S1].txt - [23968 octets] - [12/04/2013 11:01:10]

########## EOF - C:\AdwCleaner[R4].txt - [1339 octets] ##########

Fajn. Zkuste nyni podle stejneho navodu spustit OTL, ale tentokrat v nouzovem rezimu a s timto upravenym skriptem.

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

*crack* /s
*keygen* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s

VIRY.CZ

Prosím o kontrolu logu

Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu