Problém s web. prohlížečem
Napsal: 22 zář 2014 07:43
Zdravím, vrátil jsem se domů po delší době z ciziny a internetové prohlížeče jsou zasekané. Odzkoušena Opera, Firefox a Chrome. Čím déle počítač běží tím je to horší, týká se to například scrollování, odezvě po kliknutí na odkaz, záseky videí atp.
Přikládám RSIT report.
Díky za každou radu
Logfile of random's system information tool 1.10 (written by random/random)
Run by Barzul at 2014-09-22 08:27:21
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 13 GB (26%) free of 50 GB
Total RAM: 4094 MB (37% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:27:23, on 22.9.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal
Running processes:
C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe
C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe
C:\Program Files (x86)\Origin\Origin.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files (x86)\WakeWorker\WakeWorker.exe
C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Users\Barzul\AppData\Local\FilesFrog Update Checker\update_checker.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Users\Barzul\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
D:\Programy\Hamachi\hamachi-2-ui.exe
C:\Windows\inf\msbkiiku\msbkiiku.exe
C:\PROGRA~2\RELEVA~1\rlvknlg32.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files\trend micro\Barzul.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Barzul\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
O2 - BHO: EnjoyCouupon - {063099b3-839f-40f9-84cd-59ccc8435d52} - C:\ProgramData\EnjoyCouupon\XEauvlyIWUu8uz.dll
O2 - BHO: NewuSaavear - {0ef263be-ec1f-4007-86a1-8a60e2775c58} - C:\ProgramData\NewuSaavear\fP2Qd4gDzRxSp7.dll
O2 - BHO: CrossriderApp0004637 - {11111111-1111-1111-1111-110011461137} - C:\Program Files (x86)\Deals Plugin\Deals Plugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Bcool - {3C66EFA0-BE27-D4E6-9998-6B18EBF8AF05} - C:\ProgramData\Bcool\5101108e61a63.dll
O2 - BHO: BeistSaveForYYOu - {48fe832b-80dc-4904-8c1d-8e20a983ee45} - C:\ProgramData\BeistSaveForYYOu\lz8umSXA37dUlM.dll
O2 - BHO: QipLI - {6B5863A0-C43F-4C0A-982B-CC0E9125783F} - C:\Users\Barzul\AppData\Roaming\Microsoft\Internet Explorer\qstatsrv.dll
O2 - BHO: BrowSoe2asaaveey - {923BF462-5E19-AE09-D433-375F9C565A25} - C:\ProgramData\BrowSoe2asaaveey\516287f4bb57b.dll
O2 - BHO: Smiley Bar for Facebook - {944FEDFD-C4FD-441D-8275-9C651A9FFBDE} - C:\Program Files (x86)\Smiley Bar for Facebook\ScriptHost.dll
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Barzul\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll
O2 - BHO: CooupEXttennsiono - {AA943030-EB9C-FB3F-EC5F-636301E78C03} - C:\ProgramData\CooupEXttennsiono\s0.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SpecialSavings.Addon - {bb184e6d-26d1-461a-9226-b93ca8da2af9} - mscoree.dll (file missing)
O2 - BHO: NewSAAver - {d3f7de44-9ee5-45d8-b96f-bbb3703caaed} - C:\ProgramData\NewSAAver\ssnjsL44iCncq6.dll
O2 - BHO: FiindBestDEal - {e9fbab32-7718-44f1-b5d1-9885896df141} - C:\ProgramData\FiindBestDEal\kIWotiqaQV6h6i.dll
O2 - BHO: Search-NewTab - {EBA3AC07-1D30-9C2D-30A8-60EA5CBEFEE1} - C:\ProgramData\Search-NewTab\510110aab1e41.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll
O3 - Toolbar: SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files (x86)\Corel\Corel Graphics 12\Languages\CZ\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=112012 serial=DR12CCC-3287012-UQD lang=CZ
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [mskwbkSrv] C:\Windows\inf\mskwbk.vbe
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "D:\Programy\Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
O4 - HKCU\..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
O4 - HKCU\..\Run: [WakeWorker] C:\Program Files (x86)\WakeWorker\WakeWorker.exe -h
O4 - HKCU\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
O4 - HKCU\..\Run: [winupdater] C:\Windupdt\winupdate.exe
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\Barzul\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\Barzul\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKCU\..\Run: [SDP] C:\Users\Barzul\AppData\Local\FilesFrog Update Checker\update_checker.exe /auto
O4 - HKCU\..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
O4 - HKCU\..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
O4 - HKCU\..\Run: [Infium] "C:\Program Files (x86)\QIP 2012\qip.exe" /autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{E77F9C4D-6929-425E-8C79-7BB8BF988776}: NameServer = 10.1.1.1,10.1.1.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll (file missing)
O20 - AppInit_DLLs: c:\progra~3\bitguard\271832~1.68\{c16c1~1\bitguard.dll c:\progra~3\assist~1\assist~1.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: BitGuard - Unknown owner - C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Garmin Core Update Service - Garmin Ltd or its subsidiaries - C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - D:\Programy\Hamachi\hamachi-2.exe
O23 - Service: Updater Service (IBUpdaterService) - Unknown owner - C:\ProgramData\IBUpdaterService\ibsvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: QipGuard - QIP.ru - C:\Program Files (x86)\QipGuard\QipGuard.exe
O23 - Service: RelevantKnowledge - TMRG, Inc. - C:\Program Files (x86)\RelevantKnowledge\rlservice.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Samsung UPD Service2 - Unknown owner - C:\Windows\System32\SUPDSvc2.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files (x86)\Tunngle\TnglCtrl.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater15.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 16211 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
atieclxx
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Windows\system32\rundll32.exe" "c:\progra~3\assist~1\AssistantSvc.dll",service
"C:\Windows\system32\rundll32.exe" "c:\progra~3\assist~1\AssistantSvc.dll",service
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe
"C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service
"C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe"
"C:\ProgramData\IBUpdaterService\ibsvc.exe" /SERVICE
C:\Windows\SysWOW64\PnkBstrA.exe
"C:\Program Files (x86)\QipGuard\QipGuard.exe"
"C:\Program Files (x86)\RelevantKnowledge\rlservice.exe" /service
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe"
D:\Programy\Hamachi\hamachi-2.exe -s
taskeng.exe {E5799821-ABEF-45F2-BC95-32086A48C426}
D:\Programy\Hamachi\LMIGuardianSvc /escort 2024 /CUSTOM Hamachi
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"taskhost.exe"
"C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe" /PROTECT
C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe /schedule /profile "c:\programdata\bettersoft\optimizerpro\3036567561.ini"
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
C:\Windows\system32\sppsvc.exe
"C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe"
"C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe"
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe" -boot
"C:\Windows\WindowsMobile\wmdc.exe"
"C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
"C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
"C:\Program Files (x86)\WakeWorker\WakeWorker.exe" -h
"C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe"
"C:\Users\Barzul\AppData\Local\FilesFrog Update Checker\update_checker.exe" /auto
"C:\Program Files (x86)\Samsung\Kies\Kies.exe" /preload
HydraDM64.exe -h:65996 "Maximalizovat na celou plochu" "Maximalizovat k rohům okna" "Obnovit pracovní plochu"
szndesktop.exe default start
"C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
"C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
"C:\Program Files (x86)\AVG Secure Search\vprot.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe"
"C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe"
"C:\Users\Barzul\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe"
"C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe"
"D:\Programy\Hamachi\hamachi-2-ui.exe" --auto-start
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow
\??\C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\inf\msbkiiku\msbkiiku.exe -o stratum+tcp://mint.bitminter.com:3333 -u simmoun_fluffer -p fartbart
\??\C:\Windows\system32\conhost.exe
D:\Programy\Hamachi\LMIGuardianSvc /escort 3404 /CUSTOM Hamachi
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\PROGRA~2\RELEVA~1\rlvknlg64.exe" 3296
"C:\PROGRA~2\RELEVA~1\rlvknlg32.exe" 3296
"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe" --proxy-stub-channel=Flash4288.5B988BD8.32182 --host-broker-channel=Flash4288.5B988BD8.32441 --host-pid=4288 --host-npapi-version=27 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll"
"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe" --channel=196.0038F704.1535846328 --proxy-stub-channel=Flash4288.5B988BD8.32182 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll" --host-npapi-version=27 --type=renderer
"C:\Program Files (x86)\Opera\opera.exe"
"C:\Users\Barzul\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"taskhost.exe"
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\Users\Barzul\Desktop\RSITx64.exe"
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\schedule!3036567561.job - C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe /schedule /profile "c:\programdata\bettersoft\optimizerpro\3036567561.ini"
=========Mozilla firefox=========
ProfilePath - C:\Users\Barzul\AppData\Roaming\Mozilla\Firefox\Profiles\nwue31ta.default
prefs.js - "browser.startup.homepage" - "http://search.gboxapp.com/"
prefs.js - "keyword.URL" - "http://search.qip.ru/search?from=FF&query="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 15.0.0.152 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@esn.me/esnsonar,version=0.70.4]
"Description"=ESN Sonar browser plugin
"Path"=C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=1.138.0]
"Description"=
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=2.1.4]
"Description"=
"Path"=C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=2.3.0]
"Description"=
"Path"=C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@garmin.com/GpsControl]
"Description"=Garmin GPS Control for Firefox
"Path"=C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 15.0.0.152 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.45.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
C:\Program Files (x86)\Mozilla Firefox\extensions\
{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}
C:\Users\Barzul\AppData\Roaming\Mozilla\Firefox\Profiles\nwue31ta.default\extensions\
5101108e618d3@5101108e6190c.com
510110aab1ca0@510110aab1ce7.com
8mrpwvb@gmjgrb.edu
bibqKNV@n.com
iuuaoamj@ieaaeuaa.org
O4y46@w9V.edu
oOHdupOR@asH.net
P@vRQm.org
selZr9@A.edu
{ea614400-e918-4741-9a97-7a972ff7c30b}
C:\Users\Barzul\AppData\Roaming\Mozilla\Firefox\Profiles\nwue31ta.default\searchplugins\
babylon.xml
qip-search.xml
WebSearch.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{063099b3-839f-40f9-84cd-59ccc8435d52}]
EnjoyCouupon - C:\ProgramData\EnjoyCouupon\XEauvlyIWUu8uz.x64.dll [2014-09-17 698880]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0ef263be-ec1f-4007-86a1-8a60e2775c58}]
NewuSaavear - C:\ProgramData\NewuSaavear\fP2Qd4gDzRxSp7.x64.dll [2014-09-18 696832]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{48fe832b-80dc-4904-8c1d-8e20a983ee45}]
BeistSaveForYYOu - C:\ProgramData\BeistSaveForYYOu\lz8umSXA37dUlM.x64.dll [2014-09-18 696832]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-24 553384]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA943030-EB9C-FB3F-EC5F-636301E78C03}]
CooupEXttennsiono - C:\ProgramData\CooupEXttennsiono\s0.x64.dll [2014-03-24 474112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14 2117216]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d3f7de44-9ee5-45d8-b96f-bbb3703caaed}]
NewSAAver - C:\ProgramData\NewSAAver\ssnjsL44iCncq6.x64.dll [2014-09-19 703488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-24 210856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e9fbab32-7718-44f1-b5d1-9885896df141}]
FiindBestDEal - C:\ProgramData\FiindBestDEal\kIWotiqaQV6h6i.x64.dll [2014-09-18 696832]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
Octh Class - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll [2013-09-11 241448]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{063099b3-839f-40f9-84cd-59ccc8435d52}]
EnjoyCouupon - C:\ProgramData\EnjoyCouupon\XEauvlyIWUu8uz.dll [2014-09-17 618496]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0ef263be-ec1f-4007-86a1-8a60e2775c58}]
NewuSaavear - C:\ProgramData\NewuSaavear\fP2Qd4gDzRxSp7.dll [2014-09-18 616960]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011461137}]
Deals Plugin - C:\Program Files (x86)\Deals Plugin\Deals Plugin.dll [2012-12-12 617344]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3C66EFA0-BE27-D4E6-9998-6B18EBF8AF05}]
Bcool - C:\ProgramData\Bcool\5101108e61a63.dll [2013-01-24 120832]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{48fe832b-80dc-4904-8c1d-8e20a983ee45}]
BeistSaveForYYOu - C:\ProgramData\BeistSaveForYYOu\lz8umSXA37dUlM.dll [2014-09-18 617984]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6B5863A0-C43F-4C0A-982B-CC0E9125783F}]
QipLI Class - C:\Users\Barzul\AppData\Roaming\Microsoft\Internet Explorer\qstatsrv.dll [2012-11-26 50800]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{923BF462-5E19-AE09-D433-375F9C565A25}]
BrowSoe2asaaveey - C:\ProgramData\BrowSoe2asaaveey\516287f4bb57b.dll [2013-04-08 118272]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{944FEDFD-C4FD-441D-8275-9C651A9FFBDE}]
Smiley Bar for Facebook - C:\Program Files (x86)\Smiley Bar for Facebook\ScriptHost.dll [2012-11-04 358400]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class - C:\Users\Barzul\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll [2011-10-19 142288]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
AVG Security Toolbar - C:\Program Files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll [2013-05-21 1991344]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA943030-EB9C-FB3F-EC5F-636301E78C03}]
CooupEXttennsiono - C:\ProgramData\CooupEXttennsiono\s0.dll [2014-03-24 425472]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14 1709152]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bb184e6d-26d1-461a-9226-b93ca8da2af9}]
SpecialSavings.Addon - C:\Windows\system32\mscoree.dll [2010-11-21 444752]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d3f7de44-9ee5-45d8-b96f-bbb3703caaed}]
NewSAAver - C:\ProgramData\NewSAAver\ssnjsL44iCncq6.dll [2014-09-19 624640]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e9fbab32-7718-44f1-b5d1-9885896df141}]
FiindBestDEal - C:\ProgramData\FiindBestDEal\kIWotiqaQV6h6i.dll [2014-09-18 617984]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EBA3AC07-1D30-9C2D-30A8-60EA5CBEFEE1}]
Search-NewTab - C:\ProgramData\Search-NewTab\510110aab1e41.dll [2013-01-24 120832]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetPacks Browser Helper - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2012-07-04 1310040]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{95B7759C-8C7F-4BF1-B163-73684A933233} - AVG Security Toolbar - C:\Program Files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll [2013-05-21 1991344]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetPacks Toolbar for Internet Explorer - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2012-07-04 1310040]
{C55BBCD6-41AD-48AD-9953-3609C48EACC7} - Grab Pro - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll [2013-09-11 696000]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04 446392]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 660360]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EADM"=C:\Program Files (x86)\Origin\Origin.exe [2013-06-04 3456080]
"Xvid"=C:\Program Files (x86)\Xvid\CheckUpdate.exe [2011-01-17 8192]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2012-08-28 3671904]
"ISUSPM Startup"=C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup []
"AdobeBridge"= []
"HydraVisionDesktopManager"=C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [2010-09-30 393216]
"WakeWorker"=C:\Program Files (x86)\WakeWorker\WakeWorker.exe [2012-11-27 689152]
"GarminExpressTrayApp"=C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [2013-03-27 1098072]
"winupdater"=C:\Windupdt\winupdate.exe [2013-07-22 707072]
"cz.seznam.software.autoupdate"=C:\Users\Barzul\AppData\Roaming\Seznam.cz\szninstall.exe [2013-05-16 1062472]
"cz.seznam.software.szndesktop"=C:\Users\Barzul\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [2013-04-12 92664]
"SDP"=C:\Users\Barzul\AppData\Local\FilesFrog Update Checker\update_checker.exe [2013-01-31 201808]
"KiesPreload"=C:\Program Files (x86)\Samsung\Kies\Kies.exe [2013-12-11 1564528]
"KiesAirMessage"=C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup []
"Infium"=C:\Program Files (x86)\QIP 2012\qip.exe [2012-11-26 8376944]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Infium]
C:\Program Files (x86)\QIP 2012\qip.exe [2012-11-26 8376944]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QIP Internet Guardian]
C:\Users\Barzul\AppData\Roaming\QipGuard\QipGuard.exe [2012-11-26 417904]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"=C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2011-03-07 89456]
"ISUSScheduler"=C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [2004-06-16 81920]
"CorelDRAW Graphics Suite 11b"=C:\Program Files (x86)\Corel\Corel Graphics 12\Languages\CZ\Programs\Registration.exe /title=CorelDRAW Graphics Suite 12 /date=112012 serial=DR12CCC-3287012-UQD lang=CZ []
"vProt"=C:\Program Files (x86)\AVG Secure Search\vprot.exe [2013-05-21 1226928]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03 946352]
"SweetIM"=C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [2012-10-04 115032]
"Sweetpacks Communicator"=C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe [2012-08-15 231768]
"AdobeCS6ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [2012-03-09 1073312]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-12-19 642808]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"seznam-listicka-distribuce"=C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]
"mskwbkSrv"=C:\Windows\inf\mskwbk.vbe [2013-08-27 1558]
"KiesTrayAgent"=C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [2013-12-11 311152]
"LogMeIn Hamachi Ui"=D:\Programy\Hamachi\hamachi-2-ui.exe [2014-09-04 3802448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll c:\progra~3\assist~1\assist~2.dll"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe"="C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit"
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe"="C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.XVID"=xvidvfw.dll
"VIDC.FPS1"=frapsv64.dll
"VIDC.RTV1"=rtvcvfw64.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"vidc.mjpg"=bdmjpeg64.dll
"vidc.mpeg"=bdmpegv64.dll
"msacm.bdmpeg"=bdmpega64.acm
"MSVideo8"=VfWWDM32.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2014-09-22 08:22:21 ----D---- C:\rsit
2014-09-22 08:22:21 ----D---- C:\Program Files\trend micro
2014-09-19 08:36:13 ----D---- C:\ProgramData\AdPunisher
2014-09-19 08:16:17 ----D---- C:\ProgramData\NewSAAver
2014-09-18 21:38:28 ----D---- C:\ProgramData\NewuSaavear
2014-09-18 13:19:17 ----D---- C:\ProgramData\BeistSaveForYYOu
2014-09-18 13:17:54 ----D---- C:\ProgramData\FiindBestDEal
2014-09-17 12:28:21 ----D---- C:\ProgramData\EnjoyCouupon
======List of files/folders modified in the last 1 month======
2014-09-22 08:27:22 ----D---- C:\Windows\Temp
2014-09-22 08:22:21 ----RD---- C:\Program Files
2014-09-22 07:28:34 ----D---- C:\Users\Barzul\AppData\Roaming\Seznam.cz
2014-09-22 07:26:09 ----D---- C:\Program Files (x86)\Opera
2014-09-22 07:20:55 ----D---- C:\Windows\system32\Tasks
2014-09-22 01:15:24 ----D---- C:\Users\Barzul\AppData\Roaming\Skype
2014-09-21 19:52:29 ----D---- C:\Windows\system32\drivers
2014-09-20 01:57:29 ----D---- C:\Program Files (x86)\Mozilla Firefox
2014-09-20 01:56:17 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-19 12:53:24 ----D---- C:\Program Files (x86)\RelevantKnowledge
2014-09-19 12:24:46 ----RD---- C:\Program Files (x86)
2014-09-19 08:36:13 ----HD---- C:\ProgramData
2014-09-19 08:17:17 ----D---- C:\ProgramData\dc7411fa979e07e2
2014-09-18 04:45:53 ----SHD---- C:\Windows\Installer
2014-09-17 13:31:29 ----D---- C:\Windows\SysWOW64
2014-09-17 13:31:27 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-09-17 12:28:26 ----D---- C:\Windows\Prefetch
2014-09-17 12:12:16 ----RD---- C:\Program Files (x86)\Skype
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2009-05-04 16440]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 avgtp;avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [2013-05-21 45856]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-11-05 283200]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2010-12-17 40816]
R2 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2013-03-01 36600]
R3 amdiox64;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-12-19 11278336]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-12-19 552960]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2012-11-06 96256]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
R3 RTL8167;Ovladač Realtek 8167 NT; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle); C:\Windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2009-04-03 34872]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2011-01-15 36352]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2012-09-14 20544]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RTCore64;RTCore64; \??\D:\Programy\MSI afterburner\RTCore64.sys [2012-11-19 13368]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 19968]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 699fd52f;Assistant; C:\Windows\syswow64\rundll32.exe [2009-07-14 44544]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-12-18 65192]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-12-19 240640]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984]
R2 BitGuard;BitGuard; C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [2013-11-18 3780064]
R2 c2cautoupdatesvc;Skype Click to Call Updater; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-07-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-07-14 1767520]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 Garmin Core Update Service;Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-03-27 185688]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; D:\Programy\Hamachi\hamachi-2.exe [2014-09-04 2525008]
R2 IBUpdaterService;Updater Service; C:\ProgramData\IBUpdaterService\ibsvc.exe [2013-01-23 621976]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2012-09-14 76888]
R2 QipGuard;QipGuard; C:\Program Files (x86)\QipGuard\QipGuard.exe [2012-11-26 417904]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 RelevantKnowledge;RelevantKnowledge; C:\Program Files (x86)\RelevantKnowledge\rlservice.exe [2013-08-17 186136]
R2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [2013-05-21 1015984]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-16 136176]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-17 267440]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-16 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-09-19 114288]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files (x86)\WinPcap\rpcapd.exe [2013-03-01 118520]
S3 Samsung UPD Service2;Samsung UPD Service2; C:\Windows\System32\SUPDSvc2.exe [2012-04-06 158208]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 TunngleService;TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2013-11-06 758224]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
-----------------EOF-----------------
Přikládám RSIT report.
Díky za každou radu
Logfile of random's system information tool 1.10 (written by random/random)
Run by Barzul at 2014-09-22 08:27:21
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 13 GB (26%) free of 50 GB
Total RAM: 4094 MB (37% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:27:23, on 22.9.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal
Running processes:
C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe
C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe
C:\Program Files (x86)\Origin\Origin.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files (x86)\WakeWorker\WakeWorker.exe
C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Users\Barzul\AppData\Local\FilesFrog Update Checker\update_checker.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Users\Barzul\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
D:\Programy\Hamachi\hamachi-2-ui.exe
C:\Windows\inf\msbkiiku\msbkiiku.exe
C:\PROGRA~2\RELEVA~1\rlvknlg32.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files\trend micro\Barzul.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Barzul\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
O2 - BHO: EnjoyCouupon - {063099b3-839f-40f9-84cd-59ccc8435d52} - C:\ProgramData\EnjoyCouupon\XEauvlyIWUu8uz.dll
O2 - BHO: NewuSaavear - {0ef263be-ec1f-4007-86a1-8a60e2775c58} - C:\ProgramData\NewuSaavear\fP2Qd4gDzRxSp7.dll
O2 - BHO: CrossriderApp0004637 - {11111111-1111-1111-1111-110011461137} - C:\Program Files (x86)\Deals Plugin\Deals Plugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Bcool - {3C66EFA0-BE27-D4E6-9998-6B18EBF8AF05} - C:\ProgramData\Bcool\5101108e61a63.dll
O2 - BHO: BeistSaveForYYOu - {48fe832b-80dc-4904-8c1d-8e20a983ee45} - C:\ProgramData\BeistSaveForYYOu\lz8umSXA37dUlM.dll
O2 - BHO: QipLI - {6B5863A0-C43F-4C0A-982B-CC0E9125783F} - C:\Users\Barzul\AppData\Roaming\Microsoft\Internet Explorer\qstatsrv.dll
O2 - BHO: BrowSoe2asaaveey - {923BF462-5E19-AE09-D433-375F9C565A25} - C:\ProgramData\BrowSoe2asaaveey\516287f4bb57b.dll
O2 - BHO: Smiley Bar for Facebook - {944FEDFD-C4FD-441D-8275-9C651A9FFBDE} - C:\Program Files (x86)\Smiley Bar for Facebook\ScriptHost.dll
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Barzul\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll
O2 - BHO: CooupEXttennsiono - {AA943030-EB9C-FB3F-EC5F-636301E78C03} - C:\ProgramData\CooupEXttennsiono\s0.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SpecialSavings.Addon - {bb184e6d-26d1-461a-9226-b93ca8da2af9} - mscoree.dll (file missing)
O2 - BHO: NewSAAver - {d3f7de44-9ee5-45d8-b96f-bbb3703caaed} - C:\ProgramData\NewSAAver\ssnjsL44iCncq6.dll
O2 - BHO: FiindBestDEal - {e9fbab32-7718-44f1-b5d1-9885896df141} - C:\ProgramData\FiindBestDEal\kIWotiqaQV6h6i.dll
O2 - BHO: Search-NewTab - {EBA3AC07-1D30-9C2D-30A8-60EA5CBEFEE1} - C:\ProgramData\Search-NewTab\510110aab1e41.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll
O3 - Toolbar: SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files (x86)\Corel\Corel Graphics 12\Languages\CZ\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=112012 serial=DR12CCC-3287012-UQD lang=CZ
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [mskwbkSrv] C:\Windows\inf\mskwbk.vbe
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "D:\Programy\Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
O4 - HKCU\..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
O4 - HKCU\..\Run: [WakeWorker] C:\Program Files (x86)\WakeWorker\WakeWorker.exe -h
O4 - HKCU\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
O4 - HKCU\..\Run: [winupdater] C:\Windupdt\winupdate.exe
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\Barzul\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\Barzul\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKCU\..\Run: [SDP] C:\Users\Barzul\AppData\Local\FilesFrog Update Checker\update_checker.exe /auto
O4 - HKCU\..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
O4 - HKCU\..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
O4 - HKCU\..\Run: [Infium] "C:\Program Files (x86)\QIP 2012\qip.exe" /autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{E77F9C4D-6929-425E-8C79-7BB8BF988776}: NameServer = 10.1.1.1,10.1.1.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll (file missing)
O20 - AppInit_DLLs: c:\progra~3\bitguard\271832~1.68\{c16c1~1\bitguard.dll c:\progra~3\assist~1\assist~1.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: BitGuard - Unknown owner - C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Garmin Core Update Service - Garmin Ltd or its subsidiaries - C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - D:\Programy\Hamachi\hamachi-2.exe
O23 - Service: Updater Service (IBUpdaterService) - Unknown owner - C:\ProgramData\IBUpdaterService\ibsvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: QipGuard - QIP.ru - C:\Program Files (x86)\QipGuard\QipGuard.exe
O23 - Service: RelevantKnowledge - TMRG, Inc. - C:\Program Files (x86)\RelevantKnowledge\rlservice.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Samsung UPD Service2 - Unknown owner - C:\Windows\System32\SUPDSvc2.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files (x86)\Tunngle\TnglCtrl.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater15.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 16211 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
atieclxx
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Windows\system32\rundll32.exe" "c:\progra~3\assist~1\AssistantSvc.dll",service
"C:\Windows\system32\rundll32.exe" "c:\progra~3\assist~1\AssistantSvc.dll",service
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe
"C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service
"C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe"
"C:\ProgramData\IBUpdaterService\ibsvc.exe" /SERVICE
C:\Windows\SysWOW64\PnkBstrA.exe
"C:\Program Files (x86)\QipGuard\QipGuard.exe"
"C:\Program Files (x86)\RelevantKnowledge\rlservice.exe" /service
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe"
D:\Programy\Hamachi\hamachi-2.exe -s
taskeng.exe {E5799821-ABEF-45F2-BC95-32086A48C426}
D:\Programy\Hamachi\LMIGuardianSvc /escort 2024 /CUSTOM Hamachi
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"taskhost.exe"
"C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe" /PROTECT
C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe /schedule /profile "c:\programdata\bettersoft\optimizerpro\3036567561.ini"
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
C:\Windows\system32\sppsvc.exe
"C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe"
"C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe"
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe" -boot
"C:\Windows\WindowsMobile\wmdc.exe"
"C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
"C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
"C:\Program Files (x86)\WakeWorker\WakeWorker.exe" -h
"C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe"
"C:\Users\Barzul\AppData\Local\FilesFrog Update Checker\update_checker.exe" /auto
"C:\Program Files (x86)\Samsung\Kies\Kies.exe" /preload
HydraDM64.exe -h:65996 "Maximalizovat na celou plochu" "Maximalizovat k rohům okna" "Obnovit pracovní plochu"
szndesktop.exe default start
"C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
"C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
"C:\Program Files (x86)\AVG Secure Search\vprot.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe"
"C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe"
"C:\Users\Barzul\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe"
"C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe"
"D:\Programy\Hamachi\hamachi-2-ui.exe" --auto-start
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow
\??\C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\inf\msbkiiku\msbkiiku.exe -o stratum+tcp://mint.bitminter.com:3333 -u simmoun_fluffer -p fartbart
\??\C:\Windows\system32\conhost.exe
D:\Programy\Hamachi\LMIGuardianSvc /escort 3404 /CUSTOM Hamachi
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\PROGRA~2\RELEVA~1\rlvknlg64.exe" 3296
"C:\PROGRA~2\RELEVA~1\rlvknlg32.exe" 3296
"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe" --proxy-stub-channel=Flash4288.5B988BD8.32182 --host-broker-channel=Flash4288.5B988BD8.32441 --host-pid=4288 --host-npapi-version=27 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll"
"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe" --channel=196.0038F704.1535846328 --proxy-stub-channel=Flash4288.5B988BD8.32182 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll" --host-npapi-version=27 --type=renderer
"C:\Program Files (x86)\Opera\opera.exe"
"C:\Users\Barzul\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"taskhost.exe"
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\Users\Barzul\Desktop\RSITx64.exe"
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\schedule!3036567561.job - C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe /schedule /profile "c:\programdata\bettersoft\optimizerpro\3036567561.ini"
=========Mozilla firefox=========
ProfilePath - C:\Users\Barzul\AppData\Roaming\Mozilla\Firefox\Profiles\nwue31ta.default
prefs.js - "browser.startup.homepage" - "http://search.gboxapp.com/"
prefs.js - "keyword.URL" - "http://search.qip.ru/search?from=FF&query="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 15.0.0.152 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@esn.me/esnsonar,version=0.70.4]
"Description"=ESN Sonar browser plugin
"Path"=C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=1.138.0]
"Description"=
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=2.1.4]
"Description"=
"Path"=C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=2.3.0]
"Description"=
"Path"=C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@garmin.com/GpsControl]
"Description"=Garmin GPS Control for Firefox
"Path"=C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 15.0.0.152 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.45.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
C:\Program Files (x86)\Mozilla Firefox\extensions\
{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}
C:\Users\Barzul\AppData\Roaming\Mozilla\Firefox\Profiles\nwue31ta.default\extensions\
5101108e618d3@5101108e6190c.com
510110aab1ca0@510110aab1ce7.com
8mrpwvb@gmjgrb.edu
bibqKNV@n.com
iuuaoamj@ieaaeuaa.org
O4y46@w9V.edu
oOHdupOR@asH.net
P@vRQm.org
selZr9@A.edu
{ea614400-e918-4741-9a97-7a972ff7c30b}
C:\Users\Barzul\AppData\Roaming\Mozilla\Firefox\Profiles\nwue31ta.default\searchplugins\
babylon.xml
qip-search.xml
WebSearch.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{063099b3-839f-40f9-84cd-59ccc8435d52}]
EnjoyCouupon - C:\ProgramData\EnjoyCouupon\XEauvlyIWUu8uz.x64.dll [2014-09-17 698880]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0ef263be-ec1f-4007-86a1-8a60e2775c58}]
NewuSaavear - C:\ProgramData\NewuSaavear\fP2Qd4gDzRxSp7.x64.dll [2014-09-18 696832]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{48fe832b-80dc-4904-8c1d-8e20a983ee45}]
BeistSaveForYYOu - C:\ProgramData\BeistSaveForYYOu\lz8umSXA37dUlM.x64.dll [2014-09-18 696832]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-24 553384]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA943030-EB9C-FB3F-EC5F-636301E78C03}]
CooupEXttennsiono - C:\ProgramData\CooupEXttennsiono\s0.x64.dll [2014-03-24 474112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14 2117216]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d3f7de44-9ee5-45d8-b96f-bbb3703caaed}]
NewSAAver - C:\ProgramData\NewSAAver\ssnjsL44iCncq6.x64.dll [2014-09-19 703488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-24 210856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e9fbab32-7718-44f1-b5d1-9885896df141}]
FiindBestDEal - C:\ProgramData\FiindBestDEal\kIWotiqaQV6h6i.x64.dll [2014-09-18 696832]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
Octh Class - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll [2013-09-11 241448]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{063099b3-839f-40f9-84cd-59ccc8435d52}]
EnjoyCouupon - C:\ProgramData\EnjoyCouupon\XEauvlyIWUu8uz.dll [2014-09-17 618496]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0ef263be-ec1f-4007-86a1-8a60e2775c58}]
NewuSaavear - C:\ProgramData\NewuSaavear\fP2Qd4gDzRxSp7.dll [2014-09-18 616960]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011461137}]
Deals Plugin - C:\Program Files (x86)\Deals Plugin\Deals Plugin.dll [2012-12-12 617344]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3C66EFA0-BE27-D4E6-9998-6B18EBF8AF05}]
Bcool - C:\ProgramData\Bcool\5101108e61a63.dll [2013-01-24 120832]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{48fe832b-80dc-4904-8c1d-8e20a983ee45}]
BeistSaveForYYOu - C:\ProgramData\BeistSaveForYYOu\lz8umSXA37dUlM.dll [2014-09-18 617984]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6B5863A0-C43F-4C0A-982B-CC0E9125783F}]
QipLI Class - C:\Users\Barzul\AppData\Roaming\Microsoft\Internet Explorer\qstatsrv.dll [2012-11-26 50800]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{923BF462-5E19-AE09-D433-375F9C565A25}]
BrowSoe2asaaveey - C:\ProgramData\BrowSoe2asaaveey\516287f4bb57b.dll [2013-04-08 118272]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{944FEDFD-C4FD-441D-8275-9C651A9FFBDE}]
Smiley Bar for Facebook - C:\Program Files (x86)\Smiley Bar for Facebook\ScriptHost.dll [2012-11-04 358400]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class - C:\Users\Barzul\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll [2011-10-19 142288]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
AVG Security Toolbar - C:\Program Files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll [2013-05-21 1991344]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA943030-EB9C-FB3F-EC5F-636301E78C03}]
CooupEXttennsiono - C:\ProgramData\CooupEXttennsiono\s0.dll [2014-03-24 425472]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14 1709152]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bb184e6d-26d1-461a-9226-b93ca8da2af9}]
SpecialSavings.Addon - C:\Windows\system32\mscoree.dll [2010-11-21 444752]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d3f7de44-9ee5-45d8-b96f-bbb3703caaed}]
NewSAAver - C:\ProgramData\NewSAAver\ssnjsL44iCncq6.dll [2014-09-19 624640]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e9fbab32-7718-44f1-b5d1-9885896df141}]
FiindBestDEal - C:\ProgramData\FiindBestDEal\kIWotiqaQV6h6i.dll [2014-09-18 617984]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EBA3AC07-1D30-9C2D-30A8-60EA5CBEFEE1}]
Search-NewTab - C:\ProgramData\Search-NewTab\510110aab1e41.dll [2013-01-24 120832]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetPacks Browser Helper - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2012-07-04 1310040]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{95B7759C-8C7F-4BF1-B163-73684A933233} - AVG Security Toolbar - C:\Program Files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll [2013-05-21 1991344]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetPacks Toolbar for Internet Explorer - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2012-07-04 1310040]
{C55BBCD6-41AD-48AD-9953-3609C48EACC7} - Grab Pro - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll [2013-09-11 696000]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04 446392]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 660360]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EADM"=C:\Program Files (x86)\Origin\Origin.exe [2013-06-04 3456080]
"Xvid"=C:\Program Files (x86)\Xvid\CheckUpdate.exe [2011-01-17 8192]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2012-08-28 3671904]
"ISUSPM Startup"=C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup []
"AdobeBridge"= []
"HydraVisionDesktopManager"=C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [2010-09-30 393216]
"WakeWorker"=C:\Program Files (x86)\WakeWorker\WakeWorker.exe [2012-11-27 689152]
"GarminExpressTrayApp"=C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [2013-03-27 1098072]
"winupdater"=C:\Windupdt\winupdate.exe [2013-07-22 707072]
"cz.seznam.software.autoupdate"=C:\Users\Barzul\AppData\Roaming\Seznam.cz\szninstall.exe [2013-05-16 1062472]
"cz.seznam.software.szndesktop"=C:\Users\Barzul\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [2013-04-12 92664]
"SDP"=C:\Users\Barzul\AppData\Local\FilesFrog Update Checker\update_checker.exe [2013-01-31 201808]
"KiesPreload"=C:\Program Files (x86)\Samsung\Kies\Kies.exe [2013-12-11 1564528]
"KiesAirMessage"=C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup []
"Infium"=C:\Program Files (x86)\QIP 2012\qip.exe [2012-11-26 8376944]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Infium]
C:\Program Files (x86)\QIP 2012\qip.exe [2012-11-26 8376944]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QIP Internet Guardian]
C:\Users\Barzul\AppData\Roaming\QipGuard\QipGuard.exe [2012-11-26 417904]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"=C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2011-03-07 89456]
"ISUSScheduler"=C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [2004-06-16 81920]
"CorelDRAW Graphics Suite 11b"=C:\Program Files (x86)\Corel\Corel Graphics 12\Languages\CZ\Programs\Registration.exe /title=CorelDRAW Graphics Suite 12 /date=112012 serial=DR12CCC-3287012-UQD lang=CZ []
"vProt"=C:\Program Files (x86)\AVG Secure Search\vprot.exe [2013-05-21 1226928]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03 946352]
"SweetIM"=C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [2012-10-04 115032]
"Sweetpacks Communicator"=C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe [2012-08-15 231768]
"AdobeCS6ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [2012-03-09 1073312]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-12-19 642808]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"seznam-listicka-distribuce"=C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]
"mskwbkSrv"=C:\Windows\inf\mskwbk.vbe [2013-08-27 1558]
"KiesTrayAgent"=C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [2013-12-11 311152]
"LogMeIn Hamachi Ui"=D:\Programy\Hamachi\hamachi-2-ui.exe [2014-09-04 3802448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll c:\progra~3\assist~1\assist~2.dll"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe"="C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit"
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe"="C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.XVID"=xvidvfw.dll
"VIDC.FPS1"=frapsv64.dll
"VIDC.RTV1"=rtvcvfw64.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"vidc.mjpg"=bdmjpeg64.dll
"vidc.mpeg"=bdmpegv64.dll
"msacm.bdmpeg"=bdmpega64.acm
"MSVideo8"=VfWWDM32.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2014-09-22 08:22:21 ----D---- C:\rsit
2014-09-22 08:22:21 ----D---- C:\Program Files\trend micro
2014-09-19 08:36:13 ----D---- C:\ProgramData\AdPunisher
2014-09-19 08:16:17 ----D---- C:\ProgramData\NewSAAver
2014-09-18 21:38:28 ----D---- C:\ProgramData\NewuSaavear
2014-09-18 13:19:17 ----D---- C:\ProgramData\BeistSaveForYYOu
2014-09-18 13:17:54 ----D---- C:\ProgramData\FiindBestDEal
2014-09-17 12:28:21 ----D---- C:\ProgramData\EnjoyCouupon
======List of files/folders modified in the last 1 month======
2014-09-22 08:27:22 ----D---- C:\Windows\Temp
2014-09-22 08:22:21 ----RD---- C:\Program Files
2014-09-22 07:28:34 ----D---- C:\Users\Barzul\AppData\Roaming\Seznam.cz
2014-09-22 07:26:09 ----D---- C:\Program Files (x86)\Opera
2014-09-22 07:20:55 ----D---- C:\Windows\system32\Tasks
2014-09-22 01:15:24 ----D---- C:\Users\Barzul\AppData\Roaming\Skype
2014-09-21 19:52:29 ----D---- C:\Windows\system32\drivers
2014-09-20 01:57:29 ----D---- C:\Program Files (x86)\Mozilla Firefox
2014-09-20 01:56:17 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-19 12:53:24 ----D---- C:\Program Files (x86)\RelevantKnowledge
2014-09-19 12:24:46 ----RD---- C:\Program Files (x86)
2014-09-19 08:36:13 ----HD---- C:\ProgramData
2014-09-19 08:17:17 ----D---- C:\ProgramData\dc7411fa979e07e2
2014-09-18 04:45:53 ----SHD---- C:\Windows\Installer
2014-09-17 13:31:29 ----D---- C:\Windows\SysWOW64
2014-09-17 13:31:27 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-09-17 12:28:26 ----D---- C:\Windows\Prefetch
2014-09-17 12:12:16 ----RD---- C:\Program Files (x86)\Skype
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2009-05-04 16440]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 avgtp;avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [2013-05-21 45856]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-11-05 283200]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2010-12-17 40816]
R2 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2013-03-01 36600]
R3 amdiox64;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-12-19 11278336]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-12-19 552960]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2012-11-06 96256]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
R3 RTL8167;Ovladač Realtek 8167 NT; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle); C:\Windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2009-04-03 34872]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2011-01-15 36352]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2012-09-14 20544]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RTCore64;RTCore64; \??\D:\Programy\MSI afterburner\RTCore64.sys [2012-11-19 13368]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 19968]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 699fd52f;Assistant; C:\Windows\syswow64\rundll32.exe [2009-07-14 44544]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-12-18 65192]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-12-19 240640]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984]
R2 BitGuard;BitGuard; C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [2013-11-18 3780064]
R2 c2cautoupdatesvc;Skype Click to Call Updater; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-07-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-07-14 1767520]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 Garmin Core Update Service;Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-03-27 185688]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; D:\Programy\Hamachi\hamachi-2.exe [2014-09-04 2525008]
R2 IBUpdaterService;Updater Service; C:\ProgramData\IBUpdaterService\ibsvc.exe [2013-01-23 621976]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2012-09-14 76888]
R2 QipGuard;QipGuard; C:\Program Files (x86)\QipGuard\QipGuard.exe [2012-11-26 417904]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 RelevantKnowledge;RelevantKnowledge; C:\Program Files (x86)\RelevantKnowledge\rlservice.exe [2013-08-17 186136]
R2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [2013-05-21 1015984]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-16 136176]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-17 267440]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-16 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-09-19 114288]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files (x86)\WinPcap\rpcapd.exe [2013-03-01 118520]
S3 Samsung UPD Service2;Samsung UPD Service2; C:\Windows\System32\SUPDSvc2.exe [2012-04-06 158208]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 TunngleService;TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2013-11-06 758224]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
-----------------EOF-----------------
