VIRY.CZ

Zdravím Vás, potreboval by som poradiť. Mám podozrenie na keylogger alebo iný malware v mojom PC tak ak by ste sa nato mohli kuknúť

Logfile of random's system information tool 1.10 (written by random/random)
Run by Jon at 2015-01-03 15:21:53
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 713 MB (2%) free of 39 GB
Total RAM: 4094 MB (40% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:22:10, on 3. 1. 2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17496)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NTI\NTI Digital Flix 2.5.0.5\MediaDetector.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Users\Jon\AppData\Roaming\SkypEmoticons\se-i.exe
C:\Program Files (x86)\AVG\AVG2012\avgui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Jon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.searchfix.info/?unqvl= ... 2015/01/03
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.searchfix.info/?unqvl= ... 2015/01/03
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [BlazeServoTool] "C:\Program Files (x86)\NTI\NTI Digital Flix 2.5.0.5\MediaDetector.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [{ceca424e-2d49-4406-b1ff-b570a1a2933a}] "E:\extra\MinerWars_01_078_019_Setup.exe" /cmdloc "HKCU\Software\Keen Software House AiTemp\{ceca424e-2d49-4406-b1ff-b570a1a2933a}"
O4 - HKCU\..\Run: [Steam] "F:\Adele - 21 (2011)\Steam.exe" -silent
O4 - HKCU\..\Run: [LightShot] C:\Users\Jon\AppData\Local\Skillbrains\lightshot\Lightshot.exe Flags: uninsdeletevalue
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [SE] C:\Users\user\AppData\Roaming\SkypEmoticons\SE.exe /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: TP-LINK Wireless Configuration Utility.lnk = C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~2\Office12\GRA32A~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater18.1.9 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11548 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /boot
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe /pipeName=5779e40b-f6e6-4c32-a5d8-361d02bb6244 /coreSdkOptions=286 /logConfFile="C:\ProgramData\AVG2012\temp\b25db73b-db0d-455d-a989-34269f31431e-164-oopp.tmp" /loggerName=AVG.RS.Core /binaryPath="C:\Program Files (x86)\AVG\AVG2012\" /registryPath="SYSTEM\CurrentControlSet\Services\Avg\Avg2012" /tempPath="C:\ProgramData\AVG2012\temp\"
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\AVG\AVG2012\avgfws.exe"
"C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe"
"C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE"
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service
"C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
"C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe"
"C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe"
"C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe" 72648 "C:\ProgramData\AVG Secure Search\Logger\logger.properties"
\??\C:\Windows\system32\conhost.exe "1427786436-15284276425427465631154970697-841050183-1365588855-745848270293761542
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe"
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe /pipeName=7eb67f2d-92a6-4d7e-8e72-5e198280a031 /coreSdkOptions=18 /logConfFile="C:\ProgramData\AVG2012\temp\9c75cf66-a028-466d-9621-3940b39d5c62-bf0-oopp.tmp" /loggerName=AVG.NS.Core /binaryPath="C:\Program Files (x86)\AVG\AVG2012\" /registryPath="SYSTEM\CurrentControlSet\Services\Avg\Avg2012" /tempPath="C:\ProgramData\AVG2012\temp\"
C:\Windows\system32\sppsvc.exe
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\NTI\NTI Digital Flix 2.5.0.5\MediaDetector.exe"
"C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" -hidden
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
"C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
"C:\Program Files (x86)\AVG Secure Search\vprot.exe"
"C:\Windows\system32\wuauclt.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe"
C:\Windows\system32\svchost.exe -k imgsvc

"C:\Users\Jon\AppData\Roaming\SkypEmoticons\se-i.exe" --install --silent
"C:\Program Files (x86)\AVG\AVG2012\avgui.exe"
/SCANCFG:1 /SCANTYPE:2
\??\C:\Windows\system32\conhost.exe "308069210-483153811486842810-10184594972502226641244141580-1818302746-1126098993
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe /pipeName=efd31747-7cc2-4f35-8ce0-ff456fe7021f /coreSdkOptions=0 /binaryPath="C:\Program Files (x86)\AVG\AVG2012\" /registryPath="SYSTEM\CurrentControlSet\Services\Avg\Avg2012" /dataPath="C:\ProgramData\AVG2012\"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="4820.0.592612277\1586748158" --disable-d3d11 --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,6,17,38 --gpu-vendor-id=0x1002 --gpu-device-id=0x6739 --gpu-driver-vendor="ATI Technologies Inc." --gpu-driver-version=8.782.0.0 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=sk --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group1 dev:pp5 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionContentVerification/ControlEnforce/ExtensionInstallVerification/None/NewProfileManagement/NewAvatarMenu/PasswordGeneration/Disabled/Prerender/PrerenderMulti/RememberCertificateErrorDecisions/Default/SRTPromptFieldTrial/On/SafeBrowsingIncidentReportingService/Default/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/group_01/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_08/UMA-Uniformity-Trial-1-Percent/group_09/UMA-Uniformity-Trial-10-Percent/group_07/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_08/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/WebRTC-IPv6Default/Enabled/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="4820.2.1834120784\511077995" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=sk --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group1 dev:pp5 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionContentVerification/ControlEnforce/ExtensionInstallVerification/None/NewProfileManagement/NewAvatarMenu/PasswordGeneration/Disabled/Prerender/PrerenderMulti/PrerenderFromOmnibox/OmniboxPrerenderEnabled/RememberCertificateErrorDecisions/Default/SRTPromptFieldTrial/On/SafeBrowsingIncidentReportingService/Default/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/group_01/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_08/UMA-Uniformity-Trial-1-Percent/group_09/UMA-Uniformity-Trial-10-Percent/group_07/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_08/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/WebRTC-IPv6Default/Enabled/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="4820.7.1883923390\701005802" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="4820.11.818817190\777623261" --ppapi-flash-args=enable_hw_video_decode=1 --lang=sk --ignored=" --type=renderer " /prefetch:-632637702
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=sk --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group1 dev:pp5 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionContentVerification/ControlEnforce/ExtensionInstallVerification/None/NewProfileManagement/NewAvatarMenu/PasswordGeneration/Disabled/Prerender/PrerenderMulti/PrerenderFromOmnibox/OmniboxPrerenderEnabled/RememberCertificateErrorDecisions/Default/SRTPromptFieldTrial/On/SafeBrowsingIncidentReportingService/Default/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/group_01/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_08/UMA-Uniformity-Trial-1-Percent/group_09/UMA-Uniformity-Trial-10-Percent/group_07/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_08/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/WebRTC-IPv6Default/Enabled/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="4820.14.1961526849\1116744064" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=sk --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group1 dev:pp5 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionContentVerification/ControlEnforce/ExtensionInstallVerification/None/NewProfileManagement/NewAvatarMenu/PasswordGeneration/Disabled/Prerender/PrerenderMulti/PrerenderFromOmnibox/OmniboxPrerenderEnabled/RememberCertificateErrorDecisions/Default/SRTPromptFieldTrial/On/SafeBrowsingIncidentReportingService/Default/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/group_01/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_08/UMA-Uniformity-Trial-1-Percent/group_09/UMA-Uniformity-Trial-10-Percent/group_07/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_08/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/WebRTC-IPv6Default/Enabled/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="4820.17.1445732985\552024464" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=sk --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group1 dev:pp5 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionContentVerification/ControlEnforce/ExtensionInstallVerification/None/NewProfileManagement/NewAvatarMenu/PasswordGeneration/Disabled/Prerender/PrerenderMulti/PrerenderFromOmnibox/OmniboxPrerenderEnabled/RememberCertificateErrorDecisions/Default/SRTPromptFieldTrial/On/SafeBrowsingIncidentReportingService/Default/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/group_01/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_08/UMA-Uniformity-Trial-1-Percent/group_09/UMA-Uniformity-Trial-10-Percent/group_07/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_08/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/WebRTC-IPv6Default/Enabled/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="4820.19.141531415\1195018054" /prefetch:673131151
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe14_ Global\UsGthrCtrlFltPipeMssGthrPipe14 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
"F:\AIRFARE - Youngblood (CZ 2011)\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job - C:\Windows\TEMP\{B24E2E81-A3CF-4E51-B85A-5CB28E14E126}.exe --uninstall=1
C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job - C:\Windows\TEMP\{66EDE0BB-17EF-4902-AAC7-B14B11F7FF50}.exe --uninstall=1
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\ROC_JAN2013_TB_rmv.job - C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe --uninstall=1
C:\Windows\tasks\update-S-1-5-21-1307865180-2603659505-664786951-1001.job - C:\Program Files (x86)\Skillbrains\Updater\Updater.exe -runmode=checkupdate
C:\Windows\tasks\update-sys.job - C:\Program Files (x86)\Skillbrains\Updater\Updater.exe -runmode=checkupdate

=========Mozilla firefox=========

ProfilePath - C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\882nld3v.default

prefs.js - "browser.search.useDBForOrder" - "false"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 15.0.0.246 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 15.0.0.246 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
atlas-sk.xml
avg-secure-search.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\882nld3v.default\extensions\
battlefieldplay4free@ea.com
IY@mGg7o.edu

C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\882nld3v.default\searchplugins\
buenosearch.xml
WebSearch.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30cb740c-a705-4412-8508-10c597fa7fe4}]
uniesaLes - C:\Program Files (x86)\uniesaLes\TNBDGaqEC9WrPN.x64.dll [2015-01-03 706560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}]
AVG Do Not Track - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll [2012-10-15 1393272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll [2012-10-15 1968248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14 2117216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}]
AVG Do Not Track - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll [2012-10-15 938104]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll [2012-10-15 1417336]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
AVG Security Toolbar - C:\Program Files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll [2014-08-25 3627032]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14 1709152]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar Helper - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-07-07 1152776]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-07-07 1152776]
{95B7759C-8C7F-4BF1-B163-73684A933233} - AVG Security Toolbar - C:\Program Files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll [2014-08-25 3627032]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BlazeServoTool"=C:\Program Files (x86)\NTI\NTI Digital Flix 2.5.0.5\MediaDetector.exe [2007-11-30 282624]
"LightScribe Control Panel"=C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2010-06-16 2736128]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2012-01-24 3478336]
"{ceca424e-2d49-4406-b1ff-b570a1a2933a}"=E:\extra\MinerWars_01_078_019_Setup.exe /cmdloc HKCU\Software\Keen Software House AiTemp\{ceca424e-2d49-4406-b1ff-b570a1a2933a} []
"Steam"=F:\Adele - 21 (2011)\Steam.exe [2014-08-13 1937600]
"LightShot"=C:\Users\Jon\AppData\Local\Skillbrains\lightshot\Lightshot.exe Flags: uninsdeletevalue []
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-07-24 21650016]
"SE"=C:\Users\user\AppData\Roaming\SkypEmoticons\SE.exe /minimized []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"AVG_TRAY"=C:\Program Files (x86)\AVG\AVG2012\avgtray.exe [2012-11-19 2598520]
"vProt"=C:\Program Files (x86)\AVG Secure Search\vprot.exe [2014-08-25 2640408]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS5ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
TP-LINK Wireless Configuration Utility.lnk - C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2015-01-03 15:21:55 ----D---- C:\Program Files\trend micro
2015-01-03 15:21:53 ----D---- C:\rsit
2015-01-03 14:56:37 ----D---- C:\Users\Jon\AppData\Roaming\SkypEmoticons
2015-01-03 14:53:43 ----D---- C:\Program Files (x86)\uniesaLes
2015-01-03 14:53:15 ----D---- C:\ProgramData\8128916696462073868
2015-01-03 14:53:15 ----D---- C:\Program Files (x86)\Unisales
2015-01-03 14:52:30 ----D---- C:\ProgramData\ehdjmmclmiaofeiecfenjfcoijnaiolk
2014-12-23 12:12:04 ----D---- C:\Users\Jon\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2014-12-23 12:12:04 ----D---- C:\Users\Jon\AppData\Roaming\Adobe Mini Bridge CS5
2014-12-23 12:05:56 ----D---- C:\ProgramData\regid.1986-12.com.adobe
2014-12-23 12:04:09 ----D---- C:\Program Files\Common Files\Adobe
2014-12-23 12:02:53 ----D---- C:\Program Files (x86)\Adobe Media Player
2014-12-23 11:58:51 ----D---- C:\ProgramData\Adobe
2014-12-18 17:18:59 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2014-12-18 17:18:59 ----A---- C:\Windows\system32\ieUnatt.exe
2014-12-10 17:50:02 ----A---- C:\Windows\system32\WindowsCodecs.dll
2014-12-10 17:50:01 ----A---- C:\Windows\SYSWOW64\WindowsCodecs.dll
2014-12-10 17:49:51 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2014-12-10 17:49:51 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2014-12-10 17:49:51 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2014-12-10 17:49:51 ----A---- C:\Windows\system32\iernonce.dll
2014-12-10 17:49:51 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-12-10 17:49:51 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-12-10 17:49:51 ----A---- C:\Windows\system32\ie4uinit.exe
2014-12-10 17:49:50 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2014-12-10 17:49:50 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-12-10 17:49:50 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2014-12-10 17:49:50 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2014-12-10 17:49:50 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2014-12-10 17:49:50 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2014-12-10 17:49:50 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 17:49:48 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2014-12-10 17:49:48 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2014-12-10 17:49:47 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2014-12-10 17:49:47 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2014-12-10 17:49:47 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2014-12-10 17:49:47 ----A---- C:\Windows\system32\urlmon.dll
2014-12-10 17:49:47 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 17:49:47 ----A---- C:\Windows\system32\iedkcs32.dll
2014-12-10 17:49:46 ----A---- C:\Windows\SYSWOW64\ieui.dll
2014-12-10 17:49:46 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2014-12-10 17:49:46 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 17:49:46 ----A---- C:\Windows\system32\dxtrans.dll
2014-12-10 17:49:45 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2014-12-10 17:49:45 ----A---- C:\Windows\system32\msfeeds.dll
2014-12-10 17:49:44 ----A---- C:\Windows\system32\iesetup.dll
2014-12-10 17:49:44 ----A---- C:\Windows\system32\ieapfltr.dll
2014-12-10 17:49:42 ----A---- C:\Windows\system32\iertutil.dll
2014-12-10 17:49:41 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2014-12-10 17:49:41 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2014-12-10 17:49:41 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2014-12-10 17:49:40 ----A---- C:\Windows\SYSWOW64\wininet.dll
2014-12-10 17:49:40 ----A---- C:\Windows\SYSWOW64\msrating.dll
2014-12-10 17:49:40 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2014-12-10 17:49:40 ----A---- C:\Windows\system32\jsproxy.dll
2014-12-10 17:49:39 ----A---- C:\Windows\system32\ieui.dll
2014-12-10 17:49:39 ----A---- C:\Windows\system32\ieframe.dll
2014-12-10 17:49:39 ----A---- C:\Windows\system32\dxtmsft.dll
2014-12-10 17:49:38 ----A---- C:\Windows\system32\vbscript.dll
2014-12-10 17:49:38 ----A---- C:\Windows\system32\mshtmlmedia.dll
2014-12-10 17:49:38 ----A---- C:\Windows\system32\mshtmled.dll
2014-12-10 17:49:38 ----A---- C:\Windows\system32\jscript9diag.dll
2014-12-10 17:49:38 ----A---- C:\Windows\system32\jscript9.dll
2014-12-10 17:49:37 ----A---- C:\Windows\system32\wininet.dll
2014-12-10 17:49:37 ----A---- C:\Windows\system32\msrating.dll
2014-12-10 17:49:37 ----A---- C:\Windows\system32\MshtmlDac.dll
2014-12-10 17:49:35 ----A---- C:\Windows\system32\mshtml.dll
2014-12-09 20:38:34 ----A---- C:\Windows\SYSWOW64\FlashPlayerInstaller.exe

======List of files/folders modified in the last 1 month======

2015-01-03 15:22:08 ----D---- C:\Windows\Temp
2015-01-03 15:21:55 ----RD---- C:\Program Files
2015-01-03 15:01:22 ----RD---- C:\Program Files (x86)
2015-01-03 15:01:10 ----D---- C:\Users\Jon\AppData\Roaming\Skype
2015-01-03 15:00:51 ----D---- C:\Windows\system32\Tasks
2015-01-03 15:00:27 ----D---- C:\Windows\SysWOW64
2015-01-03 14:53:15 ----HD---- C:\ProgramData
2015-01-03 14:49:14 ----D---- C:\Windows\Prefetch
2015-01-03 14:07:20 ----RSD---- C:\Windows\Fonts
2015-01-03 12:56:52 ----D---- C:\Windows\system32\config
2015-01-03 12:44:26 ----D---- C:\Windows\system32\drivers\AVG
2015-01-03 12:44:22 ----SHD---- C:\System Volume Information
2014-12-31 13:17:27 ----D---- C:\Users\Jon\AppData\Roaming\Adobe
2014-12-23 12:12:25 ----D---- C:\Windows\winsxs
2014-12-23 12:04:09 ----D---- C:\Program Files\Common Files
2014-12-23 12:03:50 ----SHD---- C:\Windows\Installer
2014-12-23 12:00:23 ----D---- C:\Program Files (x86)\Common Files
2014-12-21 16:21:07 ----D---- C:\Program Files (x86)\Battle.net
2014-12-20 22:13:57 ----D---- C:\Windows\system32\catroot2
2014-12-18 21:48:22 ----D---- C:\Windows\System32
2014-12-18 17:16:22 ----D---- C:\Windows\system32\catroot
2014-12-11 18:19:01 ----D---- C:\Program Files\Internet Explorer
2014-12-11 18:19:00 ----D---- C:\Windows\SYSWOW64\sk-SK
2014-12-11 18:19:00 ----D---- C:\Windows\SYSWOW64\en-US
2014-12-11 18:18:57 ----D---- C:\Windows\system32\sk-SK
2014-12-11 18:18:57 ----D---- C:\Windows\system32\en-US
2014-12-11 18:18:57 ----D---- C:\Windows\PolicyDefinitions
2014-12-11 18:18:53 ----D---- C:\Program Files (x86)\Internet Explorer
2014-12-09 20:38:42 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSHA;AVGIDSHA; C:\Windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
R0 Avgrkx64;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 Avgfwfd;AVG network filter service; C:\Windows\system32\DRIVERS\avgfwd6a.sys [2011-05-23 48992]
R1 Avgldx64;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx64.sys [2012-11-08 307040]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
R1 Avgtdia;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdia.sys [2014-11-04 384800]
R1 avgtp;avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [2014-08-11 50976]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-02-15 283200]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-09-29 7883264]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-09-29 285696]
R3 athur;Wireless Network Adapter Service; C:\Windows\system32\DRIVERS\athurx.sys [2010-12-03 1918976]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2010-08-16 116240]
R3 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdrivera.sys [2012-12-10 127328]
R3 AVGIDSFilter;AVGIDSFilter; C:\Windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
R3 NTIDrvr;NTIDrvr; \??\C:\Windows\system32\drivers\NTIDrvr.sys [2010-04-20 18432]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 UBHelper;UBHelper; \??\C:\Windows\system32\drivers\UBHelper.sys [2010-07-09 17408]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-21 20992]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys [2010-11-21 34816]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-09-29 203264]
R2 avgfws;AVG Firewall; C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2014-11-04 2322000]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2013-10-16 5175856]
R2 avgwd;AVG WatchDog; C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
R2 BBUpdate;BBUpdate; C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
R2 c2cautoupdatesvc;Skype Click to Call Updater; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-07-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-07-14 1767520]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2010-06-16 73728]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2012-04-04 75136]
R2 vToolbarUpdater18.1.9;vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [2014-08-11 1820184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-05 107912]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09 267440]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 BBSvc;Bing Bar Update Service; C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-07 195336]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2012-01-30 655624]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-05 107912]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-11-22 114688]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2014-08-13 833728]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-01-30 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

Zdravim

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte na plochu.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text Kliknete na Prohledat
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).

A prave proto, ze jsou delsi, se v navodu pise, ze se maji rozdelit do vice prispevku

Jak je to s legalitou systemu? Ultimate neni zrovna bezna domaci verze

Udelejte kontrolu s MBAM. Test nastavte podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=29&t=137928 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

tuto je log


Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3. 1. 2015
Scan Time: 18:57:20
Logfile: log.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.03.07
Rootkit Database: v2014.12.30.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Jon

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 644463
Time Elapsed: 3 hr, 4 min, 51 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 14
PUP.Optional.Babylon.A, HKU\S-1-5-21-1307865180-2603659505-664786951-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, , [c93ac52ebecb3006f87c657ac43e956b],
PUP.Optional.BuenoSearch.A, HKU\S-1-5-21-1307865180-2603659505-664786951-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{828DC97A-2277-4E10-92A9-4907FA0922A9}, , [31d2ca292c5d092d861416053fc45ca4],
PUP.Optional.BuenoSearch.A, HKU\S-1-5-21-1307865180-2603659505-664786951-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{828DC97A-2277-4E10-92A9-4907FA0922A9}, , [31d2ca292c5d092d861416053fc45ca4],
PUP.Optional.BuenoSearch.A, HKU\S-1-5-21-1307865180-2603659505-664786951-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{F1C81E40-2485-4DB6-8C9D-04BD596B281E}, , [7192a251a6e39d99009993887192738d],
PUP.Optional.BuenoSearch.A, HKU\S-1-5-21-1307865180-2603659505-664786951-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{F1C81E40-2485-4DB6-8C9D-04BD596B281E}, , [7192a251a6e39d99009993887192738d],
PUP.Optional.Conduit, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}, , [b053747ff099b1857671220d21df1ee2],
Trojan.Agent, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4CEE92A3-9F0C-51AB-ADC0-34EC24AD7B7E}, , [ad5608ebfd8ca195f91fca35c53c04fc],
PUP.Optional.FastSearchings, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, , [c83b3eb5addc53e33bfd607eab593fc1],
PUP.Optional.PriceGong.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, , [34cfb83b771274c2dcf8cd9cba4920e0],
PUP.Optional.Softonic.A, HKU\S-1-5-21-1307865180-2603659505-664786951-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Softonic, , [838091620683d75fa67388de966d52ae],
PUP.Optional.PriceGong.A, HKU\S-1-5-21-1307865180-2603659505-664786951-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, , [d82b797a0e7b4aec6a6ab0b9e41f45bb],
PUP.Optional.Conduit.A, HKU\S-1-5-21-1307865180-2603659505-664786951-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CONDUIT\FF, , [ce3561928bfe71c5f43ce7dbc63e26da],
PUP.Optional.ValueApps.A, HKU\S-1-5-21-1307865180-2603659505-664786951-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CONDUIT\ValueApps, , [fa095f941e6b71c51b02e0c726dd0ff1],
PUP.Optional.WebSearchInfo, HKU\S-1-5-21-1307865180-2603659505-664786951-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, , [b54e965d2a5f3bfbfce0c604d430e31d],

Registry Values: 2
PUP.Optional.WebSearchInfo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, , [cb38d3208108f343e490d40c1fe52ad6]
PUP.Optional.WebSearchInfo, HKU\S-1-5-21-1307865180-2603659505-664786951-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, , [7d86c92a2e5bcf678d508446c440e21e]

Registry Data: 2
PUP.Optional.SearchFix.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://websearch.searchfix.info/?unqvl= ... 2015/01/03, Good: (www.google.com), Bad: (http://websearch.searchfix.info/?unqvl= ... 2015/01/03),,[ef1449aaa9e0e3535ad94d2efb0af40c]
PUP.Optional.SearchFix.A, HKU\S-1-5-21-1307865180-2603659505-664786951-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://websearch.searchfix.info/?unqvl= ... 2015/01/03, Good: (www.google.com), Bad: (http://websearch.searchfix.info/?unqvl= ... 2015/01/03),,[63a0ca294a3f3bfb23117704d92cbc44]

Folders: 4
PUP.Optional.PriceGong.A, C:\Users\Jon\AppData\LocalLow\PriceGong, , [6c977281b7d260d6fd387eb2a55e05fb],
PUP.Optional.PriceGong.A, C:\Users\Jon\AppData\LocalLow\PriceGong\Data, , [6c977281b7d260d6fd387eb2a55e05fb],
PUP.Optional.ValueApps.A, C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\882nld3v.default\valueApps, , [897af003e0a9af873258989a897aba46],
PUP.Optional.ValueApps.A, C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\882nld3v.default\valueApps\CT2776682, , [897af003e0a9af873258989a897aba46],

Files: 72
PUP.Optional.Conduit, C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll, , [b053747ff099b1857671220d21df1ee2],
Trojan.Agent, C:\Program Files (x86)\uniesaLes\TNBDGaqEC9WrPN.exe, , [ad5608ebfd8ca195f91fca35c53c04fc],
Trojan.Agent, C:\Program Files (x86)\Unisales\Unisales.exe, , [d72cd122f099e452db3d0cf31be60df3],
PUP.Optional.BuenoSearch.A, C:\Users\Jon\AppData\Local\Temp\~nsu.tmp\Au_.exe, , [877c2ac9f891f5410ff5bfd923deb947],
PUP.Optional.EZDownloader.A, C:\Users\Jon\AppData\Local\Temp\BFf5\temp\EzDownloader_setup.exe, , [669da94a8cfd5adc4bab170801fff10f],
PUP.Optional.MultiPlug.A, C:\Users\Jon\AppData\Local\Temp\BFf5\temp\fs_sdhp.exe, , [da29d61d0881fc3a4bbb060e37cbcd33],
PUP.Optional.OpenCandy, F:\DTLite4452-0287.exe, , [7093866d642567cf9977119c49bc3ec2],
PUP.Optional.AZLyrics.A, C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage, , [768d51a2e5a451e5fec5570ff11238c8],
PUP.Optional.AZLyrics.A, C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal, , [df24d0235039e551d5ee3f2736cdfc04],
PUP.Optional.BuenoSearch.A, C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\882nld3v.default\searchplugins\buenosearch.xml, , [b15270837b0e53e341d1a2faf1126e92],
PUP.Optional.WebSearch.A, C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\882nld3v.default\searchplugins\WebSearch.xml, , [7c8701f23455c274a15b5a4229da17e9],
PUP.Optional.PriceGong.A, C:\Users\Jon\AppData\LocalLow\PriceGong\Data\mru.xml, , [6c977281b7d260d6fd387eb2a55e05fb],
PUP.Optional.ValueApps.A, C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\882nld3v.default\valueApps\CT2776682\mam_gk_appsConfig.txt, , [897af003e0a9af873258989a897aba46],
PUP.Optional.ValueApps.A, C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\882nld3v.default\valueApps\CT2776682\mam_gk_localization.txt, , [897af003e0a9af873258989a897aba46],
PUP.Optional.ValueApps.A, C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\882nld3v.default\valueApps\CT2776682\mam_gk_settings1.11.4.2.txt, , [897af003e0a9af873258989a897aba46],
PUP.Optional.ValueApps.A, C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\882nld3v.default\valueApps\CT2776682\mam_gk_settings1.11.5.1.txt, , [897af003e0a9af873258989a897aba46],
PUP.Optional.ValueApps.A, C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\882nld3v.default\valueApps\CT2776682\mam_gk_settings1.12.0.5.txt, , [897af003e0a9af873258989a897aba46],
PUP.Optional.ValueApps.A, C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\882nld3v.default\valueApps\CT2776682\mam_gk_settings1.13.0.17.txt, , [897af003e0a9af873258989a897aba46],
PUP.Optional.ValueApps.A, C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\882nld3v.default\valueApps\CT2776682\mam_gk_settings1.14.1.6.txt, , [897af003e0a9af873258989a897aba46],
PUP.Optional.ValueApps.A, C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\882nld3v.default\valueApps\CT2776682\url_history0001.txt, , [897af003e0a9af873258989a897aba46],
PUP.Optional.SearchFix.A, C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls" : [ "http://websearch.searchfix.info/?unqvl= ... 2015/01/03" ],), ,[867dc82bdfaab2845029cdf151b4ab55]
PUP.Optional.SearchFix.A, C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "homepage" : "http://websearch.searchfix.info/?unqvl= ... 2015/01/03",), ,[689ba3500c7d41f5a6d46f4f8085d22e]
PUP.Optional.Conduit.A, C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\882nld3v.default\prefs.js, Good: (), Bad: (user_pref("CT2776682.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.as ... ource=2&q=");), ,[1ce74ba8a1e8c670bc43a719e61ffc04]
PUP.Optional.Conduit.A, C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\882nld3v.default\prefs.js, Good: (), Bad: (user_pref("CT2776682.CT2776682.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"http://search.conduit.com/?ctid=CT27766 ... 1&UM=UM_ID\"}");), ,[08fb03f0ee9b3204e4298d34cd38f907]
PUP.Optional.BuenoSearch, C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\882nld3v.default\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.admin", false);), ,[18ebcd263455e1550e83ead7c3422fd1]
PUP.Optional.BuenoSearch, C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\882nld3v.default\prefs.js, Good: (), Bad: (ferences

/* Do not edit this file.
*
* If yo), ,[9d66b73ca8e1989ecfc2ba07db2a41bf]
PUP.Optional.BuenoSearch, C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\882nld3v.default\prefs.js, Good: (), Bad: (rences

/* Do not edit this file.
*
* If you make changes to this file while t), ,[54afc2312069b77f1879576a8085c739]
PUP.Optional.BuenoSearch, C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\882nld3v.default\prefs.js, Good: (), Bad: (e.
*
* If you make changes to this file while the ), ,[6f9420d37019f93d464bbb06c342dc24]
PUP.Optional.BuenoSearch, C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\882nld3v.default\prefs.js, Good: (), Bad: (ces

/* Do not edit this file.
*
* If you m), ,[8a791cd7aedb55e1751c6b56877e60a0]
PUP.Optional.BuenoSearch, C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\882nld3v.default\prefs.js, Good: (), Bad: (ferences

/* Do not edit this file.
*
* If), ,[f013bd364e3b1323d1c07e43e71e0ef2]
PUP.Optional.BuenoSearch, C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\882nld3v.default\prefs.js, Good: (), Bad: (eferences

/* Do not edit this file.
*
* If ), ,[52b1549f81081b1b9ef3655cfd08f30d]
PUP.Optional.BuenoSearch, C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\882nld3v.default\prefs.js, Good: (), Bad: (erences

/* Do not edit this file.
*
* If you), ,[e122a251dfaa2511157c6f52c63f669a]
PUP.Optional.BuenoSearch, C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\882nld3v.default\prefs.js, Good: (), Bad: (rences

/* Do not edit this file.
*
* If you mak), ,[7b88b43f0089e94dabe6c9f8c0458878]
PUP.Optional.BuenoSearch, C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\882nld3v.default\prefs.js, Good: (), Bad: (ces

/* Do not edit this file.
*
* If you make changes to this file while), ,[9b681bd83554a195d9b8388942c3eb15]
PUP.Optional.BuenoSearch, C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\882nld3v.default\prefs.js, Good: (), Bad: (s file.
*
* If you make changes to this file while the application is r), ,[b053a0533d4c270fc7ca18a9f4118779]
PUP.Optional.BuenoSearch, C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\882nld3v.default\prefs.js, Good: (), Bad: ( this file.
*
* If you make changes to this file w), ,[e51ef9fa880126104948863b51b47d83]
PUP.Optional.BuenoSearch, C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\882nld3v.default\prefs.js, Good: (), Bad: (ces

/* Do not edit this file.
*
* If you make), ,[ea1945ae632662d468291da40afb9d63]
PUP.Optional.BuenoSearch, C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\882nld3v.default\prefs.js, Good: (), Bad: (ences

/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will b), ,[17ec21d23950bf77b1e0fec3d1349070]
PUP.Optional.BuenoSearch, C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\882nld3v.default\prefs.js, Good: (), Bad: (e the application is running,
* the changes will be overwritten w), ,[13f0995a12773204bad78c357590fb05]
PUP.Optional.BuenoSearch, C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\882nld3v.default\prefs.js, Good: (), Bad: (not edit this file.
*
* If you make changes to), ,[12f1876c32572a0cd9b817aa8e77639d]
PUP.Optional.BuenoSearch, C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\882nld3v.default\prefs.js, Good: (), Bad: (erences

/* Do not edit this file.
*
* If you make ), ,[52b139ba85047db99ef3a71a7a8bf40c]
PUP.Optional.BuenoSearch, C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\882nld3v.default\prefs.js, Good: (), Bad: (

/* Do not edit this file.
*
* If you make changes t), ,[b54e4da6dcad7db995fc9031887dbe42]
PUP.Optional.BuenoSearch, C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\882nld3v.default\prefs.js, Good: (), Bad: (
/* Do not edit this file.
*
* If you make ch), ,[5aa90fe429600234c1d06061bd48c53b]
PUP.Optional.BuenoSearch, C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\882nld3v.default\prefs.js, Good: (), Bad: (erences

/* Do not edit this file.
*
* I), ,[01026a893554290d95fce2dfec19e818]
PUP.Optional.BuenoSearch, C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\882nld3v.default\prefs.js, Good: (), Bad: (Preferences

/* Do not edit this file.
*
* If ), ,[6a993eb570194de993fefec330d53dc3]
PUP.Optional.BuenoSearch, C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\882nld3v.default\prefs.js, Good: (), Bad: (ences

/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten whe), ,[8b78658e4c3d6accaee3635e689d8b75]
PUP.Optional.BuenoSearch, C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\882nld3v.default\prefs.js, Good: (), Bad: ( is running,
* the changes will be overwritten wh), ,[0ef5a94acebb270fd2bff7ca976eb34d]
PUP.Optional.BuenoSearch, C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\882nld3v.default\prefs.js, Good: (), Bad: (rences

/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when th), ,[2ed5688b96f342f4f39ee1e0e2239f61]
PUP.Optional.BuenoSearch, C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\882nld3v.default\prefs.js, Good: (), Bad: (unning,
* the changes will be overwritten when the ), ,[a95ad91a96f339fd771a289975907b85]
PUP.Optional.BuenoSearch, C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\882nld3v.default\prefs.js, Good: (), Bad: (nces

/* Do not edit this file.
*
* If you make changes t), ,[2dd6bc37bfca0234cec39031d134cf31]
PUP.Optional.BuenoSearch, C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\882nld3v.default\prefs.js, Good: (), Bad: ( Do not edit this file.
*
* If you make changes to), ,[f90a04ef65243402b6db754c25e023dd]
PUP.Optional.BuenoSearch.A, C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\882nld3v.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.tlbrSrchUrl", "http://www.buenosearch.com/?q={searchTe ... 2&tsp=5229");), ,[798ac033acdde45200b0ae1237cede22]
PUP.Optional.BuenoSearch.A, C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\882nld3v.default\user.js, Good: (), Bad: (earchTerms}&babsrc=TB_ss&mntrId=F42990F65210FF89&affID=128492&tsp=5229");
user_pref("extensions.buenosearch.tb_url", "http://www.buenosearch.com/?q=), ,[4db66093ef9a7abc446cb7093acba35d]
PUP.Optional.BuenoSearch, C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\882nld3v.default\user.js, Good: (), Bad: (10FF89&affID=128492&tsp=5229");
user_pref("extensions.buenosearch.tb_url", "http://www.buenosearch.com/?q={searchTe ... d=F42990F6), ,[6b98856e6623b97deba5368b3bca8080]
PUP.Optional.BuenoSearch, C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\882nld3v.default\user.js, Good: (), Bad: (0F65210FF89&affID=128492&tsp=5229");
user_pref("extensions.buenosearch.tb_), ,[51b28e659eeb77bf058b9a272cd9758b]
PUP.Optional.BuenoSearch, C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\882nld3v.default\user.js, Good: (), Bad: (l", "http://www.buenosearch.com/?q={searchTe ... 0F65210FF8), ,[22e1a2515336db5beaa6972a2adbbe42]
PUP.Optional.BuenoSearch, C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\882nld3v.default\user.js, Good: (), Bad: (://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&m), ,[8e75678c5b2e6cca424ea71ad1343dc3]
PUP.Optional.BuenoSearch, C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\882nld3v.default\user.js, Good: (), Bad: (uenosearch.tlbrSrchUrl", "http://www.buenosearch.com/), ,[34cf9162bfca4aec5838f3ced62fd030]
PUP.Optional.BuenoSearch, C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\882nld3v.default\user.js, Good: (), Bad: (buenosearch.tlbrSrchUrl", "http://www.buenosearch.com/), ,[2bd8ca2998f1dd596b257d448f767987]
PUP.Optional.BuenoSearch, C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\882nld3v.default\user.js, Good: (), Bad: (uenosearch.tlbrSrchUrl", "http://www.buenosearch.com/?q={search), ,[d42fa84b1277d660a3edb70aa560c63a]
PUP.Optional.BuenoSearch, C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\882nld3v.default\user.js, Good: (), Bad: (h.tlbrSrchUrl", "http://www.buenosearch.com/?q={searchTerms), ,[39caf4ff5c2dcc6a523ea81935d0fe02]
PUP.Optional.BuenoSearch, C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\882nld3v.default\user.js, Good: (), Bad: (earch.tlbrSrchUrl", "http://www.buenosearch.com/?q={searc), ,[11f2d91a0c7da39396fafcc50bfa7d83]
PUP.Optional.BuenoSearch, C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\882nld3v.default\user.js, Good: (), Bad: (osearch.tlbrSrchUrl", "http://www.buenosearch.com/?), ,[15ee3eb5d8b1b5810e8271507194c040]
PUP.Optional.BuenoSearch, C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\882nld3v.default\user.js, Good: (), Bad: (s.buenosearch.tlbrSrchUrl", "http://www.buenosearch.), ,[44bfa54e028793a3b4dc12af976e58a8]
PUP.Optional.BuenoSearch, C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\882nld3v.default\user.js, Good: (), Bad: (.buenosearch.tlbrSrchUrl", "http://www.buenosearch.), ,[e71c2fc4dfaa78be365a8e337392df21]
PUP.Optional.BuenoSearch, C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\882nld3v.default\user.js, Good: (), Bad: (.buenosearch.tlbrSrchUrl", "http://www.buenosearch), ,[cc37ba398ffa3402840c4d745da83fc1]
PUP.Optional.BuenoSearch, C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\882nld3v.default\user.js, Good: (), Bad: (ns.buenosearch.tlbrSrchUrl", "http://www.buenosearc), ,[7f84ad46c7c2fc3a2e62546d51b417e9]
PUP.Optional.BuenoSearch, C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\882nld3v.default\user.js, Good: (), Bad: (s.buenosearch.tlbrSrchUrl", "http://www.buenosearch.co), ,[e023767d19701125e7a9c5fc48bd6799]
PUP.Optional.BuenoSearch, C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\882nld3v.default\user.js, Good: (), Bad: (uenosearch.tlbrSrchUrl", "http://www.buenosearch.), ,[788bca290b7ea78ff29e9130ee179769]
PUP.Optional.BuenoSearch, C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\882nld3v.default\user.js, Good: (), Bad: (ons.buenosearch.tlbrSrchUrl", "http://www.buenosearch.), ,[82812dc67712b581078958692bdab44c]
PUP.Optional.BuenoSearch, C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\882nld3v.default\user.js, Good: (), Bad: (uenosearch.tlbrSrchUrl", "http://www.buenosearch.c), ,[55aea74c2f5a52e4ccc4edd4887df907]
PUP.Optional.BuenoSearch, C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\882nld3v.default\user.js, Good: (), Bad: (ns.buenosearch.tlbrSrchUrl", "http://www.buenosear), ,[49bac231008943f3286800c147be7a86]

Physical Sectors: 0
(No malicious items detected)


(end)

Márty84 píše: Jak je to s legalitou systemu? Ultimate neni zrovna bezna domaci verze

Nejak nevidim odpoved. Procpak asi?

Diky moc za pomoc cenim si to

Pravidla fora hovori jasne http://forum.viry.cz/viewtopic.php?f=12&t=115512

Pomáhat NELZE:
2) Pokud stroj uživatele prokazatelně obsahuje nelegální hostitelský čí ochranný software
(operační systém, antivir, firewall, atd.), je nutné navést uživatele k nápravě, např. skrze neplacený software,
a začít řešit, až v době kdy je PC "v pořádku". V případě že uživatel nechce na pravidla přistoupit,
je nutné jej vyzvat ať fórum opustí, a vrátí se až je splní.