Prosím o kontrolu logu

[sekicz]

Zdravím, asi jsem se stal obětí bitcoin mine viru. Když nešahám na počítač cca minutu a půl tak mám najednou vytíženou grafiku na plno. Např. videa na youtube se začnou sekat ale zvuk jede normálně. Děkuji za případné rady.
log.txt

Logfile of random's system information tool 1.08 (written by random/random)
Run by Jirka at 2013-11-17 09:53:19
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 65 GB (17%) free of 385 GB
Total RAM: 4094 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:53:25, on 17.11.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16736)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
C:\Users\Jirka\AppData\Local\Akamai\netsession_win.exe
C:\Users\Jirka\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
C:\Windows\V0680Mon.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe
C:\PROGRA~2\AIMP3\AIMP3.exe
C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Jirka.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
O4 - HKLM\..\Run: [vmware-tray.exe] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [V0680Mon.exe] C:\Windows\V0680Mon.exe
O4 - HKLM\..\Run: [NCUpdateHelper] C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Norton Ghost 15.0] "C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [Live! Central 3] "C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe" /mode2
O4 - HKLM\..\Run: [FastAccess Web Alert] C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\FAInstaller\FATRY.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Jirka\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [TBPanel] "C:\Program Files (x86)\EXPERTool\TBPanel.exe" /A
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [LightShot] C:\Users\Jirka\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue
O4 - HKCU\..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Jirka\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [Total CMA Pack] C:\Program Files (x86)\Total CMA Pack\Total CMA Pack.exe
O4 - HKCU\..\Run: [Keyboard Inf.] C:\Users\Jirka\AppData\Roaming\BSplayer\msdn.exe
O4 - HKCU\..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-812291890-3211942370-344604394-1006\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-812291890-3211942370-344604394-1006\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Startup: Dropbox.lnk = Jirka\AppData\Roaming\Dropbox\bin\Dropbox.exe
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.aeriagames.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GenericMount Helper Service - Symantec - C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelper.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: SymSnapService - Symantec - C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files (x86)\Tunngle\TnglCtrl.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: VMware Workstation Server (VMwareHostd) - Unknown owner - C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13444 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
C:\Windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
"C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe"
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\system32\AEADISRV.EXE
"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe"
"C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe"
C:\Windows\SysWOW64\vmnat.exe
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s
"C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe"
WLIDSvcM.exe 2824
"C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe"
C:\Windows\SysWOW64\vmnetdhcp.exe
"C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe"
"C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\Version8\TeamViewer8_Logfile.log
"C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\Version8\TeamViewer8_Logfile.log
"C:\Program Files\Logitech\Gaming Software\LWEMon.exe" /noui
"C:\Program Files\Logitech Gaming Software\LCore.exe" /minimized
"C:\Windows\WindowsMobile\wmdc.exe"
"C:\Program Files\Zune\ZuneLauncher.exe"
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
C:\Windows\system32\svchost.exe -k WindowsMobile
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"C:\Users\Jirka\AppData\Local\Akamai\netsession_win.exe"
"C:/Users/Jirka/AppData/Local/Akamai/netsession_win.exe" --client
"C:\Users\Jirka\AppData\Roaming\BSplayer\msdn.exe"
"C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe"
"C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
"C:\Windows\V0680Mon.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe"
"C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe"
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"
C:\PROGRA~2\AIMP3\AIMP3.exe -Embedding
"taskhost.exe"
"C:\Windows\System32\perfmon.exe" /res
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe11_ Global\UsGthrCtrlFltPipeMssGthrPipe11 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k swprv
"C:\Windows\system32\SearchFilterHost.exe" 0 532 536 544 65536 540
"C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe" --disable-audio-output-resampler
"C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="2736.0.1660661816\836858227" --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,3,12,22,26 --gpu-vendor-id=0x10de --gpu-device-id=0x05e2 --gpu-driver-vendor=NVIDIA --gpu-driver-version=9.18.13.3140 --ignored=" --type=renderer " /prefetch:822062411
"C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/CookieRetentionPriorityStudy/ExperimentOn/DeferBackgroundExtensionCreation/Deferred/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group6 pct:10e stable:pp1 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_14/UMA-Uniformity-Trial-1-Percent/group_58/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_09/UMA-Uniformity-Trial-50-Percent/group_01/" --enable-threaded-compositing --extension-process --renderer-print-preview --disable-html-notifications --channel="2736.2.1723789507\953036024" /prefetch:673131151
"C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/CookieRetentionPriorityStudy/ExperimentOn/DeferBackgroundExtensionCreation/Deferred/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group6 pct:10e stable:pp1 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_14/UMA-Uniformity-Trial-1-Percent/group_58/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_09/UMA-Uniformity-Trial-50-Percent/group_01/" --enable-threaded-compositing --extension-process --renderer-print-preview --disable-html-notifications --channel="2736.3.811748231\43813176" /prefetch:673131151
"C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/CookieRetentionPriorityStudy/ExperimentOn/DeferBackgroundExtensionCreation/Deferred/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group6 pct:10e stable:pp1 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_14/UMA-Uniformity-Trial-1-Percent/group_58/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_09/UMA-Uniformity-Trial-50-Percent/group_01/" --enable-threaded-compositing --extension-process --renderer-print-preview --disable-html-notifications --channel="2736.4.1676106898\1782300068" /prefetch:673131151
"C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/CookieRetentionPriorityStudy/ExperimentOn/DeferBackgroundExtensionCreation/Deferred/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group6 pct:10e stable:pp1 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_14/UMA-Uniformity-Trial-1-Percent/group_58/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_09/UMA-Uniformity-Trial-50-Percent/group_01/" --enable-threaded-compositing --extension-process --renderer-print-preview --disable-html-notifications --channel="2736.5.1418259577\1690634169" /prefetch:673131151
"C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/CookieRetentionPriorityStudy/ExperimentOn/DeferBackgroundExtensionCreation/Deferred/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group6 pct:10e stable:pp1 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_14/UMA-Uniformity-Trial-1-Percent/group_58/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_09/UMA-Uniformity-Trial-50-Percent/group_01/" --enable-threaded-compositing --renderer-print-preview --disable-html-notifications --channel="2736.7.723522700\379144515" /prefetch:673131151
"C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/CookieRetentionPriorityStudy/ExperimentOn/DeferBackgroundExtensionCreation/Deferred/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group6 pct:10e stable:pp1 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_14/UMA-Uniformity-Trial-1-Percent/group_58/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_09/UMA-Uniformity-Trial-50-Percent/group_01/" --enable-threaded-compositing --renderer-print-preview --disable-html-notifications --channel="2736.8.172618782\856685007" /prefetch:673131151
"C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/CookieRetentionPriorityStudy/ExperimentOn/DeferBackgroundExtensionCreation/Deferred/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group6 pct:10e stable:pp1 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_14/UMA-Uniformity-Trial-1-Percent/group_58/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_09/UMA-Uniformity-Trial-50-Percent/group_01/" --enable-threaded-compositing --renderer-print-preview --disable-html-notifications --channel="2736.9.450851330\1138037291" /prefetch:673131151
"C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/CookieRetentionPriorityStudy/ExperimentOn/DeferBackgroundExtensionCreation/Deferred/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group6 pct:10e stable:pp1 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_14/UMA-Uniformity-Trial-1-Percent/group_58/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_09/UMA-Uniformity-Trial-50-Percent/group_01/" --enable-threaded-compositing --renderer-print-preview --instant-process --disable-html-notifications --channel="2736.10.1452240125\1319563779" /prefetch:673131151
"nvtray.exe" -user_has_logged_in 1
"C:\Users\Jirka\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-812291890-3211942370-344604394-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-812291890-3211942370-344604394-1001UA.job
C:\Windows\tasks\update-S-1-5-21-812291890-3211942370-344604394-1001.job
C:\Windows\tasks\update-sys.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-10-08 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-10-08 171944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAX"=C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe [2009-05-18 3866624]
"Start WingMan Profiler"=C:\Program Files\Logitech\Gaming Software\LWEMon.exe [2010-06-14 190536]
"Launch LCore"=C:\Program Files\Logitech Gaming Software\LCore.exe [2013-04-24 7477016]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04 446392]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 660360]
"Zune Launcher"=C:\Program Files\Zune\ZuneLauncher.exe [2011-08-05 163552]
"Logitech Download Assistant"=C:\Windows\System32\LogiLDA.dll [2012-09-20 1832760]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2013-08-12 1356240]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2011-09-22 4035152]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\Jirka\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-20 116648]
"TBPanel"=C:\Program Files (x86)\EXPERTool\TBPanel.exe [2013-07-03 2160936]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-10-02 20472992]
"Steam"=C:\Program Files (x86)\Steam\Steam.exe [2013-10-30 1820584]
"LightShot"=C:\Users\Jirka\AppData\Local\Skillbrains\lightshot\LightShot.exe [2013-09-27 226592]
"Xvid"=C:\Program Files (x86)\Xvid\CheckUpdate.exe [2011-01-17 8192]
"AdobeBridge"= []
"Akamai NetSession Interface"=C:\Users\Jirka\AppData\Local\Akamai\netsession_win.exe [2013-06-05 4489472]
"Total CMA Pack"=C:\Program Files (x86)\Total CMA Pack\Total CMA Pack.exe [2011-09-30 63290]
"Keyboard Inf."=C:\Users\Jirka\AppData\Roaming\BSplayer\msdn.exe [2013-11-10 3344384]
"ooVoo.exe"=C:\Program Files (x86)\ooVoo\oovoo.exe [2013-10-31 35489856]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [2009-06-05 1310720]
"PWRISOVM.EXE"=C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [2013-04-15 337432]
"vmware-tray.exe"=C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [2013-02-26 104528]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS6ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [2012-03-09 1073312]
"V0680Mon.exe"=C:\Windows\V0680Mon.exe [2011-07-27 28672]
"NCUpdateHelper"=C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe [2013-10-10 528360]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]
"Norton Ghost 15.0"=C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe [2009-10-01 2596712]
"LogMeIn Hamachi Ui"=C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2013-11-11 2349392]
"Live! Central 3"=C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe [2013-08-15 461312]
"FastAccess Web Alert"=C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\FAInstaller\FATRY.exe [2011-07-11 2033648]

C:\Users\Jirka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\Jirka\AppData\Roaming\Dropbox\bin\Dropbox.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2013-11-17 09:53:19 ----D---- C:\rsit
2013-11-17 09:53:19 ----D---- C:\Program Files\trend micro
2013-11-17 09:47:02 ----D---- C:\FRST
2013-11-16 22:00:25 ----D---- C:\Users\Jirka\AppData\Roaming\Malwarebytes
2013-11-16 22:00:15 ----D---- C:\ProgramData\Malwarebytes
2013-11-16 22:00:13 ----A---- C:\Windows\system32\drivers\mbam.sys
2013-11-16 22:00:12 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-16 18:36:53 ----D---- C:\Users\Jirka\AppData\Roaming\ESET
2013-11-16 18:30:15 ----D---- C:\ProgramData\ESET
2013-11-16 18:30:15 ----D---- C:\Program Files\ESET
2013-11-15 22:18:37 ----D---- C:\Users\Jirka\AppData\Roaming\Reallusion
2013-11-15 22:16:41 ----D---- C:\Users\Jirka\AppData\Roaming\Creative
2013-11-15 22:10:55 ----A---- C:\Windows\system32\drivers\CtClsFlt.sys
2013-11-15 22:10:55 ----A---- C:\Windows\system32\drivers\CtAudDrv.sys
2013-11-15 21:44:22 ----D---- C:\ProgramData\Windows App Certification Kit
2013-11-15 21:43:46 ----D---- C:\Program Files\Application Verifier
2013-11-15 21:43:46 ----D---- C:\Program Files (x86)\Application Verifier
2013-11-15 21:38:39 ----D---- C:\Program Files (x86)\Windows Kits
2013-11-15 21:01:25 ----D---- C:\Users\Jirka\AppData\Roaming\ooVoo Details
2013-11-15 21:00:36 ----D---- C:\Program Files (x86)\ooVoo
2013-11-13 22:20:37 ----A---- C:\Windows\SYSWOW64\ieui.dll
2013-11-13 22:20:37 ----A---- C:\Windows\system32\ieui.dll
2013-11-13 22:20:36 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2013-11-13 22:20:35 ----A---- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe
2013-11-13 22:20:35 ----A---- C:\Windows\SYSWOW64\iesysprep.dll
2013-11-13 22:20:35 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2013-11-13 22:20:35 ----A---- C:\Windows\system32\iesetup.dll
2013-11-13 22:20:35 ----A---- C:\Windows\system32\iernonce.dll
2013-11-13 22:20:35 ----A---- C:\Windows\system32\ie4uinit.exe
2013-11-13 22:20:34 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2013-11-13 22:20:34 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-13 22:20:34 ----A---- C:\Windows\system32\iesysprep.dll
2013-11-13 22:20:33 ----A---- C:\Windows\system32\iertutil.dll
2013-11-13 22:20:32 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2013-11-13 22:20:32 ----A---- C:\Windows\system32\msfeeds.dll
2013-11-13 22:20:31 ----A---- C:\Windows\SYSWOW64\jscript.dll
2013-11-13 22:20:31 ----A---- C:\Windows\system32\jscript9.dll
2013-11-13 22:20:31 ----A---- C:\Windows\system32\jscript.dll
2013-11-13 22:20:30 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2013-11-13 22:20:30 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2013-11-13 22:20:29 ----A---- C:\Windows\system32\urlmon.dll
2013-11-13 22:20:28 ----A---- C:\Windows\SYSWOW64\wininet.dll
2013-11-13 22:20:28 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2013-11-13 22:20:28 ----A---- C:\Windows\system32\wininet.dll
2013-11-13 22:20:28 ----A---- C:\Windows\system32\jsproxy.dll
2013-11-13 22:20:27 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2013-11-13 22:20:26 ----A---- C:\Windows\system32\ieframe.dll
2013-11-13 22:20:25 ----A---- C:\Windows\system32\mshtml.dll
2013-11-13 22:20:23 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2013-11-13 19:20:14 ----D---- C:\Users\Jirka\AppData\Roaming\LolClient
2013-11-13 18:59:39 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2013-11-13 18:59:39 ----A---- C:\Windows\system32\crypt32.dll
2013-11-13 18:59:37 ----A---- C:\Windows\system32\drivers\afd.sys
2013-11-13 18:59:35 ----A---- C:\Windows\SYSWOW64\authui.dll
2013-11-13 18:59:35 ----A---- C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 18:59:35 ----A---- C:\Windows\system32\credui.dll
2013-11-13 18:59:35 ----A---- C:\Windows\system32\authui.dll
2013-11-13 18:59:34 ----A---- C:\Windows\SYSWOW64\SmartcardCredentialProvider.dll
2013-11-13 18:59:34 ----A---- C:\Windows\SYSWOW64\credui.dll
2013-11-13 18:59:21 ----A---- C:\Windows\SYSWOW64\schannel.dll
2013-11-13 18:59:21 ----A---- C:\Windows\system32\sspicli.dll
2013-11-13 18:59:21 ----A---- C:\Windows\system32\schannel.dll
2013-11-13 18:59:21 ----A---- C:\Windows\system32\lsass.exe
2013-11-13 18:59:21 ----A---- C:\Windows\system32\lsasrv.dll
2013-11-13 18:59:21 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2013-11-13 18:59:21 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2013-11-13 18:59:21 ----A---- C:\Windows\system32\drivers\cng.sys
2013-11-13 18:59:20 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2013-11-13 18:59:20 ----A---- C:\Windows\SYSWOW64\secur32.dll
2013-11-13 18:59:20 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2013-11-13 18:59:20 ----A---- C:\Windows\system32\sspisrv.dll
2013-11-13 18:59:20 ----A---- C:\Windows\system32\secur32.dll
2013-11-13 18:59:20 ----A---- C:\Windows\system32\ncrypt.dll
2013-11-13 18:59:17 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2013-11-13 18:59:17 ----A---- C:\Windows\system32\gdi32.dll
2013-11-13 18:59:14 ----A---- C:\Windows\system32\IKEEXT.DLL
2013-11-13 18:59:13 ----A---- C:\Windows\SYSWOW64\nshwfp.dll
2013-11-13 18:59:13 ----A---- C:\Windows\SYSWOW64\FWPUCLNT.DLL
2013-11-13 18:59:13 ----A---- C:\Windows\system32\nshwfp.dll
2013-11-13 18:59:13 ----A---- C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 18:51:26 ----D---- C:\Program Files (x86)\LogMeIn Hamachi
2013-11-10 17:48:41 ----D---- C:\Users\Jirka\AppData\Roaming\Publish Providers
2013-11-10 17:38:55 ----D---- C:\ProgramData\Sony
2013-11-10 17:38:55 ----D---- C:\Program Files (x86)\Sony
2013-11-10 17:38:54 ----D---- C:\Program Files\Sony
2013-11-10 17:35:42 ----D---- C:\Users\Jirka\AppData\Roaming\Sony
2013-11-03 11:45:58 ----D---- C:\Program Files (x86)\Forklift Truck Simulator 2009
2013-11-03 11:24:28 ----D---- C:\Program Files (x86)\MSXML 4.0
2013-11-02 18:53:05 ----D---- C:\Users\Jirka\AppData\Roaming\Symantec
2013-11-02 18:45:43 ----A---- C:\Windows\SYSWOW64\MSVCR71.DLL
2013-11-02 18:45:43 ----A---- C:\Windows\SYSWOW64\MSVCP71.DLL
2013-11-02 18:45:43 ----A---- C:\Windows\SYSWOW64\MFC71.DLL
2013-11-02 18:45:43 ----A---- C:\Windows\SYSWOW64\capicom.dll
2013-11-02 18:45:42 ----D---- C:\Program Files (x86)\Symantec
2013-11-02 18:45:24 ----A---- C:\Windows\system32\drivers\WimFltr.sys
2013-11-02 18:44:47 ----A---- C:\Windows\system32\drivers\symsnap.sys
2013-11-02 18:44:30 ----A---- C:\Windows\system32\drivers\vproeventmonitor.sys
2013-11-02 18:44:22 ----A---- C:\Windows\SYSWOW64\GEARAspi.dll
2013-11-02 18:44:22 ----A---- C:\Windows\system32\GEARAspi64.dll
2013-11-02 18:44:22 ----A---- C:\Windows\system32\drivers\GEARAspiWDM.sys
2013-11-02 18:44:21 ----DC---- C:\Windows\system32\DRVSTORE
2013-11-02 18:43:41 ----D---- C:\ProgramData\Symantec
2013-11-02 18:43:41 ----D---- C:\ProgramData\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3}
2013-11-02 18:43:41 ----D---- C:\Program Files (x86)\Norton Ghost
2013-11-01 15:50:05 ----D---- C:\SIDIS
2013-11-01 15:49:45 ----D---- C:\Program Files\DIFX
2013-11-01 15:49:20 ----D---- C:\Program Files (x86)\DiTEST
2013-11-01 15:48:44 ----A---- C:\Windows\SYSWOW64\sysload.dll
2013-11-01 15:48:44 ----A---- C:\Windows\SYSWOW64\loaddpram.dll
2013-11-01 15:48:44 ----A---- C:\Windows\SYSWOW64\loaddal.dll
2013-11-01 15:48:44 ----A---- C:\Windows\SYSWOW64\edicusb.dll
2013-11-01 15:48:44 ----A---- C:\Windows\SYSWOW64\edictcp.dll
2013-11-01 15:48:44 ----A---- C:\Windows\SYSWOW64\edicdp32.dll
2013-11-01 15:48:44 ----A---- C:\Windows\SYSWOW64\edicblue.dll
2013-11-01 15:48:44 ----A---- C:\Windows\SYSWOW64\eahwconf7.dll
2013-11-01 15:48:44 ----A---- C:\Windows\SYSWOW64\eaconfutil.dll
2013-11-01 15:48:44 ----A---- C:\Windows\SYSWOW64\conmansrv.exe
2013-11-01 15:48:43 ----A---- C:\Windows\SYSWOW64\admincheck.dll
2013-11-01 15:48:43 ----A---- C:\Windows\system32\drivers\edicusb7x64.sys
2013-11-01 15:48:43 ----A---- C:\Windows\system32\drivers\edic7x64.sys
2013-11-01 15:48:32 ----D---- C:\ProgramData\Softing
2013-11-01 15:48:32 ----D---- C:\ProgramData\D-PDU API
2013-11-01 15:48:32 ----D---- C:\Program Files (x86)\Softing
2013-11-01 15:47:31 ----A---- C:\Windows\SYSWOW64\msxml4r.dll
2013-11-01 15:47:27 ----D---- C:\ODIS-DIAG-MODULES
2013-11-01 15:47:10 ----D---- C:\Windows\SYSWOW64\SAG_VAS5051B
2013-11-01 15:47:10 ----A---- C:\Windows\SYSWOW64\rde_paext_usb_433.dll
2013-11-01 15:47:10 ----A---- C:\Windows\SYSWOW64\rde_paext_std_433.dll
2013-11-01 15:47:10 ----A---- C:\Windows\SYSWOW64\PAWINNT4_4.dll
2013-11-01 15:47:10 ----A---- C:\Windows\SYSWOW64\avl_vas6558_paext_433.dll
2013-11-01 15:47:09 ----D---- C:\Windows\SYSWOW64\HVMT_AVL
2013-11-01 15:47:09 ----D---- C:\Windows\SYSWOW64\AVL_VAS6356
2013-11-01 15:47:09 ----A---- C:\Windows\SYSWOW64\PAWINNT4_3.dll
2013-11-01 15:47:09 ----A---- C:\Windows\SYSWOW64\PAWINNT.dll
2013-11-01 15:47:09 ----A---- C:\Windows\SYSWOW64\GICO22EngineAll.dll
2013-11-01 15:47:09 ----A---- C:\Windows\SYSWOW64\GICO22_JNI.dll
2013-11-01 15:45:33 ----D---- C:\Program Files (x86)\Offboard_Diagnostic_Information_System_Service
2013-11-01 15:45:32 ----D---- C:\temp
2013-10-31 20:08:53 ----D---- C:\ProgramData\LogMeIn
2013-10-31 13:16:56 ----AH---- C:\Windows\system32\hamachi.sys
2013-10-30 18:09:27 ----D---- C:\Users\Jirka\AppData\Roaming\TS3Client
2013-10-30 18:07:12 ----D---- C:\Program Files (x86)\TeamSpeak 3 Client
2013-10-30 12:00:01 ----D---- C:\2-click run
2013-10-28 22:41:46 ----A---- C:\Windows\system32\nvdispgenco6433158.dll
2013-10-28 22:41:46 ----A---- C:\Windows\system32\nvdispco6433158.dll
2013-10-27 15:41:57 ----D---- C:\Users\Jirka\AppData\Roaming\SpinTires
2013-10-27 11:50:32 ----SD---- C:\Program Files (x86)\Total CMA Pack
2013-10-26 22:18:56 ----D---- C:\Program Files (x86)\F9
2013-10-26 22:15:14 ----D---- C:\Program Files\Microsoft Silverlight
2013-10-26 22:15:14 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2013-10-26 22:14:29 ----A---- C:\Windows\system32\cohelper.dll
2013-10-26 22:12:40 ----D---- C:\Program Files (x86)\Microsoft Security Client
2013-10-26 22:12:35 ----D---- C:\Program Files\Microsoft Security Client
2013-10-26 21:59:57 ----D---- C:\Program Files (x86)\Arduino
2013-10-26 13:24:24 ----D---- C:\belkin
2013-10-25 11:49:01 ----D---- C:\Riot Games
2013-10-25 11:47:41 ----D---- C:\ProgramData\PMB Files
2013-10-25 11:47:34 ----D---- C:\Program Files (x86)\Pando Networks
2013-10-25 11:47:01 ----D---- C:\Users\Jirka\AppData\Roaming\Riot Games
2013-10-25 11:10:21 ----D---- C:\GTA
2013-10-25 11:09:16 ----D---- C:\Program Files (x86)\Text
2013-10-24 16:04:00 ----D---- C:\ProgramData\Automation
2013-10-23 13:13:05 ----D---- C:\ProgramData\McAfee
2013-10-21 15:37:25 ----D---- C:\Program Files\OpenTTD
2013-10-20 10:11:52 ----D---- C:\ProgramData\Oracle
2013-10-20 10:11:26 ----A---- C:\Windows\SYSWOW64\javaws.exe
2013-10-20 10:11:21 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2013-10-20 10:11:21 ----A---- C:\Windows\SYSWOW64\javaw.exe
2013-10-20 10:11:21 ----A---- C:\Windows\SYSWOW64\java.exe
2013-10-20 08:39:35 ----D---- C:\Program Files (x86)\PCSX2 1.0.0

======List of files/folders modified in the last 1 months======

2013-11-17 09:53:19 ----RD---- C:\Program Files
2013-11-17 09:50:28 ----D---- C:\Windows
2013-11-17 09:49:53 ----D---- C:\Users\Jirka\AppData\Roaming\AIMP3
2013-11-17 09:49:52 ----D---- C:\Users\Jirka\AppData\Roaming\Dropbox
2013-11-17 09:49:52 ----D---- C:\Program Files (x86)\Steam
2013-11-17 09:49:23 ----D---- C:\Users\Jirka\AppData\Roaming\Skype
2013-11-17 09:46:36 ----D---- C:\Windows\Temp
2013-11-17 09:28:59 ----D---- C:\Users\Jirka\AppData\Roaming\vlc
2013-11-17 09:08:34 ----D---- C:\Windows\system32\config
2013-11-17 08:57:11 ----SHD---- C:\System Volume Information
2013-11-17 08:45:05 ----D---- C:\ProgramData\VMware
2013-11-16 22:02:19 ----D---- C:\Windows\System32
2013-11-16 22:02:19 ----D---- C:\Windows\inf
2013-11-16 22:02:19 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-11-16 22:00:15 ----HD---- C:\ProgramData
2013-11-16 22:00:13 ----D---- C:\Windows\system32\drivers
2013-11-16 22:00:12 ----RD---- C:\Program Files (x86)
2013-11-16 18:38:26 ----D---- C:\Users\Jirka\AppData\Roaming\.purple
2013-11-16 18:36:37 ----SHD---- C:\Windows\Installer
2013-11-16 18:33:14 ----D---- C:\Windows\system32\DriverStore
2013-11-16 18:33:14 ----D---- C:\Windows\system32\catroot
2013-11-15 22:52:29 ----D---- C:\Users\Jirka\AppData\Roaming\uTorrent
2013-11-15 22:18:37 ----D---- C:\ProgramData\Creative
2013-11-15 22:16:26 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2013-11-15 22:11:30 ----D---- C:\Program Files (x86)\Creative
2013-11-15 21:44:51 ----D---- C:\Windows\SysWOW64
2013-11-15 21:38:39 ----D---- C:\Program Files (x86)\Common Files
2013-11-15 21:38:25 ----D---- C:\ProgramData\Package Cache
2013-11-14 19:09:13 ----D---- C:\Windows\winsxs
2013-11-14 19:08:53 ----D---- C:\Windows\Panther
2013-11-14 19:06:22 ----D---- C:\Program Files (x86)\Internet Explorer
2013-11-14 19:06:20 ----D---- C:\Windows\SYSWOW64\en-US
2013-11-14 19:06:20 ----D---- C:\Windows\system32\en-US
2013-11-14 19:06:20 ----D---- C:\Program Files\Internet Explorer
2013-11-13 22:20:58 ----D---- C:\Windows\system32\catroot2
2013-11-13 22:19:41 ----D---- C:\Windows\system32\MRT
2013-11-13 22:17:04 ----D---- C:\Windows\debug
2013-11-13 22:17:03 ----A---- C:\Windows\system32\MRT.exe
2013-11-12 21:00:01 ----D---- C:\Windows\system32\LogFiles
2013-11-12 17:18:33 ----SHD---- C:\Windows\SYSWOW64\AI_RecycleBin
2013-11-12 17:09:08 ----D---- C:\Users\Jirka\AppData\Roaming\Notepad++
2013-11-12 17:08:50 ----D---- C:\Windows\SYSWOW64\LogFiles
2013-11-12 17:08:42 ----D---- C:\Windows\Minidump
2013-11-12 17:08:42 ----D---- C:\Windows\Logs
2013-11-11 20:57:47 ----RHD---- C:\Users\Jirka\AppData\Roaming\SecuROM
2013-11-11 20:57:47 ----D---- C:\Users\Jirka\AppData\Roaming\Logitech
2013-11-11 19:14:36 ----D---- C:\Windows\Microsoft.NET
2013-11-10 21:49:37 ----D---- C:\Users\Jirka\AppData\Roaming\VMware
2013-11-10 20:55:43 ----SD---- C:\Users\Jirka\AppData\Roaming\Microsoft
2013-11-10 20:45:52 ----D---- C:\Users\Jirka\AppData\Roaming\PACE Anti-Piracy
2013-11-10 15:36:50 ----D---- C:\Users\Jirka\AppData\Roaming\ATI
2013-11-10 14:49:00 ----D---- C:\Users\Jirka\AppData\Roaming\BSplayer Pro
2013-11-10 14:48:29 ----D---- C:\Users\Jirka\AppData\Roaming\Zoner
2013-11-10 14:47:31 ----D---- C:\Users\Jirka\AppData\Roaming\Logishrd
2013-11-10 14:37:15 ----D---- C:\Users\Jirka\AppData\Roaming\WinRAR
2013-11-10 14:30:28 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2013-11-10 14:30:08 ----RSD---- C:\Windows\assembly
2013-11-10 14:28:16 ----D---- C:\Users\Jirka\AppData\Roaming\BSplayer
2013-11-10 14:24:28 ----D---- C:\Windows\SYSWOW64\directx
2013-11-10 14:17:43 ----D---- C:\Users\Jirka\AppData\Roaming\Audacity
2013-11-10 14:17:26 ----D---- C:\Users\Jirka\AppData\Roaming\Macromedia
2013-11-10 14:14:28 ----D---- C:\Users\Jirka\AppData\Roaming\Tunngle
2013-11-10 09:26:36 ----D---- C:\Program Files (x86)\Origin
2013-11-09 20:45:00 ----D---- C:\ProgramData\Steam
2013-11-08 13:31:35 ----D---- C:\Program Files (x86)\AIMP3
2013-11-07 14:33:06 ----D---- C:\Users\Jirka\AppData\Roaming\Origin
2013-11-02 18:48:24 ----D---- C:\Windows\Registration
2013-11-01 15:50:13 ----D---- C:\Windows\Prefetch
2013-10-29 08:46:43 ----D---- C:\Program Files (x86)\Saints Row IV
2013-10-29 08:04:46 ----D---- C:\ProgramData\NVIDIA
2013-10-28 22:42:22 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2013-10-27 08:23:10 ----D---- C:\Windows\SYSWOW64\drivers
2013-10-27 08:22:46 ----D---- C:\Program Files (x86)\ASUS
2013-10-26 22:16:25 ----SD---- C:\ProgramData\Microsoft
2013-10-25 11:49:07 ----D---- C:\Windows\Tasks
2013-10-23 19:11:34 ----D---- C:\Program Files (x86)\rFactor
2013-10-23 13:14:16 ----D---- C:\ProgramData\Adobe
2013-10-23 13:13:31 ----D---- C:\Users\Jirka\AppData\Roaming\Adobe
2013-10-23 13:12:40 ----D---- C:\Program Files (x86)\Adobe
2013-10-20 10:11:21 ----D---- C:\Program Files (x86)\Java
2013-10-20 09:21:11 ----D---- C:\Program Files (x86)\Origin Games
2013-10-19 21:00:40 ----D---- C:\ProgramData\Skype
2013-10-19 21:00:38 ----RD---- C:\Program Files (x86)\Skype

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2013-06-18 247216]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 symsnap;Symantec Volume Snap Shot Driver; C:\Windows\system32\DRIVERS\symsnap.sys [2009-09-21 170032]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R0 vmci;VMware VMCI Bus Driver; C:\Windows\system32\DRIVERS\vmci.sys [2012-10-24 85104]
R0 vsock;vSockets Driver; C:\Windows\system32\drivers\vsock.sys [2012-10-24 70296]
R1 AsIO;AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [2009-04-06 13368]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2011-08-04 38288]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2013-04-15 127384]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
R2 hcmon;VMware hcmon; \??\C:\Windows\system32\drivers\hcmon.sys [2012-10-11 52376]
R2 VMnetBridge;VMware Bridge Protocol; C:\Windows\system32\DRIVERS\vmnetbridge.sys [2013-02-26 45720]
R2 VMnetuserif;VMware Network Application Interface; \??\C:\Windows\system32\drivers\vmnetuserif.sys [2013-02-26 30800]
R2 vmx86;VMware vmx86; \??\C:\Windows\system32\drivers\vmx86.sys [2013-02-26 67664]
R2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared); C:\Windows\SysWOW64\drivers\vstor2-mntapi10-shared.sys [2011-07-12 33392]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys [2009-06-05 475136]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver; C:\Windows\system32\DRIVERS\CtClsFlt.sys [2011-09-05 178176]
R3 GEARAspiWDM;GearAspiWDM; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 34152]
R3 GenericMount;Generic Mount Driver; C:\Windows\system32\DRIVERS\GenericMount.sys [2009-09-21 54320]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver; C:\Windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
R3 LGPBTDD;LGPBTDD.sys Display Driver; C:\Windows\System32\Drivers\LGPBTDD.sys [2009-07-01 30728]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver; C:\Windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2009-05-14 15416]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2013-06-16 196384]
R3 NVNET;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmf6264.sys [2010-08-12 350952]
R3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle); C:\Windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
R3 V0680Vid;Creative Live! Cam Socialize HD 1080 Driver; C:\Windows\system32\DRIVERS\V0680Vid.sys [2011-07-26 394112]
R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\vmnetadapter.sys [2013-02-26 20120]
R4 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2011-08-04 187632]
S3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-12-19 11278336]
S3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-12-19 552960]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2012-11-06 96256]
S3 FTDIBUS;USB Serial Converter Driver; C:\Windows\system32\drivers\ftdibus.sys [2013-07-25 79592]
S3 FTSER2K;USB Serial Port Driver; C:\Windows\system32\drivers\ftser2k.sys [2013-05-17 85384]
S3 HTCAND64;HTC Device Driver; C:\Windows\System32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
S3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2013-04-04 25928]
S3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2013-06-18 139616]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x64.sys [2009-06-10 408960]
S3 pwdrvio;pwdrvio; \??\C:\Windows\syswow64\pwdrvio.sys []
S3 pwdspio;pwdspio; \??\C:\Windows\syswow64\pwdspio.sys []
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\RTL8192su.sys [2010-11-25 694888]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
S3 usb_rndisx;USB RNDIS Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2013-02-12 19968]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 VProEventMonitor;Symantec Event Monitor Driver; C:\Windows\system32\DRIVERS\vproeventmonitor.sys [2009-09-21 20528]
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2009-10-01 154168]
S4 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2011-08-04 62496]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-09-05 65640]
R2 AEADIFilters;Andrea ADI Filters Service; C:\Windows\system32\AEADISRV.EXE [2009-06-05 111616]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 CTAudSvcService;Creative Audio Service; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [2011-10-19 423424]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-22 974944]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2013-11-11 2756944]
R2 LMIGuardianSvc;LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [2013-10-11 377104]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-08-12 23808]
R2 Norton Ghost;Norton Ghost; C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe [2009-10-01 4584288]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-10-15 922912]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-09-17 1364256]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2013-10-05 76888]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 TeamViewer8;TeamViewer 8; C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-10-01 5087584]
R2 VMAuthdService;VMware Authorization Service; C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe [2013-02-26 87120]
R2 VMnetDHCP;VMware DHCP Service; C:\Windows\syswow64\vmnetdhcp.exe [2013-02-26 357456]
R2 VMUSBArbService;VMware USB Arbitration Service; C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-10-11 918680]
R2 VMware NAT Service;VMware NAT Service; C:\Windows\syswow64\vmnat.exe [2013-02-26 436304]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R3 SymSnapService;SymSnapService; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [2009-09-21 2963960]
R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-09-05 171680]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2013-08-28 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2013-08-28 79360]
S3 fussvc;Windows App Certification Kit Fast User Switching Utility Service; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [2012-07-25 139776]
S3 GenericMount Helper Service;GenericMount Helper Service; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelper.exe [2009-09-21 1571336]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-12 2999664]
S3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2013-08-12 366600]
S3 npggsvc;nProtect GameGuard Service; C:\Windows\syswow64\GameMon.des [2012-10-24 4702568]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2013-10-30 566696]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider; C:\Windows\system32\dllhost.exe [2009-07-14 9728]
S3 Te.Service;Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-07-25 126976]
S3 TunngleService;TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2013-09-03 759192]
S3 VMwareHostd;VMware Workstation Server; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2013-02-26 13242960]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-08-20 1255736]
S4 NetMsmqActivator;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

[Rudy]

Zdravím!
Spusťte nejprve tuto utilitu:

Stáhněte AdwCleaner http://www.stahuj.centrum.cz/utility_a_ ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve >Scan< a potom na >Clean< (smazat)
Proběhne skenováni a pak se objeví log, který sem vložte.

[sekicz]

# AdwCleaner v3.012 - Report created 17/11/2013 at 12:58:35
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Jirka - JIRKA-PC
# Running from : C:\Users\Jirka\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKLM\Software\Conduit

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16736


-\\ Google Chrome v

[ File : C:\Users\Jirka\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [1285 octets] - [17/11/2013 12:57:37]
AdwCleaner[S0].txt - [1173 octets] - [17/11/2013 12:58:35]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1233 octets] ##########

[Rudy]

Dejte nový log RSIT.

[sekicz]

Počítač jsem radši po pár letech přeinstaloval, ale zjistil jsem že mám vir i na notebooku, bude vadit když do tohoto tématu dám logy z druhého počítače?

[Rudy]

Také řešení. Log sem klidně dejte.

[sekicz]

1. log z RSIT (logRSIT_pred)
2. ADWcleaner (ADW)
3. log z RSIT (logRSIT_po)
Nějak nevim, jak bych to sem hodil do jednoho postu,tak jsem nahrál ty .txt na Skydrive.
http://sdrv.ms/1hRdA4e

[Rudy]

Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:

:files
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\update-S-1-5-21-4136063269-2072558518-3648296240-1001.job
C:\WINDOWS\tasks\update-sys.job

:reg
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-

:commands
[Purity]
[Emptytemp]
[Emptyflash]

a klikněte na >MoveIt!<. Po skenu restartujte PC a dejte nový log RSIT.

[sekicz]

Nějak se mi to sem nevejde.
http://sdrv.ms/1ioqMey

[Rudy]

Smazáno. Nastala nějaká změna?

[sekicz]

Ne, pořád to dělá.

[Rudy]

Otevřte znovu OTM a klikněte na >CleanUp!<. OTM po sobě uklidí. Pak dejte log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.

[sekicz]

Combofix nejde spustit. Mám Windows 8.1. Píše "ComboFix is not meant to run in Compatibility Mode." Přitom žádnej režim kompatibility nastavenej nemám.

[Rudy]

Tak jinak.

Stáhněte a spusťte OTL: http://oldtimer.geekstogo.com/OTL.exe . Spusťte, zaškrněte "Pro všechny uživatele", Kontrola na havěť LOP" a Kontrola na hvěť PURITY" a do dolního bílého okna zkopírujte:

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
services.exe
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5

%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*loader* /s

a klikněte na >Prohledat<.

[sekicz]

http://sdrv.ms/HVBMBY