Malware, Vir, Keylogger, Prosím o pomoc.

[KevinK]

Dobrý den

Včera se mi stalo že se mi do počítače dostal trojský kůň, malware (nevím co to je), jeden člověk s kterým se poměrně dlouho znám po internetu mi to poslal, protože mi chtěl odcizit cenné věci na
mém STEAM ÚČTĚ ... Tuhle je ten vir na diagnozu : http://www.mediafire.com/download/ny2d6 ... nector.exe
Počítat jde spustit bez problému. Myslím si spíš, že to je keylogger.
Muj postup co jsem udělal : avast(kompletní scan), avg(komplet scan), TDSSkiller Kaspersky, MALWARE BITES, potom i kvuli doporučení COMBOFIX ( jeden soubor mě ty antivirusi nechtěli odstranit)

Jsem ochotný vám odpovědět na všechny otázky ohledně mého pc atd.
PS: Je mi jedno i kdyby se všechna data mohla stratit na mém PC. Klidně můžu reinstalovat windows. CD Mám, ale nemám od toho to registrační číslo ( kód ). Popř. mohu dodat log z COMBOFIXU

+ děkuji za odpověd a další postup. Chcu mít 100% jistotu že tam už nic není abych v klidu mohl zadávat hesla apod.

POSÍLÁM TU LOG Z TOHO PROGRAMU CO JE TU

Logfile of random's system information tool 1.10 (written by random/random)
Run by Kevin at 2015-01-11 19:20:22
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 597 GB (63%) free of 946 GB
Total RAM: 8150 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:20:30, on 11.1.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17496)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\AVG\AVG2015\avgui.exe
C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Skillbrains\lightshot\5.2.0.17\Lightshot.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
C:\Program Files (x86)\Opera\26.0.1656.60\opera_crashreporter.exe
C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
C:\Program Files\trend micro\Kevin.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - (no file)
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O2 - BHO: AVG Web TuneUp - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Web TuneUp\4.0.5.7\AVG Web TuneUp.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [Lightshot] C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing)
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.2.0\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: appstoreService - TODO: <Company name> - C:\Program Files (x86)\iSafe\appstore\appstoreSvc.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
O23 - Service: @%ProgramFiles%\Windows Identity Foundation\v3.5\c2wtsres.dll,-1000 (c2wts) - Unknown owner - C:\Program Files (x86)\Windows Identity Foundation\v3.5\c2wtshost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Foxit Cloud Safe Update Service (FoxitCloudUpdateService) - Foxit Corporation - C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: RzKLService - Razer Inc. - C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater18.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13012 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Program Files (x86)\iSafe\appstore\appstoreSvc.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe"
"C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe"
"C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service
"C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service
"C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe" /service
"C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe" /DisableUI
"C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe"
"C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
"C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe"
"C:\Program Files (x86)\AVG\AVG2015\avgemca.exe"
C:\Windows\system32\PnkBstrA.exe
"C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe"
"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
"C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\ToolbarUpdater.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s
C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
"C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\loggingserver.exe" 72648 "C:\ProgramData\AVG Secure Search\Logger\logger.properties"
\??\C:\Windows\system32\conhost.exe "1466758627-8205046271134102972-1031531638-901920373542867894-53425685-1478716436
WLIDSvcM.exe 2548
C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe /pipeName=c2feea3f-0200-0000-e8d4-477f925a1224 /binaryPath="C:\Program Files (x86)\AVG\AVG2015\"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\iSafe\appstore\ipcdl.exe" --channel_name="520.0.666315248\1557367124"
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
"C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe"
"C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe" /starttray
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Steam\Steam.exe" -silent
"C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe"
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
"C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
"C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"
"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
"C:\Program Files (x86)\Skillbrains\lightshot\5.2.0.17\Lightshot.exe"

C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Steam\bin\steamwebhelper.exe" -cefhost -cachedir "C:\Program Files (x86)\Steam\config\htmlcache" -cookiepath "C:\Program Files (x86)\Steam\config\cookies" -steampid 4468 --blacklist-accelerated-compositing --process-per-tab --disable-accelerated-video-decode --enable-direct-write
"C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService
"C:\Windows\system32\wuauclt.exe"
C:\Windows\system32\svchost.exe -k SDRSVC
"C:\Program Files (x86)\Skype\Phone\Skype.exe"
"C:\Program Files (x86)\Steam\bin\steamwebhelper.exe" --type=renderer --disable-accelerated-video-decode --disable-delegated-renderer --disable-gpu-compositing --disable-threaded-compositing --enable-pinch --enable-software-compositing --no-sandbox --enable-direct-write --lang=en-US --lang=en-US --product-version="Valve Steam Client" --disable-accelerated-compositing --disable-gpu-compositing --channel="6112.0.5952276\1665730340" /prefetch:673131151
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe" --ran-launcher
"C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe" --ran-launcher /crash-reporter-parent-id=5532
"C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe" --type=gpu-process --channel="5532.0.1142543493\1936171635" --enable-proprietary-media-types-playback --crash-reporter-pid=6232 --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,17,39,48 --gpu-vendor-id=0x10de --gpu-device-id=0x11c0 --gpu-driver-vendor=NVIDIA --gpu-driver-version=9.18.13.3788 --enable-proprietary-media-types-playback --crash-reporter-pid=6232 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe" --type=renderer --alt-high-dpi-setting=96 --disable-direct-npapi-requests --enable-deferred-image-decoding --lang=cs --enable-proprietary-media-types-playback --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --with-feature:enhanced-autofill --crash-reporter-pid=6232 --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="5532.2.188607873\1553439874" /prefetch:673131151
"C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe" --type=renderer --alt-high-dpi-setting=96 --disable-direct-npapi-requests --enable-deferred-image-decoding --lang=cs --enable-proprietary-media-types-playback --disable-client-side-phishing-detection --with-feature:enhanced-autofill --crash-reporter-pid=6232 --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="5532.4.89780011\818227081" /prefetch:673131151
"C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe" --type=renderer --alt-high-dpi-setting=96 --disable-direct-npapi-requests --enable-deferred-image-decoding --lang=cs --enable-proprietary-media-types-playback --disable-client-side-phishing-detection --with-feature:enhanced-autofill --crash-reporter-pid=6232 --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="5532.14.1111725424\1712234656" /prefetch:673131151
"C:\Program Files (x86)\Steam\bin\steamwebhelper.exe" --type=renderer --disable-accelerated-video-decode --disable-delegated-renderer --disable-gpu-compositing --disable-threaded-compositing --enable-pinch --enable-software-compositing --no-sandbox --enable-direct-write --lang=en-US --lang=en-US --product-version="Valve Steam Client" --disable-accelerated-compositing --disable-gpu-compositing --channel="6112.1.1918699802\483168261" /prefetch:673131151
"C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe" --type=renderer --alt-high-dpi-setting=96 --disable-direct-npapi-requests --enable-deferred-image-decoding --lang=cs --enable-proprietary-media-types-playback --disable-client-side-phishing-detection --with-feature:enhanced-autofill --crash-reporter-pid=6232 --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="5532.21.2122954550\1208591986" /prefetch:673131151
"C:\Windows\system32\SearchFilterHost.exe" 0 528 532 540 65536 536
"C:\Users\Kevin\Desktop\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1161003254-3360529415-1600708479-1001Core.job - C:\Users\Kevin\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1161003254-3360529415-1600708479-1001UA.job - C:\Users\Kevin\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\update-S-1-5-21-1161003254-3360529415-1600708479-1001.job - C:\Program Files (x86)\Skillbrains\Updater\Updater.exe -runmode=checkupdate
C:\Windows\tasks\update-sys.job - C:\Program Files (x86)\Skillbrains\Updater\Updater.exe -runmode=checkupdate

=========Mozilla firefox=========

ProfilePath - C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\2ry2ycmt.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "https://mysearch.avg.com?cid={D1B8181F- ... 2014-11-05 22:27:35&v=4.0.5.7&pid=wtu&sg=&sap=hp"
prefs.js - "keyword.URL" - "https://www.google.com/search"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 15.0.0.223 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.2.0\\npsitesafety.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@esn/npbattlelog,version=2.5.1]
"Description"=
"Path"=C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf]
"Description"=
"Path"=C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.45.2]
"Description"=
"Path"=C:\Windows\SysWOW64\npdeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0]
"Description"=Microsoft Lync Plug-in for Firefox
"Path"=C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nexon.net/NxGame]
"Description"=Nexon Game Controller
"Path"=C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 15.0.0.223 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@esn/npbattlelog,version=2.5.1]
"Description"=
"Path"=C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.45.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll


C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\2ry2ycmt.default\extensions\
avg@toolbar

C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\2ry2ycmt.default\searchplugins\
avg-secure-search.xml
Google.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2014-11-04 218784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-08-01 612248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2014-11-12 886480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2014-11-12 2334928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-12-26 210856]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2014-10-14 153248]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll [2012-11-13 3214392]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-08-01 457712]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
AVG Web TuneUp - C:\Program Files (x86)\AVG Web TuneUp\4.0.5.7\AVG Web TuneUp.dll [2014-12-12 2395160]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-09-23 393600]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2014-11-12 710864]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2014-11-12 1729744]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-10-08 171944]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=C:\Program Files (x86)\Steam\steam.exe [2014-11-18 1940160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Creative Cloud]
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2013-07-12 2236816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ESL Wire]
C:\Program Files\EslWire\wire.exe --tray []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixMyRegistry]
C:\Program Files (x86)\SmartTweak\FixMyRegistry\FixMyRegistry.exe /ot /as /ss []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\Kevin\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-08 116648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2012-05-23 5120144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAStorIcon]
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe [2012-02-29 56088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightShot]
C:\Users\Kevin\AppData\Local\Skillbrains\lightshot\Lightshot.exe Flags: uninsdeletevalue []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2014-12-13 3838800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvBackend]
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2014-05-30 2352072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [2012-11-13 3825176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce]
C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShadowPlay]
C:\Windows\system32\nvspcap64.dll [2014-05-30 1279480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedUpMyComputer]
C:\Program Files (x86)\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe /ot /as /ss []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spybot-S&D Cleaning]
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [2012-11-13 3713032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB3MON]
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2012-05-20 291648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GIGABYTE OC_GURU.lnk]
C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe [2012-10-03 17686528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SRS Premium Sound.lnk]
C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe /f=srs_premium_sound_nopreset.zip /h []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-08-01 4085896]
""= []
"AVG_UI"=C:\Program Files (x86)\AVG\AVG2015\avgui.exe [2014-12-18 3667472]
"Lightshot"=C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [2014-11-18 226560]
"vProt"=C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2014-12-12 3081752]
"LogMeIn Hamachi Ui"=C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2014-12-13 3838800]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=221
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"C:\Rebus\Rebus Manager\RebusManager.exe"="C:\Rebus\Rebus Manager\RebusManager.exe:*:Enabled:RebusManager"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"MSVideo8"=VfWWDM32.dll
"VIDC.LAGS"=lagarith.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux1"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux2"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux3"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux4"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"aux5"=wdmaud.drv
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
"aux6"=wdmaud.drv
"vidc.tscc"=C:\Windows\SysWOW64\tsccvid64.dll
"vidc.tsc2"=C:\Windows\SysWOW64\tsc2_codec64.dll
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave9"=wdmaud.drv
"midi9"=wdmaud.drv
"mixer9"=wdmaud.drv
"aux7"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2015-01-11 19:20:22 ----D---- C:\rsit
2015-01-11 19:20:22 ----D---- C:\Program Files\trend micro
2015-01-11 14:21:23 ----SHD---- C:\$RECYCLE.BIN
2015-01-11 14:21:17 ----A---- C:\ComboFix.txt
2015-01-11 13:55:26 ----A---- C:\Windows\zip.exe
2015-01-11 13:55:26 ----A---- C:\Windows\SWSC.exe
2015-01-11 13:55:26 ----A---- C:\Windows\SWREG.exe
2015-01-11 13:55:26 ----A---- C:\Windows\sed.exe
2015-01-11 13:55:26 ----A---- C:\Windows\PEV.exe
2015-01-11 13:55:26 ----A---- C:\Windows\NIRCMD.exe
2015-01-11 13:55:26 ----A---- C:\Windows\MBR.exe
2015-01-11 13:55:26 ----A---- C:\Windows\grep.exe
2015-01-11 13:54:20 ----D---- C:\Qoobox
2015-01-11 13:54:01 ----D---- C:\Windows\erdnt
2015-01-10 22:49:51 ----A---- C:\autoexec.bat
2015-01-10 22:49:01 ----D---- C:\Program Files\Enigma Software Group
2015-01-10 21:15:04 ----A---- C:\TDSSKiller.3.0.0.16_10.01.2015_21.15.04_log.txt
2015-01-10 21:14:47 ----A---- C:\TDSSKiller.3.0.0.16_10.01.2015_21.14.47_log.txt
2015-01-10 20:43:38 ----A---- C:\TDSSKiller.3.0.0.16_10.01.2015_20.43.38_log.txt
2015-01-10 19:58:19 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2015-01-10 19:57:42 ----D---- C:\ProgramData\Malwarebytes
2015-01-10 19:57:42 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-10 19:57:42 ----A---- C:\Windows\system32\drivers\mwac.sys
2015-01-10 19:57:42 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2015-01-10 19:57:42 ----A---- C:\Windows\system32\drivers\mbam.sys
2015-01-10 19:19:45 ----D---- C:\Users\Kevin\AppData\Roaming\raidcall
2015-01-10 19:19:41 ----D---- C:\Program Files (x86)\RaidCall
2015-01-10 15:02:50 ----D---- C:\Program Files (x86)\Mumble
2015-01-08 18:05:25 ----D---- C:\Program Files (x86)\Cok Software
2015-01-07 15:36:40 ----N---- C:\bootsqm.dat
2014-12-31 14:51:13 ----D---- C:\Program Files (x86)\MediaFire Desktop
2014-12-31 14:51:04 ----A---- C:\Windows\system32\drivers\mfmonitor_x64.sys
2014-12-24 21:02:35 ----D---- C:\Program Files (x86)\Sony
2014-12-24 21:02:15 ----D---- C:\Program Files\Sony
2014-12-24 15:53:22 ----D---- C:\Program Files (x86)\LogMeIn Hamachi
2014-12-20 10:00:03 ----D---- C:\Users\Kevin\AppData\Roaming\minecraft
2014-12-19 16:06:29 ----D---- C:\Users\Kevin\AppData\Roaming\java
2014-12-19 16:05:47 ----D---- C:\Program Files (x86)\Minecraft

======List of files/folders modified in the last 1 month======

2015-01-11 19:20:22 ----D---- C:\Program Files
2015-01-11 19:17:14 ----D---- C:\Windows\Temp
2015-01-11 19:07:37 ----D---- C:\Users\Kevin\AppData\Roaming\Skype
2015-01-11 19:00:26 ----SHD---- C:\System Volume Information
2015-01-11 19:00:12 ----D---- C:\Windows\system32\config
2015-01-11 18:59:26 ----D---- C:\Program Files (x86)\Steam
2015-01-11 18:50:38 ----D---- C:\Program Files (x86)\Opera
2015-01-11 18:48:17 ----D---- C:\Windows\Prefetch
2015-01-11 14:09:48 ----D---- C:\Windows
2015-01-11 14:09:48 ----A---- C:\Windows\system.ini
2015-01-11 14:09:39 ----D---- C:\Windows\system32\drivers\etc
2015-01-11 14:05:04 ----D---- C:\ProgramData\Temp
2015-01-11 14:04:46 ----D---- C:\Windows\SYSWOW64\drivers
2015-01-11 14:04:46 ----D---- C:\Windows\SysWOW64
2015-01-11 14:04:46 ----D---- C:\Windows\AppPatch
2015-01-11 14:04:45 ----D---- C:\Program Files (x86)\Common Files
2015-01-11 13:54:22 ----D---- C:\Windows\system32\drivers
2015-01-11 13:51:41 ----D---- C:\Windows\system32\Tasks
2015-01-11 13:38:06 ----D---- C:\Users\Kevin\AppData\Roaming\OBS
2015-01-11 13:03:08 ----D---- C:\ProgramData\MFAData
2015-01-10 20:34:02 ----D---- C:\Windows\system32\wbem
2015-01-10 20:33:20 ----D---- C:\ProgramData\McAfee Security Scan
2015-01-10 20:33:19 ----SHD---- C:\Windows\Installer
2015-01-10 20:33:19 ----D---- C:\Windows\Tasks
2015-01-10 20:33:19 ----D---- C:\Windows\system32\DriverStore
2015-01-10 20:33:19 ----D---- C:\Windows\system32\catroot2
2015-01-10 20:33:19 ----D---- C:\Windows\registration
2015-01-10 20:26:53 ----D---- C:\Users\Kevin\AppData\Roaming\TS3Client
2015-01-10 20:12:35 ----RD---- C:\Program Files (x86)
2015-01-10 20:12:35 ----D---- C:\ProgramData
2015-01-07 15:40:47 ----D---- C:\Windows\system32\wfp
2015-01-07 15:40:47 ----D---- C:\Windows\System32
2015-01-07 15:40:47 ----D---- C:\Windows\inf
2015-01-07 15:38:54 ----D---- C:\Windows\system32\LogFiles
2015-01-01 17:28:39 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-12-31 14:51:14 ----RSD---- C:\Windows\Fonts
2014-12-31 14:46:05 ----D---- C:\Users\Kevin\AppData\Roaming\uTorrent
2014-12-30 23:27:56 ----D---- C:\Program Files (x86)\Hearthstone
2014-12-30 23:26:08 ----D---- C:\ProgramData\Origin
2014-12-30 23:25:32 ----D---- C:\Program Files (x86)\Origin
2014-12-30 20:47:55 ----D---- C:\ProgramData\Package Cache
2014-12-30 20:29:31 ----D---- C:\Users\Kevin\AppData\Roaming\.minecraft
2014-12-24 16:06:49 ----D---- C:\Windows\winsxs
2014-12-24 11:36:14 ----D---- C:\Windows\Microsoft.NET
2014-12-24 11:35:11 ----RSD---- C:\Windows\assembly
2014-12-24 11:16:13 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2014-12-24 11:14:28 ----D---- C:\Program Files\Microsoft Office 15
2014-12-21 09:44:07 ----D---- C:\ProgramData\Skype
2014-12-21 09:44:03 ----RD---- C:\Program Files (x86)\Skype
2014-12-13 13:16:32 ----D---- C:\Program Files (x86)\Battle.net
2014-12-12 12:29:39 ----D---- C:\Program Files (x86)\AVG Web TuneUp
2014-12-12 12:11:51 ----D---- C:\ProgramData\Avg_Update_1214tb

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2014-08-01 65776]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2014-08-01 224896]
R0 AVGIDSHA;AVGIDSHA; C:\Windows\system32\DRIVERS\avgidsha.sys [2014-11-18 203544]
R0 Avgloga;AVG Logging Driver; C:\Windows\system32\DRIVERS\avgloga.sys [2014-07-18 313624]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx64.sys [2014-10-05 124184]
R0 Avgrkx64;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx64.sys [2014-06-18 31512]
R0 ESLWireAC;ESLWireAC; C:\Windows\system32\drivers\ESLWireACD.sys [2014-08-06 184968]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iaStor.sys [2012-02-01 568600]
R0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\drivers\iusb3hcs.sys [2012-05-20 19264]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 AppleCharger;AppleCharger; C:\Windows\system32\DRIVERS\AppleCharger.sys [2011-11-02 21616]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2014-08-01 93568]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2014-11-21 1041168]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2014-08-01 427360]
R1 Avgdiska;AVG Disk Driver; C:\Windows\system32\DRIVERS\avgdiska.sys [2014-06-18 153368]
R1 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdrivera.sys [2014-12-08 260888]
R1 Avgldx64;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx64.sys [2014-08-28 243480]
R1 Avgtdia;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdia.sys [2014-10-10 274200]
R1 avgtp;avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [2014-12-12 52000]
R1 vpcnfltr;Virtual PC Network Filter Driver; C:\Windows\system32\DRIVERS\vpcnfltr.sys [2009-09-23 66304]
R1 vpcvmm;@%SystemRoot%\system32\drivers\vpcvmm.sys,-100; C:\Windows\system32\drivers\vpcvmm.sys [2009-09-23 359552]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2014-08-01 29208]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2014-08-01 79184]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2014-08-01 92008]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver; C:\Windows\System32\Drivers\EtronHub3.sys [2012-02-03 59520]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver; C:\Windows\System32\Drivers\EtronXHCI.sys [2012-02-03 84736]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
R3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hub.sys [2012-05-20 357184]
R3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2012-05-20 789824]
R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys [2012-04-25 104560]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2014-11-21 25816]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [2015-01-11 129752]
R3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [2014-11-21 63704]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2012-07-02 62784]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2013-11-28 197408]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2014-03-31 40392]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2012-05-04 2196592]
R3 vpcbus;Služba hostitelské sběrnice programu Virtual PC; C:\Windows\system32\DRIVERS\vpchbus.sys [2009-09-23 187904]
R3 vpcusb;Služba konektoru virtualizace rozhraní USB; C:\Windows\system32\DRIVERS\vpcusb.sys [2009-09-23 95232]
S3 BRDriver64;BRDriver64; \??\C:\programdata\bitraider\BRDriver64.sys [2014-04-30 75048]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 catchme;catchme; \??\C:\xyz\catchme.sys []
S3 EagleX64;EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys []
S3 EtronSTOR;Etron Enhance USB BOT/UASP Mass Storage Driver; C:\Windows\System32\Drivers\EtronSTOR.sys [2012-08-07 32512]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-23 48488]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2013-03-02 25640]
S3 GPCIDrv;GPCIDrv; \??\C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [2010-02-04 14376]
S3 GVTDrv64;GVTDrv64; \??\C:\Windows\GVTDrv64.sys [2013-03-02 30528]
S3 ManyCam;ManyCam Virtual Webcam; C:\Windows\system32\DRIVERS\mcvidrv.sys [2014-05-13 42224]
S3 mcaudrv_simple;ManyCam Virtual Microphone; C:\Windows\system32\drivers\mcaudrv_x64.sys [2014-05-13 35440]
S3 MsgPlusDriver;Messenger Plus! Virtual Camera; C:\Windows\system32\DRIVERS\MsgPlusDriver.sys []
S3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-05-30 20256]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 RZMAELSTROMVADService;Razer Surround Audio Enhancer Service; C:\Windows\system32\drivers\RzMaelstromVAD.sys [2014-06-09 32768]
S3 ScreamBAudioSvc;ScreamBee Audio; C:\Windows\system32\drivers\ScreamingBAudio64.sys [2012-07-31 38992]
S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys [2012-08-23 29696]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 appstoreService;appstoreService; C:\Program Files (x86)\iSafe\appstore\appstoreSvc.exe [2014-07-18 12464]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-08-01 50344]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [2014-12-18 3432976]
R2 avgwd;AVG WatchDog; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [2014-12-18 298080]
R2 c2cautoupdatesvc;Skype Click to Call Updater; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-07-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-07-14 1767520]
R2 ClickToRunSvc;Služba Microsoft Office ClickToRun; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2014-11-12 2449592]
R2 Fabs;FABS - Helping agent for MAGIX media database; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
R2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [2014-06-17 242216]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2014-12-13 2530640]
R2 LMIGuardianSvc;LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [2014-12-02 417552]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-11-21 969016]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-11-21 1871160]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2014-11-14 76152]
R2 RzKLService;RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [2014-02-25 105448]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2012-10-20 130024]
R2 vToolbarUpdater18.2.0;vToolbarUpdater18.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\ToolbarUpdater.exe [2014-12-12 1850392]
R3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2014-11-18 833728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-27 116648]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
S3 AppleChargerSrv;AppleChargerSrv; C:\Windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
S3 c2wts;@%ProgramFiles%\Windows Identity Foundation\v3.5\c2wtsres.dll,-1000; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [2010-02-03 15768]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-09-23 1493352]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-27 116648]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-11-22 114688]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-09-24 114288]
S3 Origin Client Service;Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2014-12-24 1903472]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2013-12-04 150600]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2013-12-04 5132888]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-02-27 1255736]
S4 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-12-18 65192]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-16 267440]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S4 BEService;BattlEye Service; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2013-06-18 49152]
S4 BRSptSvc;BitRaider Mini-Support Service; C:\ProgramData\BitRaider\BRSptSvc.exe [2014-04-30 477960]
S4 EslWireHelper;ESL Wire Helper Service; C:\Program Files\EslWire\service\WireHelperSvc.exe []
S4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
S4 HiPatchService;Hi-Rez Studios Authenticate and Update Service; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe []
S4 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-02-01 13592]
S4 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2011-08-30 160256]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-05-30 1631008]
S4 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-05-30 21055432]
S4 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2014-05-20 927520]
S4 SDScannerService;Spybot-S&D 2 Scanner Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392]
S4 SDUpdateService;Spybot-S&D 2 Updating Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624]
S4 SDWSCService;Spybot-S&D 2 Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384]
S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-05-20 413128]
S4 TeamViewer9;TeamViewer 9; C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe []
S4 VIAKaraokeService;VIA Karaoke digital mixer Service; C:\Windows\system32\viakaraokesrv.exe [2012-05-04 27760]

-----------------EOF-----------------

[motji]

Zdravím
poprosím o ten log z combofixu i TDSS kileru, vidím žejste jej dělal. V tomto logu už nic nevidím, protože jste použitím combofixu smazal všechny stopy . Combofix se smí použít jen pod dozorem rádce, hrozí poškození systému .

[KevinK]

Při použití KomboFixu se nic nepoškodilo vše funguje jak má.

jo jinak se to ten log z kompofixu nevleze:
dal sem do do přílohy

[KevinK]

tady to je : http://tny.cz/b4090784

nevlezlo se to tady jelikož to má víc než limit

[KevinK]

tady je ten kaspersky killer: http://tny.cz/b5c7738d

Nic jineho než skip tam nešlo dát tak jsem zapnul ten ComboFix

[KevinK]

Děkuji za vaši Odpověď

[motji]

Máte nějak moc antivirů . Spybota odstraňte a dejte mi 10minut než projedu ty logy.
Ten soubor co Vám někdo poslal jste spustil asi že?
Jaký soubor Vám nechtěli odstranit?

[KevinK]

takže ...
hodně antiviru mam kvuli tomuhle tomu to exe sem oscanoval AVG a AVASTEM a řikalo že neškodny..
ano spustil jsem to .exe
nešlo odstranit něco typu SyS.a nějaky tečky a pismena a čísla zatím.
tento pripad resilo uz hodne lidi
ukradli jim věci ze Steamu
ale nikdo nerekl jak to uplně odstranit z PC

[motji]

Logy jsou celkem ok, našel byste ještě log z Malwarebytes?
odinstalujte anitiviry navíc, nechte jen jeden, dejte pryč spybota a Mc afee security skener.

[KevinK]

kde ten log najdu prosím..

[motji]

Nahoře záložka historie

[KevinK]

myslíte si že už nic v počítači není ??
kdyžtak tam je ten soubor, ja nevim jak ale ono to se asi nějak muže diagnostikovat aby se vědělo co to udělá

[motji]

Stáhněte Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe
-Uložte program na plochu a spusťte . Pak se zobrazí se licenční podminky - potvrďte start libovolnou klávesou.
- vytvoří se záloha a proběhne skenování.
Po skončení skenování na Vás vyběhne log (bude uložen v c:\JRT jako JRT.txt) - zkopírujte jej sem

Stáhněte AdwCleaner http://www.bleepingcomputer.com/download/adwcleaner/
-Uložte program na plochu a ukončete všechny spuštěné programy .
-spusťte AdwCleaner, klikněte na Scan a po dokončení skenu na Clean
- provede se oprava, restartuje se pc - (případně restartujte) a objeví se log C:\AdwCleaner\AdwCleaner.txt , obsah logu zkopírujte zde.

[KevinK]

Tuhle je První log po spuštění té .exe
Pro jistotu sem potom to scanl ještě 3x


Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10.1.2015
Scan Time: 19:59:13
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.10.15
Rootkit Database: v2015.01.07.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Kevin

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 414262
Time Elapsed: 12 min, 49 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 11
PUP.Optional.RelatedSearchs.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{96A25A24-2E87-4374-8A50-CC6F943FCE4D}, No Action By User, [497e8a6b6c1d3501d33fecfefd05b050],
PUP.Optional.RelatedSearchs.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{96A25A24-2E87-4374-8A50-CC6F943FCE4D}, No Action By User, [497e8a6b6c1d3501d33fecfefd05b050],
PUP.Optional.DefaultTab.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{7F6AFBF1-E065-4627-A2FD-810366367D01}, Quarantined, [9334b1444e3b8fa7b179a24acf33d828],
PUP.Optional.DefaultTab.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{7F6AFBF1-E065-4627-A2FD-810366367D01}, Quarantined, [9334b1444e3b8fa7b179a24acf33d828],
PUP.Optional.DefaultTab.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{7F6AFBF1-E065-4627-A2FD-810366367D01}, Quarantined, [9334b1444e3b8fa7b179a24acf33d828],
PUP.Optional.Outobox.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{30F06672-0E95-41A9-80CB-DEE386AF99AD}, Quarantined, [398e9065e3a63cfac69502e9a260c23e],
PUP.Optional.Outobox.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{30F06672-0E95-41A9-80CB-DEE386AF99AD}, Quarantined, [398e9065e3a63cfac69502e9a260c23e],
PUP.Optional.DefaultTab.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DefaultTab, Quarantined, [6760a3525f2aba7cdec1da9562a15da3],
PUP.Optional.Outobox.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\outobox, Quarantined, [596e9a5b127705310e02dbf8a85c629e],
PUP.Optional.DefaultTab.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DefaultTab, Quarantined, [1ea9e80d40491d196b9b743d1be85ba5],
PUP.Optional.Softonic.A, HKU\S-1-5-21-1161003254-3360529415-1600708479-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Softonic, Quarantined, [517606ef5534e94da0f76706f1124cb4],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 5
PUP.Optional.MultiPlug.A, C:\PROGRAM FILES (X86)\SAVE NEET, Quarantined, [f4d37184543590a61eb3c181e320a858],
PUP.Optional.MultiPlug.A, C:\PROGRAMDATA\SAVE NEET, Quarantined, [e5e2b4416a1f0630daf8cd75867d9070],
PUP.Optional.Booster.A, C:\PROGRAM FILES (X86)\SW_BOOSTER, Quarantined, [10b78f6693f6fa3c49b5d773d42f9967],
PUP.Optional.PCTechHotline.A, C:\Users\Kevin\AppData\Roaming\PC TECH HOTLINE, Quarantined, [4681688d60299c9a1bf23333f80b857b],
PUP.Optional.PCTechHotline.A, C:\Users\Kevin\AppData\Roaming\PC TECH HOTLINE\skin, Quarantined, [4681688d60299c9a1bf23333f80b857b],

Files: 52
PUP.Optional.MyStart.A, C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\HTTP_WWW.MYSTART.COM_0.LOCALSTORAGE, Quarantined, [4d7a4da8335655e1851a9ce4f90a6898],
PUP.Optional.MyStart.A, C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\HTTP_WWW.MYSTART.COM_0.LOCALSTORAGE-JOURNAL, Quarantined, [ba0da055d3b6f93d415ea8d86c9710f0],
PUP.Optional.MultiPlug.A, C:\ProgramData\save neeT\Lsq0t.dat, Quarantined, [e5e2b4416a1f0630daf8cd75867d9070],
PUP.Optional.PCTechHotline.A, C:\Users\Kevin\AppData\Roaming\PC Tech Hotline\skin\24x7NewAppGraph_CPUmonitorIcon01.png, Quarantined, [4681688d60299c9a1bf23333f80b857b],
PUP.Optional.PCTechHotline.A, C:\Users\Kevin\AppData\Roaming\PC Tech Hotline\skin\Icon_FAQ.png, Quarantined, [4681688d60299c9a1bf23333f80b857b],
PUP.Optional.PCTechHotline.A, C:\Users\Kevin\AppData\Roaming\PC Tech Hotline\skin\24x7bubble_Left.png, Quarantined, [4681688d60299c9a1bf23333f80b857b],
PUP.Optional.PCTechHotline.A, C:\Users\Kevin\AppData\Roaming\PC Tech Hotline\skin\24x7bubble_Right.png, Quarantined, [4681688d60299c9a1bf23333f80b857b],
PUP.Optional.PCTechHotline.A, C:\Users\Kevin\AppData\Roaming\PC Tech Hotline\skin\24x7bubble_X00.png, Quarantined, [4681688d60299c9a1bf23333f80b857b],
PUP.Optional.PCTechHotline.A, C:\Users\Kevin\AppData\Roaming\PC Tech Hotline\skin\24x7bubble_X01.png, Quarantined, [4681688d60299c9a1bf23333f80b857b],
PUP.Optional.PCTechHotline.A, C:\Users\Kevin\AppData\Roaming\PC Tech Hotline\skin\24x7bubble_X02.png, Quarantined, [4681688d60299c9a1bf23333f80b857b],
PUP.Optional.PCTechHotline.A, C:\Users\Kevin\AppData\Roaming\PC Tech Hotline\skin\24x7Dark001_SettingsActive.png, Quarantined, [4681688d60299c9a1bf23333f80b857b],
PUP.Optional.PCTechHotline.A, C:\Users\Kevin\AppData\Roaming\PC Tech Hotline\skin\24x7Dark001_SettingsBack.png, Quarantined, [4681688d60299c9a1bf23333f80b857b],
PUP.Optional.PCTechHotline.A, C:\Users\Kevin\AppData\Roaming\PC Tech Hotline\skin\24x7Dark001_SettingsHover.png, Quarantined, [4681688d60299c9a1bf23333f80b857b],
PUP.Optional.PCTechHotline.A, C:\Users\Kevin\AppData\Roaming\PC Tech Hotline\skin\24x7Dark_NoTabs_Back00.png, Quarantined, [4681688d60299c9a1bf23333f80b857b],
PUP.Optional.PCTechHotline.A, C:\Users\Kevin\AppData\Roaming\PC Tech Hotline\skin\24x7Dark_NoTabs_PhoneIcon.png, Quarantined, [4681688d60299c9a1bf23333f80b857b],
PUP.Optional.PCTechHotline.A, C:\Users\Kevin\AppData\Roaming\PC Tech Hotline\skin\24x7logoNew_dark01.png, Quarantined, [4681688d60299c9a1bf23333f80b857b],
PUP.Optional.PCTechHotline.A, C:\Users\Kevin\AppData\Roaming\PC Tech Hotline\skin\24x7NewAppGraph_CPUblue.png, Quarantined, [4681688d60299c9a1bf23333f80b857b],
PUP.Optional.PCTechHotline.A, C:\Users\Kevin\AppData\Roaming\PC Tech Hotline\skin\24x7NewAppGraph_CPUgreen.png, Quarantined, [4681688d60299c9a1bf23333f80b857b],
PUP.Optional.PCTechHotline.A, C:\Users\Kevin\AppData\Roaming\PC Tech Hotline\skin\24x7NewAppGraph_CPUmonitorIcon00.png, Quarantined, [4681688d60299c9a1bf23333f80b857b],
PUP.Optional.PCTechHotline.A, C:\Users\Kevin\AppData\Roaming\PC Tech Hotline\skin\24x7NewAppGraph_graph.png, Quarantined, [4681688d60299c9a1bf23333f80b857b],
PUP.Optional.PCTechHotline.A, C:\Users\Kevin\AppData\Roaming\PC Tech Hotline\skin\24x7NewAppGraph_LivechatIcon00.png, Quarantined, [4681688d60299c9a1bf23333f80b857b],
PUP.Optional.PCTechHotline.A, C:\Users\Kevin\AppData\Roaming\PC Tech Hotline\skin\24x7NewAppGraph_LivechatIcon01.png, Quarantined, [4681688d60299c9a1bf23333f80b857b],
PUP.Optional.PCTechHotline.A, C:\Users\Kevin\AppData\Roaming\PC Tech Hotline\skin\24x7NewAppGraph_lowerstripe.png, Quarantined, [4681688d60299c9a1bf23333f80b857b],
PUP.Optional.PCTechHotline.A, C:\Users\Kevin\AppData\Roaming\PC Tech Hotline\skin\24x7NewAppGraph_manphoto.png, Quarantined, [4681688d60299c9a1bf23333f80b857b],
PUP.Optional.PCTechHotline.A, C:\Users\Kevin\AppData\Roaming\PC Tech Hotline\skin\24x7NewAppGraph_SupportIcon00.png, Quarantined, [4681688d60299c9a1bf23333f80b857b],
PUP.Optional.PCTechHotline.A, C:\Users\Kevin\AppData\Roaming\PC Tech Hotline\skin\24x7NewAppGraph_SupportIcon01.png, Quarantined, [4681688d60299c9a1bf23333f80b857b],
PUP.Optional.PCTechHotline.A, C:\Users\Kevin\AppData\Roaming\PC Tech Hotline\skin\24x7NewAppGraph_SystemCheckIcon00.png, Quarantined, [4681688d60299c9a1bf23333f80b857b],
PUP.Optional.PCTechHotline.A, C:\Users\Kevin\AppData\Roaming\PC Tech Hotline\skin\24x7NewAppGraph_SystemCheckIcon01.png, Quarantined, [4681688d60299c9a1bf23333f80b857b],
PUP.Optional.PCTechHotline.A, C:\Users\Kevin\AppData\Roaming\PC Tech Hotline\skin\24x7_UploaderDark01.png, Quarantined, [4681688d60299c9a1bf23333f80b857b],
PUP.Optional.PCTechHotline.A, C:\Users\Kevin\AppData\Roaming\PC Tech Hotline\skin\ArrowSmall.png, Quarantined, [4681688d60299c9a1bf23333f80b857b],
PUP.Optional.PCTechHotline.A, C:\Users\Kevin\AppData\Roaming\PC Tech Hotline\skin\ArrowSmallHot.png, Quarantined, [4681688d60299c9a1bf23333f80b857b],
PUP.Optional.PCTechHotline.A, C:\Users\Kevin\AppData\Roaming\PC Tech Hotline\skin\bubble.xml, Quarantined, [4681688d60299c9a1bf23333f80b857b],
PUP.Optional.PCTechHotline.A, C:\Users\Kevin\AppData\Roaming\PC Tech Hotline\skin\Hardware_Icon.png, Quarantined, [4681688d60299c9a1bf23333f80b857b],
PUP.Optional.PCTechHotline.A, C:\Users\Kevin\AppData\Roaming\PC Tech Hotline\skin\Icon_FAQ_nonactive.png, Quarantined, [4681688d60299c9a1bf23333f80b857b],
PUP.Optional.PCTechHotline.A, C:\Users\Kevin\AppData\Roaming\PC Tech Hotline\skin\Icon_Settings.png, Quarantined, [4681688d60299c9a1bf23333f80b857b],
PUP.Optional.PCTechHotline.A, C:\Users\Kevin\AppData\Roaming\PC Tech Hotline\skin\Icon_Settings_nonactive.png, Quarantined, [4681688d60299c9a1bf23333f80b857b],
PUP.Optional.PCTechHotline.A, C:\Users\Kevin\AppData\Roaming\PC Tech Hotline\skin\MainImg_SettingsDark01.png, Quarantined, [4681688d60299c9a1bf23333f80b857b],
PUP.Optional.PCTechHotline.A, C:\Users\Kevin\AppData\Roaming\PC Tech Hotline\skin\Navigation_HomeIcon00_Dark01.png, Quarantined, [4681688d60299c9a1bf23333f80b857b],
PUP.Optional.PCTechHotline.A, C:\Users\Kevin\AppData\Roaming\PC Tech Hotline\skin\Navigation_HomeIcon01_Dark01.png, Quarantined, [4681688d60299c9a1bf23333f80b857b],
PUP.Optional.PCTechHotline.A, C:\Users\Kevin\AppData\Roaming\PC Tech Hotline\skin\Navigation_SettingsIcon00_Dark01.png, Quarantined, [4681688d60299c9a1bf23333f80b857b],
PUP.Optional.PCTechHotline.A, C:\Users\Kevin\AppData\Roaming\PC Tech Hotline\skin\Navigation_SettingsIcon01_Dark01.png, Quarantined, [4681688d60299c9a1bf23333f80b857b],
PUP.Optional.PCTechHotline.A, C:\Users\Kevin\AppData\Roaming\PC Tech Hotline\skin\OK_IconGreen01.png, Quarantined, [4681688d60299c9a1bf23333f80b857b],
PUP.Optional.PCTechHotline.A, C:\Users\Kevin\AppData\Roaming\PC Tech Hotline\skin\PeriodicSystemCheckBubble.png, Quarantined, [4681688d60299c9a1bf23333f80b857b],
PUP.Optional.PCTechHotline.A, C:\Users\Kevin\AppData\Roaming\PC Tech Hotline\skin\Phones_Icon.png, Quarantined, [4681688d60299c9a1bf23333f80b857b],
PUP.Optional.PCTechHotline.A, C:\Users\Kevin\AppData\Roaming\PC Tech Hotline\skin\Security_Icon.png, Quarantined, [4681688d60299c9a1bf23333f80b857b],
PUP.Optional.PCTechHotline.A, C:\Users\Kevin\AppData\Roaming\PC Tech Hotline\skin\skin.xml, Quarantined, [4681688d60299c9a1bf23333f80b857b],
PUP.Optional.PCTechHotline.A, C:\Users\Kevin\AppData\Roaming\PC Tech Hotline\skin\Software_Icon.png, Quarantined, [4681688d60299c9a1bf23333f80b857b],
PUP.Optional.PCTechHotline.A, C:\Users\Kevin\AppData\Roaming\PC Tech Hotline\skin\SupportCheck01_arrow00.png, Quarantined, [4681688d60299c9a1bf23333f80b857b],
PUP.Optional.PCTechHotline.A, C:\Users\Kevin\AppData\Roaming\PC Tech Hotline\skin\SupportCheck01_arrow01.png, Quarantined, [4681688d60299c9a1bf23333f80b857b],
PUP.Optional.PCTechHotline.A, C:\Users\Kevin\AppData\Roaming\PC Tech Hotline\skin\Warning_Icon01.png, Quarantined, [4681688d60299c9a1bf23333f80b857b],
PUP.Optional.PCTechHotline.A, C:\Users\Kevin\AppData\Roaming\PC Tech Hotline\skin\Warning_IconOrange01.png, Quarantined, [4681688d60299c9a1bf23333f80b857b],
PUP.Optional.PCTechHotline.A, C:\Users\Kevin\AppData\Roaming\PC Tech Hotline\skin\Warning_IconRed01.png, Quarantined, [4681688d60299c9a1bf23333f80b857b],

Physical Sectors: 0
(No malicious items detected)


(end)

[motji]

A pak už jste nic nenašel, ne? udělejte ještě ty dva programy co jsem psala.