Nepíšou se háčky a čárky přes shift

[jajaja28]

Zdravím, nedávno se mi přestaly psát háčky a čárky přes shift, prosím o pomoc.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Admin at 2015-01-31 12:11:27
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 69 GB (10%) free of 670 GB
Total RAM: 4040 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:11:32, on 31.1.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17496)
Boot mode: Normal

Running processes:
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\USB Camera\VM331_STI.EXE
C:\Users\Admin\AppData\Local\Temp\google chrome.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
C:\Program Files\trend micro\Admin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://trollface.biz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
O4 - HKLM\..\Run: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
O4 - HKLM\..\Run: [VeriFaceManager] c:\program files (x86)\lenovo\veriface\pmanage.exe
O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXE
O4 - HKLM\..\Run: [0021287bebec1994ead0f87377721d44] "C:\Users\Admin\AppData\Local\Temp\google chrome.exe" ..
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [adsacquy] C:\WINDOWS\ads2.exe
O4 - HKCU\..\Run: [0021287bebec1994ead0f87377721d44] "C:\Users\Admin\AppData\Local\Temp\google chrome.exe" ..
O4 - Startup: 0021287bebec1994ead0f87377721d44.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Služba Kaspersky Anti-Virus (AVP) - AVAST Software - (no file)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 8711 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\windows\system32\WLANExt.exe 28539024
\??\C:\windows\system32\conhost.exe "-1456310056-1342833896-15693277771128000016317920704-70440455-1497734577-1012118210
"C:\windows\system32\Dwm.exe"
C:\windows\Explorer.EXE
C:\windows\System32\spoolsv.exe
"taskhost.exe"
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe"
"C:\Windows\System32\igfxpers.exe"
C:\windows\system32\svchost.exe -k imgsvc
"C:\Windows\System32\igfxtray.exe"
C:\windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Program Files (x86)\Lenovo\Energy Management\utility.exe"
"C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe"
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
"C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
"C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files (x86)\USB Camera\VM331_STI.EXE"
"C:\Users\Admin\AppData\Local\Temp\google chrome.exe" ..
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
C:\windows\system32\SearchIndexer.exe /Embedding
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 3140
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=1672.d818160.1577505936 "C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" E7CF176E110C211B 1672 "\\.\pipe\gecko-crash-server-pipe.1672" plugin
"C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe" --proxy-stub-channel=Flash4252.68586160.6015 --host-broker-channel=Flash4252.68586160.28751 --host-pid=4252 --host-npapi-version=27 --plugin-path="C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll"
"C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe" --channel=4296.0045F514.2023881832 --proxy-stub-channel=Flash4252.68586160.6015 --plugin-path="C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll" --host-npapi-version=27 --type=renderer
C:\windows\system32\igfxsrvc.exe -Embedding
"C:\Users\Admin\Downloads\ovladace\RSITx64.exe"

======Scheduled tasks folder======

C:\windows\tasks\Adobe Flash Player Updater.job
C:\windows\tasks\GoogleUpdateTaskMachineCore1ce50c79b81aaa8.job
C:\windows\tasks\GoogleUpdateTaskMachineUA1ce50c79bac64c8.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8zco8jvh.default

prefs.js - "browser.startup.homepage" - "seznam.cz"
prefs.js - "extensions.enabledItems" - "{23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145, wrc@avast.com:9.0.2021.112, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 16.0.0.296 Plugin
"Path"=C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Plus Web Player
"Path"=C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.31.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@ngm.nexoneu.com/NxGame]
"Description"=Nexon Game Controller
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=1.1.11]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 16.0.0.296 Plugin
"Path"=C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.60.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.60.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll


C:\Program Files (x86)\Mozilla Firefox\plugins\
nppdf32.dll

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2014-06-12 553384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-07-15 612248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-06-12 211880]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-12-12 194432]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-29 460712]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-07-15 457712]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-29 172968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-04-08 2741544]
"Persistence"=C:\windows\system32\igfxpers.exe [2011-09-26 416024]
"IgfxTray"=C:\windows\system32\igfxtray.exe [2011-09-26 167704]
"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2011-09-26 392472]
"EnergyUtility"=C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [2011-10-19 5908928]
"Energy Management"=C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [2011-10-19 9753024]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"adsacquy"=C:\WINDOWS\ads2.exe []
"0021287bebec1994ead0f87377721d44"=C:\Users\Admin\AppData\Local\Temp\google chrome.exe [2015-01-22 24064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-12-17 508800]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SystemKey"= []
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-07-31 4085896]
"YouCam Tray"=C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [2011-01-29 228448]
"YouCam Mirage"=C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-29 136488]
"VeriFaceManager"=c:\program files (x86)\lenovo\veriface\pmanage.exe [2011-10-19 329056]
"UpdatePRCShortCut"=C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [2009-05-13 222504]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-07-04 642728]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2011-02-18 283160]
"AMD AVT"=Cmd.exe /c start AMD Accelerated Video Transcoding device initialization /min C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe aml []
"331BigDog"=C:\Program Files (x86)\USB Camera\VM331_STI.EXE [2011-06-15 548864]
"0021287bebec1994ead0f87377721d44"=C:\Users\Admin\AppData\Local\Temp\google chrome.exe [2015-01-22 24064]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-12-17 508800]

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
0021287bebec1994ead0f87377721d44.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2011-09-26 390144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\windows\system32\webcheck.dll [2013-12-10 243200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PAexec]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PAexec]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2015-01-31 12:05:50 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-01-20 14:21:59 ----D---- C:\PRo
2015-01-20 14:21:57 ----D---- C:\fappro
2015-01-14 10:38:46 ----A---- C:\windows\system32\TSWbPrxy.exe
2015-01-14 10:38:46 ----A---- C:\windows\system32\profsvc.dll
2015-01-14 10:38:45 ----A---- C:\windows\SYSWOW64\nlaapi.dll
2015-01-14 10:38:45 ----A---- C:\windows\SYSWOW64\ncsi.dll
2015-01-14 10:38:45 ----A---- C:\windows\system32\nlasvc.dll
2015-01-14 10:38:45 ----A---- C:\windows\system32\drivers\mrxdav.sys
2015-01-14 10:38:30 ----A---- C:\windows\system32\ntoskrnl.exe
2015-01-14 10:38:28 ----A---- C:\windows\SYSWOW64\ntoskrnl.exe
2015-01-14 10:38:28 ----A---- C:\windows\SYSWOW64\ntkrnlpa.exe
2015-01-14 10:38:26 ----A---- C:\windows\SYSWOW64\srclient.dll
2015-01-14 10:38:26 ----A---- C:\windows\system32\srcore.dll
2015-01-14 10:38:26 ----A---- C:\windows\system32\srclient.dll
2015-01-14 10:38:26 ----A---- C:\windows\system32\rstrui.exe
2015-01-05 20:28:36 ----D---- C:\Users\Admin\AppData\Roaming\FileZilla
2015-01-05 20:27:14 ----D---- C:\Program Files (x86)\FileZilla FTP Client
2015-01-05 17:00:41 ----D---- C:\Program Files (x86)\GeoGebra 5.0
2015-01-03 14:42:29 ----D---- C:\Python27
2015-01-01 17:22:13 ----D---- C:\Users\Admin\AppData\Roaming\Dropbox

======List of files/folders modified in the last 1 month======

2015-01-31 12:11:32 ----D---- C:\windows\Prefetch
2015-01-31 12:11:31 ----D---- C:\windows\temp
2015-01-31 12:11:30 ----D---- C:\Program Files\trend micro
2015-01-31 12:07:12 ----SD---- C:\ProgramData\Microsoft
2015-01-31 12:07:12 ----D---- C:\ProgramData
2015-01-31 12:07:12 ----AD---- C:\windows\System32
2015-01-31 12:05:50 ----RD---- C:\Program Files (x86)
2015-01-31 12:05:15 ----D---- C:\windows\system32\config
2015-01-31 11:41:58 ----A---- C:\windows\system32\PerfStringBackup.INI
2015-01-31 11:40:20 ----D---- C:\windows\Microsoft.NET
2015-01-31 11:37:42 ----D---- C:\ProgramData\VeriFace
2015-01-30 23:31:47 ----D---- C:\ProgramData\Origin
2015-01-30 23:14:06 ----D---- C:\Program Files (x86)\Origin
2015-01-30 17:23:43 ----A---- C:\windows\SYSWOW64\FlashPlayerApp.exe
2015-01-30 15:01:14 ----SHD---- C:\System Volume Information
2015-01-29 20:23:07 ----D---- C:\ProgramData\Oracle
2015-01-29 20:10:56 ----SHD---- C:\windows\Installer
2015-01-29 20:10:55 ----D---- C:\Program Files (x86)\Common Files
2015-01-29 20:10:44 ----D---- C:\windows\SysWOW64
2015-01-29 20:10:21 ----A---- C:\windows\SYSWOW64\WindowsAccessBridge-32.dll
2015-01-29 20:09:50 ----D---- C:\Program Files (x86)\Java
2015-01-29 16:33:23 ----D---- C:\windows\system32\catroot2
2015-01-25 21:04:08 ----D---- C:\SG Interactive
2015-01-25 13:05:39 ----D---- C:\windows\SYSWOW64\drivers
2015-01-24 22:59:19 ----D---- C:\windows\inf
2015-01-23 09:57:57 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-22 20:55:02 ----D---- C:\Program Files (x86)\Mozilla Firefox
2015-01-22 16:25:31 ----D---- C:\Program Files (x86)\PokerStars
2015-01-21 12:48:16 ----AD---- C:\Windows
2015-01-17 23:31:47 ----D---- C:\windows\debug
2015-01-15 11:02:35 ----D---- C:\windows\winsxs
2015-01-15 11:00:39 ----D---- C:\windows\system32\drivers
2015-01-14 23:02:32 ----D---- C:\windows\system32\MRT
2015-01-14 23:02:27 ----A---- C:\windows\system32\MRT.exe
2015-01-14 10:38:38 ----D---- C:\windows\system32\catroot
2015-01-06 04:36:02 ----N---- C:\windows\system32\MpSigStub.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\windows\system32\drivers\aswRvrt.sys [2014-07-15 65776]
R0 aswVmm;avast! VM Monitor; C:\windows\system32\drivers\aswVmm.sys [2014-07-15 224896]
R0 fbfmon;fbfmon; C:\windows\system32\drivers\fbfmon.sys [2011-10-19 57952]
R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2011-02-18 439320]
R0 KL1;kl1; C:\windows\system32\DRIVERS\kl1.sys [2011-03-04 460888]
R0 LHDmgr;LHDmgr; C:\windows\System32\DRIVERS\LhdX64.sys [2011-10-19 39008]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 aswRdr;aswRdr; C:\windows\system32\drivers\aswRdr2.sys [2014-07-15 93568]
R1 aswSnx;aswSnx; C:\windows\system32\drivers\aswSnx.sys [2014-11-21 1041168]
R1 aswSP;aswSP; C:\windows\system32\drivers\aswSP.sys [2014-07-15 427360]
R1 BPntDrv;BPntDrv; C:\windows\system32\drivers\BPntDrv.sys [2011-10-19 13408]
R1 ElbyCDIO;ElbyCDIO Driver; C:\windows\System32\Drivers\ElbyCDIO.sys [2010-12-16 40816]
R1 kl2;kl2; C:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11864]
R1 KLIF;Kaspersky Lab Driver; C:\windows\system32\DRIVERS\klif.sys [2012-11-10 637272]
R2 aswHwid;avast! HardwareID; C:\windows\system32\drivers\aswHwid.sys [2014-07-15 29208]
R2 aswMonFlt;aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [2014-07-15 79184]
R2 aswStm;aswStm; C:\windows\system32\drivers\aswStm.sys [2014-07-15 92008]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver; C:\windows\system32\DRIVERS\AcpiVpc.sys [2011-10-19 29792]
R3 amdkmdag;amdkmdag; C:\windows\system32\DRIVERS\atikmdag.sys [2012-07-05 10267648]
R3 amdkmdap;amdkmdap; C:\windows\system32\DRIVERS\atikmpag.sys [2012-07-05 368128]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\windows\system32\DRIVERS\bcmwl664.sys [2010-10-28 4716608]
R3 clwvd;CyberLink WebCam Virtual Driver; C:\windows\system32\DRIVERS\clwvd.sys [2011-01-29 31088]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\windows\system32\drivers\CHDRT64.sys [2011-02-14 1581184]
R3 IntcDAud;Intel(R) Display Audio; C:\windows\system32\DRIVERS\IntcDAud.sys [2011-08-23 317440]
R3 intelkmd;intelkmd; C:\windows\system32\DRIVERS\igdpmd64.sys [2011-09-26 12309440]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 22544]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\windows\system32\DRIVERS\L1C62x64.sys [2010-10-21 76912]
R3 MEIx64;Intel(R) Management Engine Interface; C:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
R3 Sftfs;Sftfs; C:\windows\system32\DRIVERS\Sftfslh.sys [2013-06-26 767144]
R3 Sftplay;Sftplay; C:\windows\system32\DRIVERS\Sftplaylh.sys [2013-06-26 273576]
R3 Sftredir;Sftredir; C:\windows\system32\DRIVERS\Sftredirlh.sys [2013-06-26 28840]
R3 Sftvol;Sftvol; C:\windows\system32\DRIVERS\Sftvollh.sys [2013-06-26 23208]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2011-04-08 1430576]
R3 VClone;VClone; C:\windows\system32\DRIVERS\VClone.sys [2011-01-15 36352]
S2 tandpl;tandpl; C:\windows\System32\drivers\tandpl.sys []
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver; C:\windows\System32\Drivers\ssadadb.sys [2011-05-13 36328]
S3 athur;Wireless Network Adapter Service; C:\windows\system32\DRIVERS\athurx.sys [2012-10-18 1930240]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 BTWAMPFL;btwampfl; C:\windows\system32\DRIVERS\btwampfl.sys [2010-12-15 349224]
S3 btwaudio;Bluetooth Audio Device Service; C:\windows\system32\drivers\btwaudio.sys [2010-12-15 106536]
S3 btwavdt;Bluetooth AVDT; C:\windows\system32\DRIVERS\btwavdt.sys [2010-12-15 138280]
S3 btwl2cap;Bluetooth L2CAP Service; C:\windows\system32\DRIVERS\btwl2cap.sys [2010-12-15 39464]
S3 btwrchid;btwrchid; C:\windows\system32\DRIVERS\btwrchid.sys [2010-12-15 21416]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 EagleX64;EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys []
S3 ggflt;SEMC USB Flash Driver Filter; C:\windows\system32\DRIVERS\ggflt.sys [2012-12-10 14448]
S3 ggsemc;SEMC USB Flash Driver; C:\windows\system32\DRIVERS\ggsemc.sys [2012-12-10 27760]
S3 hamachi;Hamachi Network Interface; C:\windows\system32\DRIVERS\hamachi.sys [2012-03-31 33344]
S3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2011-09-26 12309440]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent; C:\windows\system32\drivers\nmwcdnsux64.sys [2011-08-17 171008]
S3 pciide;pciide; C:\windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\windows\System32\drivers\rdpvideominiport.sys [2012-11-01 19456]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader; C:\windows\System32\Drivers\RtsUVStor.sys [2010-09-30 299520]
S3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM); C:\windows\system32\DRIVERS\s0017bus.sys [2008-10-21 113704]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter; C:\windows\system32\DRIVERS\s0017mdfl.sys [2008-10-21 19496]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver; C:\windows\system32\DRIVERS\s0017mdm.sys [2008-10-21 152616]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM); C:\windows\system32\DRIVERS\s0017mgmt.sys [2008-10-21 133160]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface; C:\windows\system32\DRIVERS\s0017obex.sys [2008-10-21 128552]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM); C:\windows\system32\DRIVERS\s0017unic.sys [2008-10-21 145960]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM); C:\windows\system32\DRIVERS\s1018bus.sys [2009-03-25 113704]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter; C:\windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 19496]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver; C:\windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 153128]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM); C:\windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 133160]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS); C:\windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 34856]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface; C:\windows\system32\DRIVERS\s1018obex.sys [2009-03-25 128552]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM); C:\windows\system32\DRIVERS\s1018unic.sys [2009-03-25 146472]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); C:\windows\system32\DRIVERS\ssadserd.sys [2011-05-13 146920]
S3 TsUsbFlt;TsUsbFlt; C:\windows\system32\drivers\tsusbflt.sys [2012-11-01 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\windows\system32\drivers\TsUsbGD.sys [2012-11-01 30208]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-07-15 50344]
R2 sftlist;Application Virtualization Client; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-06-26 523944]
R3 sftvsa;Application Virtualization Service Agent; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-06-26 207528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]
S3 aspnet_state;Stavová služba ASP.NET; C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\windows\system32\IEEtwCollector.exe [2014-11-22 114688]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S4 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-10 65640]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-30 267440]
S4 AMD External Events Utility;AMD External Events Utility; C:\windows\system32\atiesrxx.exe [2012-07-05 239616]
S4 btwdins;Bluetooth Service; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [2010-12-14 953632]
S4 cphs;Intel(R) Content Protection HECI Service; C:\windows\SysWow64\IntelCpHeciSvc.exe [2012-10-22 277024]
S4 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23 107912]
S4 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23 107912]
S4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-02-18 13336]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S4 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-12-21 325656]
S4 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-01-22 114800]
S4 NetMsmqActivator;@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetPipeActivator;@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetTcpActivator;@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 Origin Client Service;Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2015-01-30 1910128]
S4 PAExec;PAExec; C:\windows\PAExec.exe [2014-12-09 190464]
S4 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]

-----------------EOF-----------------

[Rudy]

Zdravím!
Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

[jajaja28]

Děkuji za pomáhání, zde je log:
Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 31.1.2015
Čas skenování: 12:53:18
Protokol: log.txt
Správce: Ano

Verze: 2.00.4.1028
Databáze malwaru: v2015.01.31.02
Databáze rootkitů: v2015.01.14.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Sebeobrany: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Admin

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 364417
Uplynulý čas: 28 min, 9 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Varovat
PUM: Zapnuto

Procesy: 1
Backdoor.NJBot.MSIL, C:\Users\Admin\AppData\Local\Temp\google chrome.exe, 676, , [27c736c76a1f0c2afaf05d3614f17a86]

Moduly: 0
(Žádné zákerné zjištěny položek)

Klíče registru: 11
PUP.Optional.OutBrowse, HKLM\SOFTWARE\CLASSES\TYPELIB\{DCABB943-792E-44C4-9029-ECBEE6265AF9}, , [ae4038c593f61b1b3ff439c560a27c84],
PUP.Optional.OutBrowse, HKLM\SOFTWARE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534}, , [ae4038c593f61b1b3ff439c560a27c84],
PUP.Optional.OutBrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534}, , [ae4038c593f61b1b3ff439c560a27c84],
PUP.Optional.OutBrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{DCABB943-792E-44C4-9029-ECBEE6265AF9}, , [ae4038c593f61b1b3ff439c560a27c84],
PUM.Chrome.EXTPOL, HKLM\SOFTWARE\POLICIES\GOOGLE\CHROME\EXTENSIONINSTALLFORCELIST, , [747a42bbc9c0f54111c18583bb4a5ea2],
PUP.Optional.PrivitizeTB.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\dhfcbmlocifngpbjdpgnkbjmgkadkjpp, , [1ad457a67514c3734deab008fa097c84],
PUP.Optional.Hosts.A, HKLM\SOFTWARE\WOW6432NODE\HOSTS\INSTALLER, , [cc229e5f02878caa3806dde716ed34cc],
PUP.Optional.PrivitizeTB.A, HKLM\SOFTWARE\WOW6432NODE\INDUSTRIYA\privitize, , [07e79a63e4a592a421136652877ccb35],
PUM.Chrome.EXTPOL, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\CHROME\EXTENSIONINSTALLFORCELIST, , [42ac3fbedbae4ee813bfcd3bc73e8a76],
PUP.Optional.Hosts, HKU\S-1-5-21-3453699966-3502188858-2010820046-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\HOSTS, , [e806cf2e8504d363b8f646558281a858],
PUP.Optional.PrivitizeTB.A, HKU\S-1-5-21-3453699966-3502188858-2010820046-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INDUSTRIYA\privitize, , [af3ff8050683f73f082d496f8a7944bc],

Hodnoty registru: 7
Backdoor.NJBot.MSIL, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|0021287bebec1994ead0f87377721d44, "C:\Users\Admin\AppData\Local\Temp\google chrome.exe" .., , [27c736c76a1f0c2afaf05d3614f17a86]
Backdoor.NJBot.MSIL, HKU\S-1-5-21-3453699966-3502188858-2010820046-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|0021287bebec1994ead0f87377721d44, "C:\Users\Admin\AppData\Local\Temp\google chrome.exe" .., , [27c736c76a1f0c2afaf05d3614f17a86]
PUM.Chrome.EXTPOL, HKLM\SOFTWARE\POLICIES\GOOGLE\CHROME\EXTENSIONINSTALLFORCELIST|1, nnlomafmkpiclmaaekkhpoecnclldmaa;file://C:\Users\Admin\AppData\Local\hosts\Chrome\35382.xml, , [747a42bbc9c0f54111c18583bb4a5ea2]
PUP.Optional.Hosts.A, HKLM\SOFTWARE\WOW6432NODE\HOSTS\INSTALLER|BundledIe, 1, , [cc229e5f02878caa3806dde716ed34cc]
PUM.Chrome.EXTPOL, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\CHROME\EXTENSIONINSTALLFORCELIST|1, nnlomafmkpiclmaaekkhpoecnclldmaa;file://C:\Users\Admin\AppData\Local\hosts\Chrome\35382.xml, , [42ac3fbedbae4ee813bfcd3bc73e8a76]
PUP.Optional.Hosts, HKU\S-1-5-21-3453699966-3502188858-2010820046-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\HOSTS|BhoRunningVersion, 153, , [e806cf2e8504d363b8f646558281a858]
Trojan.Downloader, HKU\S-1-5-21-3453699966-3502188858-2010820046-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|adsacquy, C:\WINDOWS\ads2.exe, , [a04e59a45a2fdc5ae7ad0fa730d421df]

Data registru: 1
Hijack.StartPage.TF, HKU\S-1-5-21-3453699966-3502188858-2010820046-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://trollface.biz, Dobré: (http://www.google.com), Špatné: (http://trollface.biz),,[db1313eac1c85dd94f8b6c3474916898]

Složky: 14
Trojan.Agent.BCM, C:\Windows\inf\mncxieqx, , [db134ab3ee9bcf677f7b4ff96c97ca36],
Trojan.Agent.BCM, C:\Windows\inf\mncxieqx\bitstreams, , [db134ab3ee9bcf677f7b4ff96c97ca36],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\extensions\nnlomafmkpiclmaaekkhpoecnclldmaa, , [6985926b0c7d82b4d091b6930003639d],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.23.3_0, , [6985926b0c7d82b4d091b6930003639d],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.23.3_0\icons, , [6985926b0c7d82b4d091b6930003639d],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.23.3_0\icons\actions, , [6985926b0c7d82b4d091b6930003639d],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.23.3_0\js, , [6985926b0c7d82b4d091b6930003639d],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.23.3_0\js\api, , [6985926b0c7d82b4d091b6930003639d],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.23.3_0\js\app, , [6985926b0c7d82b4d091b6930003639d],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.23.3_0\js\lib, , [6985926b0c7d82b4d091b6930003639d],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.23.3_0\js\lib\popupResource, , [6985926b0c7d82b4d091b6930003639d],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_nnlomafmkpiclmaaekkhpoecnclldmaa_0, , [e70765987118f640058edf6fca39e41c],
PUP.Optional.PrivitizeTB.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\extensions\dhfcbmlocifngpbjdpgnkbjmgkadkjpp, , [f2fc1fde3059e25409041b34709333cd],
PUP.Optional.PrivitizeTB.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\extensions\dhfcbmlocifngpbjdpgnkbjmgkadkjpp\1.0_0, , [f2fc1fde3059e25409041b34709333cd],

Soubory: 61
Backdoor.NJBot.MSIL, C:\Users\Admin\AppData\Local\Temp\google chrome.exe, , [27c736c76a1f0c2afaf05d3614f17a86],
Trojan.MSIL.GenX, C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0021287bebec1994ead0f87377721d44.exe, , [48a635c8d6b3aa8cd4432bf6f40d13ed],
PUP.Optional.OpenCandy, C:\Users\Admin\Downloads\CheatEngine61.exe, , [aa4422db1178e254fa8ff2e944be718f],
Trojan.Agent.BCM, C:\Windows\inf\mncxieqx\diablo130302.cl, , [db134ab3ee9bcf677f7b4ff96c97ca36],
Trojan.Agent.BCM, C:\Windows\inf\mncxieqx\diakgcn121016.cl, , [db134ab3ee9bcf677f7b4ff96c97ca36],
Trojan.Agent.BCM, C:\Windows\inf\mncxieqx\libcurl-4.dll, , [db134ab3ee9bcf677f7b4ff96c97ca36],
Trojan.Agent.BCM, C:\Windows\inf\mncxieqx\libeay32.dll, , [db134ab3ee9bcf677f7b4ff96c97ca36],
Trojan.Agent.BCM, C:\Windows\inf\mncxieqx\libidn-11.dll, , [db134ab3ee9bcf677f7b4ff96c97ca36],
Trojan.Agent.BCM, C:\Windows\inf\mncxieqx\librtmp.dll, , [db134ab3ee9bcf677f7b4ff96c97ca36],
Trojan.Agent.BCM, C:\Windows\inf\mncxieqx\libssh2.dll, , [db134ab3ee9bcf677f7b4ff96c97ca36],
Trojan.Agent.BCM, C:\Windows\inf\mncxieqx\mncxieqx.exe, , [db134ab3ee9bcf677f7b4ff96c97ca36],
Trojan.Agent.BCM, C:\Windows\inf\mncxieqx\phatk121016.cl, , [db134ab3ee9bcf677f7b4ff96c97ca36],
Trojan.Agent.BCM, C:\Windows\inf\mncxieqx\poclbm130302.cl, , [db134ab3ee9bcf677f7b4ff96c97ca36],
Trojan.Agent.BCM, C:\Windows\inf\mncxieqx\scrypt130511.cl, , [db134ab3ee9bcf677f7b4ff96c97ca36],
Trojan.Agent.BCM, C:\Windows\inf\mncxieqx\ssleay32.dll, , [db134ab3ee9bcf677f7b4ff96c97ca36],
Trojan.Agent.BCM, C:\Windows\inf\mncxieqx\zlib1.dll, , [db134ab3ee9bcf677f7b4ff96c97ca36],
Trojan.Agent.BCM, C:\Windows\inf\mncxieqx\bitstreams\fpgaminer_top_fixed7_197MHz.ncd, , [db134ab3ee9bcf677f7b4ff96c97ca36],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.23.3_0\background.html, , [6985926b0c7d82b4d091b6930003639d],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.23.3_0\crossriderManifest.json, , [6985926b0c7d82b4d091b6930003639d],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.23.3_0\manifest.json, , [6985926b0c7d82b4d091b6930003639d],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.23.3_0\popup.html, , [6985926b0c7d82b4d091b6930003639d],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.23.3_0\icons\icon128.png, , [6985926b0c7d82b4d091b6930003639d],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.23.3_0\icons\icon16.png, , [6985926b0c7d82b4d091b6930003639d],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.23.3_0\icons\icon48.png, , [6985926b0c7d82b4d091b6930003639d],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.23.3_0\icons\actions\1.png, , [6985926b0c7d82b4d091b6930003639d],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.23.3_0\js\background.js, , [6985926b0c7d82b4d091b6930003639d],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.23.3_0\js\api\chrome.js, , [6985926b0c7d82b4d091b6930003639d],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.23.3_0\js\api\cookie.js, , [6985926b0c7d82b4d091b6930003639d],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.23.3_0\js\api\message.js, , [6985926b0c7d82b4d091b6930003639d],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.23.3_0\js\app\background.js, , [6985926b0c7d82b4d091b6930003639d],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.23.3_0\js\app\extension.js, , [6985926b0c7d82b4d091b6930003639d],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.23.3_0\js\lib\app_api.js, , [6985926b0c7d82b4d091b6930003639d],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.23.3_0\js\lib\async_api.js, , [6985926b0c7d82b4d091b6930003639d],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.23.3_0\js\lib\bg_app_api.js, , [6985926b0c7d82b4d091b6930003639d],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.23.3_0\js\lib\cookie_store.js, , [6985926b0c7d82b4d091b6930003639d],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.23.3_0\js\lib\crossriderAPI.js, , [6985926b0c7d82b4d091b6930003639d],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.23.3_0\js\lib\data_store.js, , [6985926b0c7d82b4d091b6930003639d],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.23.3_0\js\lib\delegate.js, , [6985926b0c7d82b4d091b6930003639d],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.23.3_0\js\lib\events.js, , [6985926b0c7d82b4d091b6930003639d],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.23.3_0\js\lib\installer.js, , [6985926b0c7d82b4d091b6930003639d],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.23.3_0\js\lib\logging.js, , [6985926b0c7d82b4d091b6930003639d],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.23.3_0\js\lib\onBGDocumentLoad.js, , [6985926b0c7d82b4d091b6930003639d],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.23.3_0\js\lib\reports.js, , [6985926b0c7d82b4d091b6930003639d],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.23.3_0\js\lib\util.js, , [6985926b0c7d82b4d091b6930003639d],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.23.3_0\js\lib\xhr.js, , [6985926b0c7d82b4d091b6930003639d],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.23.3_0\js\lib\popupResource\newPopup.js, , [6985926b0c7d82b4d091b6930003639d],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.23.3_0\js\lib\popupResource\popup.js, , [6985926b0c7d82b4d091b6930003639d],
PUP.Optional.CrossRider.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_nnlomafmkpiclmaaekkhpoecnclldmaa_0\3, , [e70765987118f640058edf6fca39e41c],
PUP.Optional.PrivitizeTB.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\extensions\dhfcbmlocifngpbjdpgnkbjmgkadkjpp\1.0_0\appCntrl.js, , [f2fc1fde3059e25409041b34709333cd],
PUP.Optional.PrivitizeTB.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\extensions\dhfcbmlocifngpbjdpgnkbjmgkadkjpp\1.0_0\bg.html, , [f2fc1fde3059e25409041b34709333cd],
PUP.Optional.PrivitizeTB.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\extensions\dhfcbmlocifngpbjdpgnkbjmgkadkjpp\1.0_0\bg.js, , [f2fc1fde3059e25409041b34709333cd],
PUP.Optional.PrivitizeTB.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\extensions\dhfcbmlocifngpbjdpgnkbjmgkadkjpp\1.0_0\CrmAdpt.dll, , [f2fc1fde3059e25409041b34709333cd],
PUP.Optional.PrivitizeTB.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\extensions\dhfcbmlocifngpbjdpgnkbjmgkadkjpp\1.0_0\ct.js, , [f2fc1fde3059e25409041b34709333cd],
PUP.Optional.PrivitizeTB.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\extensions\dhfcbmlocifngpbjdpgnkbjmgkadkjpp\1.0_0\CTB.dll, , [f2fc1fde3059e25409041b34709333cd],
PUP.Optional.PrivitizeTB.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\extensions\dhfcbmlocifngpbjdpgnkbjmgkadkjpp\1.0_0\dpk.js, , [f2fc1fde3059e25409041b34709333cd],
PUP.Optional.PrivitizeTB.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\extensions\dhfcbmlocifngpbjdpgnkbjmgkadkjpp\1.0_0\hprtkMsg.htm, , [f2fc1fde3059e25409041b34709333cd],
PUP.Optional.PrivitizeTB.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\extensions\dhfcbmlocifngpbjdpgnkbjmgkadkjpp\1.0_0\hprtkMsg.js, , [f2fc1fde3059e25409041b34709333cd],
PUP.Optional.PrivitizeTB.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\extensions\dhfcbmlocifngpbjdpgnkbjmgkadkjpp\1.0_0\json2.min.js, , [f2fc1fde3059e25409041b34709333cd],
PUP.Optional.PrivitizeTB.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\extensions\dhfcbmlocifngpbjdpgnkbjmgkadkjpp\1.0_0\logo.png, , [f2fc1fde3059e25409041b34709333cd],
PUP.Optional.PrivitizeTB.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\extensions\dhfcbmlocifngpbjdpgnkbjmgkadkjpp\1.0_0\manifest.json, , [f2fc1fde3059e25409041b34709333cd],
PUP.Optional.PrivitizeTB.A, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\extensions\dhfcbmlocifngpbjdpgnkbjmgkadkjpp\1.0_0\pref.json, , [f2fc1fde3059e25409041b34709333cd],

Fyzické sektory: 0
(Žádné zákerné zjištěny položek)


(end)

[Rudy]

Vše, co MBAM nalezl, smažte. Pak spusťte ještě tuto utilitu:

Stáhněte AdwCleaner http://www.stahuj.centrum.cz/utility_a_ ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve >Scan< a potom na >Clean< (smazat)
Proběhne skenováni a pak se objeví log, který sem vložte.

[jajaja28]

# AdwCleaner v4.109 - Report created 31/01/2015 at 16:14:41
# Updated 24/01/2015 by Xplode
# Database : 2015-01-26.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Admin - ADMIN-PC
# Running from : C:\Users\Admin\Desktop\adwcleaner_4.109.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\LSHunter.TV
Folder Deleted : C:\Users\Admin\AppData\Roaming\DownLite
Folder Deleted : C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LSHunter.TV
File Deleted : C:\windows\System32\roboot64.exe

***** [ Scheduled Tasks ] *****

Task Deleted : Go for FilesUpdate

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\0021287bebec1994ead0f87377721d44
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}
Key Deleted : HKLM\SOFTWARE\Trymedia Systems
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v35.0 (x86 cs)


-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [989 octets] - [01/09/2013 11:26:11]
AdwCleaner[R1].txt - [3309 octets] - [31/01/2015 16:11:50]
AdwCleaner[S0].txt - [1051 octets] - [01/09/2013 11:26:46]
AdwCleaner[S1].txt - [3214 octets] - [31/01/2015 16:14:41]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3274 octets] ##########

[Rudy]

Dejte nový log RSIT.

[jajaja28]

Logfile of random's system information tool 1.09 (written by random/random)
Run by Admin at 2015-01-31 17:36:03
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 68 GB (10%) free of 670 GB
Total RAM: 4040 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:36:06, on 31.1.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17496)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\USB Camera\VM331_STI.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrvPXDiscrete.exe
C:\Program Files\trend micro\Admin.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
O4 - HKLM\..\Run: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
O4 - HKLM\..\Run: [VeriFaceManager] c:\program files (x86)\lenovo\veriface\pmanage.exe
O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Služba Kaspersky Anti-Virus (AVP) - AVAST Software - (no file)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 8440 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\windows\system32\WLANExt.exe 2150304
\??\C:\windows\system32\conhost.exe "684144279-15425386601042318573873274980968950772-378605750968913813891714734
"C:\windows\system32\Dwm.exe"
C:\windows\Explorer.EXE
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe"
C:\windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe" /starttray
C:\windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\System32\igfxpers.exe"
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Program Files (x86)\Lenovo\Energy Management\utility.exe"
"C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe"
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
"C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
"C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\USB Camera\VM331_STI.EXE"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
C:\windows\system32\wbem\unsecapp.exe -Embedding
WLIDSvcM.exe 2700
C:\windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrvPXDiscrete.exe" -h
C:\windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
C:\windows\system32\igfxsrvc.exe -Embedding
"C:\Users\Admin\Downloads\ovladace\RSITx64.exe"

======Scheduled tasks folder======

C:\windows\tasks\Adobe Flash Player Updater.job
C:\windows\tasks\GoogleUpdateTaskMachineCore1ce50c79b81aaa8.job
C:\windows\tasks\GoogleUpdateTaskMachineUA1ce50c79bac64c8.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8zco8jvh.default

prefs.js - "browser.startup.homepage" - "seznam.cz"
prefs.js - "extensions.enabledItems" - "{23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145, wrc@avast.com:9.0.2021.112, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 16.0.0.296 Plugin
"Path"=C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Plus Web Player
"Path"=C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.31.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@ngm.nexoneu.com/NxGame]
"Description"=Nexon Game Controller
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=1.1.11]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 16.0.0.296 Plugin
"Path"=C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.60.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.60.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll


C:\Program Files (x86)\Mozilla Firefox\plugins\
nppdf32.dll

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2014-06-12 553384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-07-15 612248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-06-12 211880]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-12-12 194432]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-29 460712]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-07-15 457712]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-29 172968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-04-08 2741544]
"Persistence"=C:\windows\system32\igfxpers.exe [2011-09-26 416024]
"IgfxTray"=C:\windows\system32\igfxtray.exe [2011-09-26 167704]
"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2011-09-26 392472]
"EnergyUtility"=C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [2011-10-19 5908928]
"Energy Management"=C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [2011-10-19 9753024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-12-17 508800]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SystemKey"= []
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-07-31 4085896]
"YouCam Tray"=C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [2011-01-29 228448]
"YouCam Mirage"=C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-29 136488]
"VeriFaceManager"=c:\program files (x86)\lenovo\veriface\pmanage.exe [2011-10-19 329056]
"UpdatePRCShortCut"=C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [2009-05-13 222504]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-07-04 642728]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2011-02-18 283160]
"AMD AVT"=Cmd.exe /c start AMD Accelerated Video Transcoding device initialization /min C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe aml []
"331BigDog"=C:\Program Files (x86)\USB Camera\VM331_STI.EXE [2011-06-15 548864]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-12-17 508800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2011-09-26 390144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\windows\system32\webcheck.dll [2013-12-10 243200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PAexec]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PAexec]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2015-01-31 12:52:39 ----A---- C:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-31 12:52:11 ----A---- C:\windows\system32\drivers\mwac.sys
2015-01-31 12:52:11 ----A---- C:\windows\system32\drivers\mbamchameleon.sys
2015-01-31 12:52:10 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-31 12:05:50 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-01-20 14:21:59 ----D---- C:\PRo
2015-01-20 14:21:57 ----D---- C:\fappro
2015-01-14 10:38:46 ----A---- C:\windows\system32\TSWbPrxy.exe
2015-01-14 10:38:46 ----A---- C:\windows\system32\profsvc.dll
2015-01-14 10:38:45 ----A---- C:\windows\SYSWOW64\nlaapi.dll
2015-01-14 10:38:45 ----A---- C:\windows\SYSWOW64\ncsi.dll
2015-01-14 10:38:45 ----A---- C:\windows\system32\nlasvc.dll
2015-01-14 10:38:45 ----A---- C:\windows\system32\drivers\mrxdav.sys
2015-01-14 10:38:30 ----A---- C:\windows\system32\ntoskrnl.exe
2015-01-14 10:38:28 ----A---- C:\windows\SYSWOW64\ntoskrnl.exe
2015-01-14 10:38:28 ----A---- C:\windows\SYSWOW64\ntkrnlpa.exe
2015-01-14 10:38:26 ----A---- C:\windows\SYSWOW64\srclient.dll
2015-01-14 10:38:26 ----A---- C:\windows\system32\srcore.dll
2015-01-14 10:38:26 ----A---- C:\windows\system32\srclient.dll
2015-01-14 10:38:26 ----A---- C:\windows\system32\rstrui.exe
2015-01-05 20:28:36 ----D---- C:\Users\Admin\AppData\Roaming\FileZilla
2015-01-05 20:27:14 ----D---- C:\Program Files (x86)\FileZilla FTP Client
2015-01-05 17:00:41 ----D---- C:\Program Files (x86)\GeoGebra 5.0
2015-01-03 14:42:29 ----D---- C:\Python27
2015-01-01 17:22:13 ----D---- C:\Users\Admin\AppData\Roaming\Dropbox

======List of files/folders modified in the last 1 month======

2015-01-31 17:36:05 ----D---- C:\windows\temp
2015-01-31 17:36:05 ----D---- C:\Program Files\trend micro
2015-01-31 16:32:59 ----D---- C:\windows\system32\config
2015-01-31 16:24:16 ----AD---- C:\windows\System32
2015-01-31 16:24:16 ----A---- C:\windows\system32\PerfStringBackup.INI
2015-01-31 16:19:53 ----D---- C:\ProgramData\VeriFace
2015-01-31 16:19:50 ----D---- C:\windows\Microsoft.NET
2015-01-31 16:19:31 ----D---- C:\windows\Prefetch
2015-01-31 16:15:46 ----AD---- C:\Windows
2015-01-31 16:15:36 ----D---- C:\windows\system32\drivers
2015-01-31 16:15:36 ----D---- C:\windows\inf
2015-01-31 16:14:43 ----D---- C:\AdwCleaner
2015-01-31 16:14:41 ----RD---- C:\Program Files (x86)
2015-01-31 12:52:20 ----D---- C:\ProgramData\Malwarebytes
2015-01-31 12:52:19 ----D---- C:\Users\Admin\AppData\Roaming\Malwarebytes
2015-01-31 12:07:12 ----SD---- C:\ProgramData\Microsoft
2015-01-31 12:07:12 ----D---- C:\ProgramData
2015-01-30 23:31:47 ----D---- C:\ProgramData\Origin
2015-01-30 23:14:06 ----D---- C:\Program Files (x86)\Origin
2015-01-30 17:23:43 ----A---- C:\windows\SYSWOW64\FlashPlayerApp.exe
2015-01-30 15:01:14 ----SHD---- C:\System Volume Information
2015-01-29 20:23:07 ----D---- C:\ProgramData\Oracle
2015-01-29 20:10:56 ----SHD---- C:\windows\Installer
2015-01-29 20:10:55 ----D---- C:\Program Files (x86)\Common Files
2015-01-29 20:10:44 ----D---- C:\windows\SysWOW64
2015-01-29 20:10:21 ----A---- C:\windows\SYSWOW64\WindowsAccessBridge-32.dll
2015-01-29 20:09:50 ----D---- C:\Program Files (x86)\Java
2015-01-29 16:33:23 ----D---- C:\windows\system32\catroot2
2015-01-25 21:04:08 ----D---- C:\SG Interactive
2015-01-25 13:05:39 ----D---- C:\windows\SYSWOW64\drivers
2015-01-23 09:57:57 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-22 20:55:02 ----D---- C:\Program Files (x86)\Mozilla Firefox
2015-01-22 16:25:31 ----D---- C:\Program Files (x86)\PokerStars
2015-01-17 23:31:47 ----D---- C:\windows\debug
2015-01-15 11:02:35 ----D---- C:\windows\winsxs
2015-01-14 23:08:07 ----D---- C:\windows\system32\MRT
2015-01-14 23:02:27 ----A---- C:\windows\system32\MRT.exe
2015-01-14 10:38:38 ----D---- C:\windows\system32\catroot
2015-01-06 04:36:02 ----N---- C:\windows\system32\MpSigStub.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\windows\system32\drivers\aswRvrt.sys [2014-07-15 65776]
R0 aswVmm;avast! VM Monitor; C:\windows\system32\drivers\aswVmm.sys [2014-07-15 224896]
R0 fbfmon;fbfmon; C:\windows\system32\drivers\fbfmon.sys [2011-10-19 57952]
R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2011-02-18 439320]
R0 KL1;kl1; C:\windows\system32\DRIVERS\kl1.sys [2011-03-04 460888]
R0 LHDmgr;LHDmgr; C:\windows\System32\DRIVERS\LhdX64.sys [2011-10-19 39008]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 aswRdr;aswRdr; C:\windows\system32\drivers\aswRdr2.sys [2014-07-15 93568]
R1 aswSnx;aswSnx; C:\windows\system32\drivers\aswSnx.sys [2014-11-21 1041168]
R1 aswSP;aswSP; C:\windows\system32\drivers\aswSP.sys [2014-07-15 427360]
R1 BPntDrv;BPntDrv; C:\windows\system32\drivers\BPntDrv.sys [2011-10-19 13408]
R1 ElbyCDIO;ElbyCDIO Driver; C:\windows\System32\Drivers\ElbyCDIO.sys [2010-12-16 40816]
R1 kl2;kl2; C:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11864]
R1 KLIF;Kaspersky Lab Driver; C:\windows\system32\DRIVERS\klif.sys [2012-11-10 637272]
R2 aswHwid;avast! HardwareID; C:\windows\system32\drivers\aswHwid.sys [2014-07-15 29208]
R2 aswMonFlt;aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [2014-07-15 79184]
R2 aswStm;aswStm; C:\windows\system32\drivers\aswStm.sys [2014-07-15 92008]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver; C:\windows\system32\DRIVERS\AcpiVpc.sys [2011-10-19 29792]
R3 amdkmdag;amdkmdag; C:\windows\system32\DRIVERS\atikmdag.sys [2012-07-05 10267648]
R3 amdkmdap;amdkmdap; C:\windows\system32\DRIVERS\atikmpag.sys [2012-07-05 368128]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\windows\system32\DRIVERS\bcmwl664.sys [2010-10-28 4716608]
R3 clwvd;CyberLink WebCam Virtual Driver; C:\windows\system32\DRIVERS\clwvd.sys [2011-01-29 31088]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\windows\system32\drivers\CHDRT64.sys [2011-02-14 1581184]
R3 IntcDAud;Intel(R) Display Audio; C:\windows\system32\DRIVERS\IntcDAud.sys [2011-08-23 317440]
R3 intelkmd;intelkmd; C:\windows\system32\DRIVERS\igdpmd64.sys [2011-09-26 12309440]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 22544]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\windows\system32\DRIVERS\L1C62x64.sys [2010-10-21 76912]
R3 MBAMProtector;MBAMProtector; \??\C:\windows\system32\drivers\mbam.sys [2014-11-21 25816]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\windows\system32\drivers\MBAMSwissArmy.sys [2015-01-31 129752]
R3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\windows\system32\drivers\mwac.sys [2014-11-21 63704]
R3 MEIx64;Intel(R) Management Engine Interface; C:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
R3 Sftfs;Sftfs; C:\windows\system32\DRIVERS\Sftfslh.sys [2013-06-26 767144]
R3 Sftplay;Sftplay; C:\windows\system32\DRIVERS\Sftplaylh.sys [2013-06-26 273576]
R3 Sftredir;Sftredir; C:\windows\system32\DRIVERS\Sftredirlh.sys [2013-06-26 28840]
R3 Sftvol;Sftvol; C:\windows\system32\DRIVERS\Sftvollh.sys [2013-06-26 23208]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2011-04-08 1430576]
R3 VClone;VClone; C:\windows\system32\DRIVERS\VClone.sys [2011-01-15 36352]
S2 tandpl;tandpl; C:\windows\System32\drivers\tandpl.sys []
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver; C:\windows\System32\Drivers\ssadadb.sys [2011-05-13 36328]
S3 athur;Wireless Network Adapter Service; C:\windows\system32\DRIVERS\athurx.sys [2012-10-18 1930240]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 BTWAMPFL;btwampfl; C:\windows\system32\DRIVERS\btwampfl.sys [2010-12-15 349224]
S3 btwaudio;Bluetooth Audio Device Service; C:\windows\system32\drivers\btwaudio.sys [2010-12-15 106536]
S3 btwavdt;Bluetooth AVDT; C:\windows\system32\DRIVERS\btwavdt.sys [2010-12-15 138280]
S3 btwl2cap;Bluetooth L2CAP Service; C:\windows\system32\DRIVERS\btwl2cap.sys [2010-12-15 39464]
S3 btwrchid;btwrchid; C:\windows\system32\DRIVERS\btwrchid.sys [2010-12-15 21416]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 EagleX64;EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys []
S3 ggflt;SEMC USB Flash Driver Filter; C:\windows\system32\DRIVERS\ggflt.sys [2012-12-10 14448]
S3 ggsemc;SEMC USB Flash Driver; C:\windows\system32\DRIVERS\ggsemc.sys [2012-12-10 27760]
S3 hamachi;Hamachi Network Interface; C:\windows\system32\DRIVERS\hamachi.sys [2012-03-31 33344]
S3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2011-09-26 12309440]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent; C:\windows\system32\drivers\nmwcdnsux64.sys [2011-08-17 171008]
S3 pciide;pciide; C:\windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\windows\System32\drivers\rdpvideominiport.sys [2012-11-01 19456]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader; C:\windows\System32\Drivers\RtsUVStor.sys [2010-09-30 299520]
S3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM); C:\windows\system32\DRIVERS\s0017bus.sys [2008-10-21 113704]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter; C:\windows\system32\DRIVERS\s0017mdfl.sys [2008-10-21 19496]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver; C:\windows\system32\DRIVERS\s0017mdm.sys [2008-10-21 152616]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM); C:\windows\system32\DRIVERS\s0017mgmt.sys [2008-10-21 133160]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface; C:\windows\system32\DRIVERS\s0017obex.sys [2008-10-21 128552]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM); C:\windows\system32\DRIVERS\s0017unic.sys [2008-10-21 145960]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM); C:\windows\system32\DRIVERS\s1018bus.sys [2009-03-25 113704]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter; C:\windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 19496]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver; C:\windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 153128]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM); C:\windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 133160]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS); C:\windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 34856]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface; C:\windows\system32\DRIVERS\s1018obex.sys [2009-03-25 128552]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM); C:\windows\system32\DRIVERS\s1018unic.sys [2009-03-25 146472]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); C:\windows\system32\DRIVERS\ssadserd.sys [2011-05-13 146920]
S3 TsUsbFlt;TsUsbFlt; C:\windows\system32\drivers\tsusbflt.sys [2012-11-01 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\windows\system32\drivers\TsUsbGD.sys [2012-11-01 30208]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-07-15 50344]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-11-21 969016]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-11-21 1871160]
R2 sftlist;Application Virtualization Client; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-06-26 523944]
R3 sftvsa;Application Virtualization Service Agent; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-06-26 207528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]
S3 aspnet_state;Stavová služba ASP.NET; C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\windows\system32\IEEtwCollector.exe [2014-11-22 114688]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S4 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-10 65640]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-30 267440]
S4 AMD External Events Utility;AMD External Events Utility; C:\windows\system32\atiesrxx.exe [2012-07-05 239616]
S4 btwdins;Bluetooth Service; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [2010-12-14 953632]
S4 cphs;Intel(R) Content Protection HECI Service; C:\windows\SysWow64\IntelCpHeciSvc.exe [2012-10-22 277024]
S4 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23 107912]
S4 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23 107912]
S4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-02-18 13336]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S4 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-12-21 325656]
S4 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-01-22 114800]
S4 NetMsmqActivator;@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetPipeActivator;@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetTcpActivator;@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 Origin Client Service;Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2015-01-30 1910128]
S4 PAExec;PAExec; C:\windows\PAExec.exe [2014-12-09 190464]
S4 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]

-----------------EOF-----------------

[Rudy]

Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:

:files
C:\windows\tasks\GoogleUpdateTaskMachineCore1ce50c79b81aaa8.job
C:\windows\tasks\GoogleUpdateTaskMachineUA1ce50c79bac64c8.job

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-

:commands
[Purity]
[Emptytemp]
[Emptyflash]

a klikněte na >MoveIt!<. Před skenem vypněte antivir a po něm restartujte PC. Dejte nový log RSIT.

[jajaja28]

Logfile of random's system information tool 1.09 (written by random/random)
Run by Admin at 2015-01-31 18:11:44
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 69 GB (10%) free of 670 GB
Total RAM: 4040 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:11:59, on 31.1.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17496)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\USB Camera\VM331_STI.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\Admin.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
O4 - HKLM\..\Run: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
O4 - HKLM\..\Run: [VeriFaceManager] c:\program files (x86)\lenovo\veriface\pmanage.exe
O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Služba Kaspersky Anti-Virus (AVP) - AVAST Software - (no file)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 8256 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe 3468512
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
\??\C:\windows\system32\conhost.exe "-701687139-4848382741192847311-1328750114-1037273709-998285701-1451702111-1302702148
"C:\windows\system32\Dwm.exe"
C:\windows\Explorer.EXE
C:\windows\System32\spoolsv.exe
taskeng.exe {2AA79A81-27D4-44F8-AA3D-9089F9C64799}
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
taskeng.exe {FA0E3C79-0BE2-4B35-BEDB-7D3D7585917E}
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe" /starttray
C:\windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe"
taskeng.exe {F4C8D02E-C1FE-43F3-9756-860F68073878}
C:\windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
"C:\windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\servicing\TrustedInstaller.exe
C:\windows\system32\sppsvc.exe
"C:\Windows\System32\igfxpers.exe"
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Program Files (x86)\Lenovo\Energy Management\utility.exe"
"C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe"
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe"
C:\windows\system32\wbem\unsecapp.exe -Embedding
C:\windows\system32\wbem\wmiprvse.exe
WLIDSvcM.exe 3888
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files (x86)\USB Camera\VM331_STI.EXE"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\windows\system32\SearchFilterHost.exe" 0 512 516 524 65536 520
wmiadap.exe /F /T /R
C:\windows\system32\wbem\wmiprvse.exe
"C:\Users\Admin\Downloads\ovladace\RSITx64.exe"

======Scheduled tasks folder======

C:\windows\tasks\Adobe Flash Player Updater.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8zco8jvh.default

prefs.js - "browser.startup.homepage" - "seznam.cz"
prefs.js - "extensions.enabledItems" - "{23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145, wrc@avast.com:9.0.2021.112, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 16.0.0.296 Plugin
"Path"=C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Plus Web Player
"Path"=C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.31.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@ngm.nexoneu.com/NxGame]
"Description"=Nexon Game Controller
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=1.1.11]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 16.0.0.296 Plugin
"Path"=C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.60.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.60.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll


C:\Program Files (x86)\Mozilla Firefox\plugins\
nppdf32.dll

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2014-06-12 553384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-07-15 612248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-06-12 211880]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-12-12 194432]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-29 460712]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-07-15 457712]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-29 172968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-04-08 2741544]
"Persistence"=C:\windows\system32\igfxpers.exe [2011-09-26 416024]
"IgfxTray"=C:\windows\system32\igfxtray.exe [2011-09-26 167704]
"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2011-09-26 392472]
"EnergyUtility"=C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [2011-10-19 5908928]
"Energy Management"=C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [2011-10-19 9753024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-12-17 508800]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SystemKey"= []
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-07-31 4085896]
"YouCam Tray"=C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [2011-01-29 228448]
"YouCam Mirage"=C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-29 136488]
"VeriFaceManager"=c:\program files (x86)\lenovo\veriface\pmanage.exe [2011-10-19 329056]
"UpdatePRCShortCut"=C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [2009-05-13 222504]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-07-04 642728]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2011-02-18 283160]
"AMD AVT"=Cmd.exe /c start AMD Accelerated Video Transcoding device initialization /min C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe aml []
"331BigDog"=C:\Program Files (x86)\USB Camera\VM331_STI.EXE [2011-06-15 548864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2011-09-26 390144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\windows\system32\webcheck.dll [2013-12-10 243200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PAexec]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PAexec]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2015-01-31 18:04:52 ----D---- C:\_OTM
2015-01-31 12:52:39 ----A---- C:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-31 12:52:11 ----A---- C:\windows\system32\drivers\mwac.sys
2015-01-31 12:52:11 ----A---- C:\windows\system32\drivers\mbamchameleon.sys
2015-01-31 12:52:10 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-31 12:05:50 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-01-20 14:21:59 ----D---- C:\PRo
2015-01-20 14:21:57 ----D---- C:\fappro
2015-01-14 10:38:46 ----A---- C:\windows\system32\TSWbPrxy.exe
2015-01-14 10:38:46 ----A---- C:\windows\system32\profsvc.dll
2015-01-14 10:38:45 ----A---- C:\windows\SYSWOW64\nlaapi.dll
2015-01-14 10:38:45 ----A---- C:\windows\SYSWOW64\ncsi.dll
2015-01-14 10:38:45 ----A---- C:\windows\system32\nlasvc.dll
2015-01-14 10:38:45 ----A---- C:\windows\system32\drivers\mrxdav.sys
2015-01-14 10:38:30 ----A---- C:\windows\system32\ntoskrnl.exe
2015-01-14 10:38:28 ----A---- C:\windows\SYSWOW64\ntoskrnl.exe
2015-01-14 10:38:28 ----A---- C:\windows\SYSWOW64\ntkrnlpa.exe
2015-01-14 10:38:26 ----A---- C:\windows\SYSWOW64\srclient.dll
2015-01-14 10:38:26 ----A---- C:\windows\system32\srcore.dll
2015-01-14 10:38:26 ----A---- C:\windows\system32\srclient.dll
2015-01-14 10:38:26 ----A---- C:\windows\system32\rstrui.exe
2015-01-05 20:28:36 ----D---- C:\Users\Admin\AppData\Roaming\FileZilla
2015-01-05 20:27:14 ----D---- C:\Program Files (x86)\FileZilla FTP Client
2015-01-05 17:00:41 ----D---- C:\Program Files (x86)\GeoGebra 5.0
2015-01-03 14:42:29 ----D---- C:\Python27
2015-01-01 17:22:13 ----D---- C:\Users\Admin\AppData\Roaming\Dropbox

======List of files/folders modified in the last 1 month======

2015-01-31 18:11:57 ----D---- C:\Program Files\trend micro
2015-01-31 18:11:48 ----D---- C:\windows\temp
2015-01-31 18:10:24 ----D---- C:\ProgramData\VeriFace
2015-01-31 18:10:14 ----D---- C:\windows\Microsoft.NET
2015-01-31 18:10:01 ----D---- C:\windows\system32\config
2015-01-31 18:05:07 ----AD---- C:\Windows
2015-01-31 18:04:52 ----D---- C:\windows\Tasks
2015-01-31 16:24:16 ----AD---- C:\windows\System32
2015-01-31 16:24:16 ----A---- C:\windows\system32\PerfStringBackup.INI
2015-01-31 16:19:31 ----D---- C:\windows\Prefetch
2015-01-31 16:15:36 ----D---- C:\windows\system32\drivers
2015-01-31 16:15:36 ----D---- C:\windows\inf
2015-01-31 16:14:43 ----D---- C:\AdwCleaner
2015-01-31 16:14:41 ----RD---- C:\Program Files (x86)
2015-01-31 12:52:20 ----D---- C:\ProgramData\Malwarebytes
2015-01-31 12:52:19 ----D---- C:\Users\Admin\AppData\Roaming\Malwarebytes
2015-01-31 12:07:12 ----SD---- C:\ProgramData\Microsoft
2015-01-31 12:07:12 ----D---- C:\ProgramData
2015-01-30 23:31:47 ----D---- C:\ProgramData\Origin
2015-01-30 23:14:06 ----D---- C:\Program Files (x86)\Origin
2015-01-30 17:23:43 ----A---- C:\windows\SYSWOW64\FlashPlayerApp.exe
2015-01-30 15:01:14 ----SHD---- C:\System Volume Information
2015-01-29 20:23:07 ----D---- C:\ProgramData\Oracle
2015-01-29 20:10:56 ----SHD---- C:\windows\Installer
2015-01-29 20:10:55 ----D---- C:\Program Files (x86)\Common Files
2015-01-29 20:10:44 ----D---- C:\windows\SysWOW64
2015-01-29 20:10:21 ----A---- C:\windows\SYSWOW64\WindowsAccessBridge-32.dll
2015-01-29 20:09:50 ----D---- C:\Program Files (x86)\Java
2015-01-29 16:33:23 ----D---- C:\windows\system32\catroot2
2015-01-25 21:04:08 ----D---- C:\SG Interactive
2015-01-25 13:05:39 ----D---- C:\windows\SYSWOW64\drivers
2015-01-23 09:57:57 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-22 20:55:02 ----D---- C:\Program Files (x86)\Mozilla Firefox
2015-01-22 16:25:31 ----D---- C:\Program Files (x86)\PokerStars
2015-01-17 23:31:47 ----D---- C:\windows\debug
2015-01-15 11:02:35 ----D---- C:\windows\winsxs
2015-01-14 23:08:07 ----D---- C:\windows\system32\MRT
2015-01-14 23:02:27 ----A---- C:\windows\system32\MRT.exe
2015-01-14 10:38:38 ----D---- C:\windows\system32\catroot
2015-01-06 04:36:02 ----N---- C:\windows\system32\MpSigStub.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\windows\system32\drivers\aswRvrt.sys [2014-07-15 65776]
R0 aswVmm;avast! VM Monitor; C:\windows\system32\drivers\aswVmm.sys [2014-07-15 224896]
R0 fbfmon;fbfmon; C:\windows\system32\drivers\fbfmon.sys [2011-10-19 57952]
R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2011-02-18 439320]
R0 KL1;kl1; C:\windows\system32\DRIVERS\kl1.sys [2011-03-04 460888]
R0 LHDmgr;LHDmgr; C:\windows\System32\DRIVERS\LhdX64.sys [2011-10-19 39008]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 aswRdr;aswRdr; C:\windows\system32\drivers\aswRdr2.sys [2014-07-15 93568]
R1 aswSnx;aswSnx; C:\windows\system32\drivers\aswSnx.sys [2014-11-21 1041168]
R1 aswSP;aswSP; C:\windows\system32\drivers\aswSP.sys [2014-07-15 427360]
R1 BPntDrv;BPntDrv; C:\windows\system32\drivers\BPntDrv.sys [2011-10-19 13408]
R1 ElbyCDIO;ElbyCDIO Driver; C:\windows\System32\Drivers\ElbyCDIO.sys [2010-12-16 40816]
R1 kl2;kl2; C:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11864]
R1 KLIF;Kaspersky Lab Driver; C:\windows\system32\DRIVERS\klif.sys [2012-11-10 637272]
R2 aswHwid;avast! HardwareID; C:\windows\system32\drivers\aswHwid.sys [2014-07-15 29208]
R2 aswMonFlt;aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [2014-07-15 79184]
R2 aswStm;aswStm; C:\windows\system32\drivers\aswStm.sys [2014-07-15 92008]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver; C:\windows\system32\DRIVERS\AcpiVpc.sys [2011-10-19 29792]
R3 amdkmdag;amdkmdag; C:\windows\system32\DRIVERS\atikmdag.sys [2012-07-05 10267648]
R3 amdkmdap;amdkmdap; C:\windows\system32\DRIVERS\atikmpag.sys [2012-07-05 368128]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\windows\system32\DRIVERS\bcmwl664.sys [2010-10-28 4716608]
R3 clwvd;CyberLink WebCam Virtual Driver; C:\windows\system32\DRIVERS\clwvd.sys [2011-01-29 31088]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\windows\system32\drivers\CHDRT64.sys [2011-02-14 1581184]
R3 IntcDAud;Intel(R) Display Audio; C:\windows\system32\DRIVERS\IntcDAud.sys [2011-08-23 317440]
R3 intelkmd;intelkmd; C:\windows\system32\DRIVERS\igdpmd64.sys [2011-09-26 12309440]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 22544]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\windows\system32\DRIVERS\L1C62x64.sys [2010-10-21 76912]
R3 MBAMProtector;MBAMProtector; \??\C:\windows\system32\drivers\mbam.sys [2014-11-21 25816]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\windows\system32\drivers\MBAMSwissArmy.sys [2015-01-31 129752]
R3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\windows\system32\drivers\mwac.sys [2014-11-21 63704]
R3 MEIx64;Intel(R) Management Engine Interface; C:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
R3 Sftfs;Sftfs; C:\windows\system32\DRIVERS\Sftfslh.sys [2013-06-26 767144]
R3 Sftplay;Sftplay; C:\windows\system32\DRIVERS\Sftplaylh.sys [2013-06-26 273576]
R3 Sftredir;Sftredir; C:\windows\system32\DRIVERS\Sftredirlh.sys [2013-06-26 28840]
R3 Sftvol;Sftvol; C:\windows\system32\DRIVERS\Sftvollh.sys [2013-06-26 23208]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2011-04-08 1430576]
R3 VClone;VClone; C:\windows\system32\DRIVERS\VClone.sys [2011-01-15 36352]
S2 tandpl;tandpl; C:\windows\System32\drivers\tandpl.sys []
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver; C:\windows\System32\Drivers\ssadadb.sys [2011-05-13 36328]
S3 athur;Wireless Network Adapter Service; C:\windows\system32\DRIVERS\athurx.sys [2012-10-18 1930240]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 BTWAMPFL;btwampfl; C:\windows\system32\DRIVERS\btwampfl.sys [2010-12-15 349224]
S3 btwaudio;Bluetooth Audio Device Service; C:\windows\system32\drivers\btwaudio.sys [2010-12-15 106536]
S3 btwavdt;Bluetooth AVDT; C:\windows\system32\DRIVERS\btwavdt.sys [2010-12-15 138280]
S3 btwl2cap;Bluetooth L2CAP Service; C:\windows\system32\DRIVERS\btwl2cap.sys [2010-12-15 39464]
S3 btwrchid;btwrchid; C:\windows\system32\DRIVERS\btwrchid.sys [2010-12-15 21416]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 EagleX64;EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys []
S3 ggflt;SEMC USB Flash Driver Filter; C:\windows\system32\DRIVERS\ggflt.sys [2012-12-10 14448]
S3 ggsemc;SEMC USB Flash Driver; C:\windows\system32\DRIVERS\ggsemc.sys [2012-12-10 27760]
S3 hamachi;Hamachi Network Interface; C:\windows\system32\DRIVERS\hamachi.sys [2012-03-31 33344]
S3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2011-09-26 12309440]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent; C:\windows\system32\drivers\nmwcdnsux64.sys [2011-08-17 171008]
S3 pciide;pciide; C:\windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\windows\System32\drivers\rdpvideominiport.sys [2012-11-01 19456]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader; C:\windows\System32\Drivers\RtsUVStor.sys [2010-09-30 299520]
S3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM); C:\windows\system32\DRIVERS\s0017bus.sys [2008-10-21 113704]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter; C:\windows\system32\DRIVERS\s0017mdfl.sys [2008-10-21 19496]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver; C:\windows\system32\DRIVERS\s0017mdm.sys [2008-10-21 152616]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM); C:\windows\system32\DRIVERS\s0017mgmt.sys [2008-10-21 133160]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface; C:\windows\system32\DRIVERS\s0017obex.sys [2008-10-21 128552]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM); C:\windows\system32\DRIVERS\s0017unic.sys [2008-10-21 145960]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM); C:\windows\system32\DRIVERS\s1018bus.sys [2009-03-25 113704]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter; C:\windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 19496]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver; C:\windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 153128]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM); C:\windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 133160]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS); C:\windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 34856]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface; C:\windows\system32\DRIVERS\s1018obex.sys [2009-03-25 128552]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM); C:\windows\system32\DRIVERS\s1018unic.sys [2009-03-25 146472]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); C:\windows\system32\DRIVERS\ssadserd.sys [2011-05-13 146920]
S3 TsUsbFlt;TsUsbFlt; C:\windows\system32\drivers\tsusbflt.sys [2012-11-01 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\windows\system32\drivers\TsUsbGD.sys [2012-11-01 30208]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-07-15 50344]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-11-21 969016]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-11-21 1871160]
R2 sftlist;Application Virtualization Client; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-06-26 523944]
R3 sftvsa;Application Virtualization Service Agent; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-06-26 207528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]
S3 aspnet_state;Stavová služba ASP.NET; C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\windows\system32\IEEtwCollector.exe [2014-11-22 114688]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S4 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-10 65640]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-30 267440]
S4 AMD External Events Utility;AMD External Events Utility; C:\windows\system32\atiesrxx.exe [2012-07-05 239616]
S4 btwdins;Bluetooth Service; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [2010-12-14 953632]
S4 cphs;Intel(R) Content Protection HECI Service; C:\windows\SysWow64\IntelCpHeciSvc.exe [2012-10-22 277024]
S4 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23 107912]
S4 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23 107912]
S4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-02-18 13336]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S4 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-12-21 325656]
S4 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-01-22 114800]
S4 NetMsmqActivator;@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetPipeActivator;@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetTcpActivator;@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 Origin Client Service;Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2015-01-30 1910128]
S4 PAExec;PAExec; C:\windows\PAExec.exe [2014-12-09 190464]
S4 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]

-----------------EOF-----------------

[Rudy]

Smazáno. Znovu spusťte OTM a klikněte na >CleanUp!<. OTM po sobě uklidí. Nakonec restartujte PC. Nastala nějaká změna?

[jajaja28]

Ano, háčky a čárky se píší normálně, děkuji mnohokrát!

[Rudy]

Toto způsobuje keylogger. Pokud jste ho v PC neměl vědomě, pak jste si ho odněkud nevědomky stáhl a někdo mohl sledovat na dálku třeba zadávání hesel. Nemáte zač!