prosil by som o kontrolu dakujem

Zpráva

luko · #1 Příspěvek od **luko** » 13 úno 2015 21:13

Logfile of random's system information tool 1.10 (written by random/random)
Run by Alex at 2015-02-13 21:11:54
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 43 GB (46%) free of 95 GB
Total RAM: 3967 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:11:57, on 13. 2. 2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17631)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe
C:\Program Files (x86)\JoyToKey\JoyToKey.exe
C:\Program Files (x86)\CinemaP-1.9cV12.02\927b1222-e48d-4dcc-aafd-ef472139fb07-10.exe
C:\Program Files\trend micro\Alex.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hp&ts=1 ... 3_F86D7115
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds& ... earchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://terra.im/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds& ... earchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hp&ts=1 ... 3_F86D7115
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds& ... earchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds& ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hp&ts=1 ... 3_F86D7115
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: BS Player ControlBar B Toolbar - {31264a33-a653-46c4-af49-1232c59a7da5} - C:\Users\Alex\AppData\LocalLow\BS_Player_ControlBar_B\prxtbBS_P.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: BS Player ControlBar B - {31264a33-a653-46c4-af49-1232c59a7da5} - C:\Users\Alex\AppData\LocalLow\BS_Player_ControlBar_B\prxtbBS_P.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_20\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Advanced SystemCare Surfing Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_20\bin\jp2ssv.dll
O3 - Toolbar: BS Player ControlBar B Toolbar - {31264a33-a653-46c4-af49-1232c59a7da5} - C:\Users\Alex\AppData\LocalLow\BS_Player_ControlBar_B\prxtbBS_P.dll
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [miner] "C:\Users\Alex\AppData\Roaming\miner\nircmd.exe" exec hide "C:\Users\Alex\AppData\Roaming\miner\start.bat"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Advanced SystemCare 8] "C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe" /Auto
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2086334020-214299838-3944995583-1005\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2086334020-214299838-3944995583-1005\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: MONITO~1.LNK = ?
O4 - Startup: Sledovat výstrahy inkoustu - HP Photosmart 5510d series (Síť).lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Advanced SystemCare Service 8 (AdvancedSystemCareService8) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Toolbar Service (TBSrv) - ClientConnect Ltd. - C:\Program Files (x86)\Tbccint\ToolbarService\ToolbarService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10708 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe"
"C:\Windows\system32\nvvsvc.exe"
C:\Windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
atieclxx
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
"C:\Windows\system32\Dwm.exe"
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Windows\WindowsMobile\wmdcBase.exe"
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"taskhost.exe"
C:\Windows\System32\spoolsv.exe
"C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe" /Auto
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
taskeng.exe {208F9C5B-7A9C-45AC-A3BB-E30C1844DBFF}
taskeng.exe {7CD68E6F-6CF9-4F12-B632-98EFFEDBEB11}
"C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe" /Task
"C:\Program Files (x86)\CinemaP-1.9cV12.02\927b1222-e48d-4dcc-aafd-ef472139fb07-1-6.exe" /rawdata=UHsZatL6BqZ2azLvLG+08i7sA+FfCxBbWVFgT/v010eiGPRLWU4PgGC0ZUNB0tH8cC6IyZ//oBZf7SUlJpdiz8J2tFrPuBXTLehkGZpjfMCvEluxbamyoDSt2ReYwaZewWvNaw2oESVPHYMjoDSj5kgRtSkpbu9qiQJZtnqsovJyrxPn9cEd4no/x4MpoyOEb0zl3OZzKyO00fMytbO2glWabp1P9cQTv0eziwecaY40EaY+b1lgNdJhvJdttnPXlg+4uYGc8SQnJjCqHSq1mHr6TzVgxNOWQWbD/4ZqBNZ7z77G8ELQUPhvjiGzpVqZbkowbIdu91hfwh7DrdbXFDddqpHjb7kMd4JEeM968tOFQe2DPpDyLz9GdiTv5VmDV8rdYqi4prG6kbtmOPMBEYpm52aKFtyKaeq9jxSUh5btdsuDp2wI4jKijKwgEXnxnWt6SpLPrJkBgZDaDDVNX3RVoT/DZFINviFC1uRuIDCpffr4dnwJZZY2sYLsybh4n6aJenAhf46m3jcClEmmL0+pNlv8MP2qEczUrvZhVtAvNISJnxwCtuBGYqHTNADlHbGnNVlJjImrlMigh4wZKXSyO7kJjNBduWta0lEvJsdQUzyMCxfDRBpdCyEFTRzOnwEg7sqL4aDOS4PI1MVOykWyqkzVQslZk3UZGjXrx718czw8hrEkOcDxrhZUKAVIVGKcMoI+oIqLvbVnXopav0YKnFkpnj8jzmCY9SrQzsZnEnWbhOzsFVqswadRLvN4355uL9JVKTfQf05MJ2LuzWwOogD5eUNVhXjZwGu6um+da0l+njeU15g8M8vsKKxbn/vbY84Tl6d1MEd6m9Xdj4HCG1UD1MvfzEuzO8pUGNl0DT/1PDedzqCExqPnxuOSqPnYFzbVm4k4fDEPfcUGpYO+RDu4AM/lnobEbx/hiO/PoNJwmtM3nWflto6riVtbqpCyxY8R/jOZ05z59vGBkXIxxMUXWX1s1gMjhCVY7jtgReigcVs9WR07c3rnHofsAO5zMIYX0XS0K1c5lK8oFWpRGgvBfGiIt9fR095DTrDDrtOCE984M/keS9fPvbyZoNSpXUtGtiZgYv4clQB6p82lNKwywikgPakkn6lw8t9TuXJJ4c/c+FTNFwYm0DVsw2Ay24yIW8GX4KUJ5cmeF/LL/9eyjbecYaOgpu2D+B2yEhnIx75ukiL9eQlG87glzHMc3nxp7UqOgmk7Q7WGsPq0TCporhWbulwO4bKt8u78cE2Ds56de6FrNqq03EO7nXwPMVGlifjyYsNkwbouw9Tj5WHWtfOJ0jrJ998hGW7IC55lo+EzS1BSjgnablSQ8PcDvIMW8N9Y3u1r64YeyQ==
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
C:\Windows\SysWOW64\PnkBstrA.exe
"C:\Program Files (x86)\Tbccint\ToolbarService\ToolbarService.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\SearchIndexer.exe /Embedding
"c:\Program Files\Microsoft Security Client\NisSrv.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
ngservice.exe pipeserver
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"
"C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe"

"C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe" /SkipUac
"C:\Windows\system32\wuauclt.exe"
"taskhost.exe"
"C:\Program Files (x86)\JoyToKey\JoyToKey.exe"
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
"C:\Program Files (x86)\CinemaP-1.9cV12.02\927b1222-e48d-4dcc-aafd-ef472139fb07-10.exe" /rawdata=ZbLC9mY/X8mjkd5SExgq4wnCwJhOSYA9/9fDdxyg2arX6VeULmxQ+0RXPksMCYUdc5lM7N5vsYRO42ZeKZLsBuyWuvGHtjPeiECzk9SvCIicgdX7eD6QbK6aJ+4g0nTieQMdPWUN+Jeev4UFWTQ+p0mBUEMN53RdGB0OfTOr+Lc6Qgu9x4fgI9OZgcKwnaatnMcziQGxK8tAyqUkBH+XQc+OXeYPI4ow5YX+n8EKfiUNVCgrZvljYvPUxeAZnuGhufKkhewgTMTJZI4D0QBqka5zj2YLw9buIFvsGX3qSxCMWlWWh/GwAQmUoAI85IGc81kOnOLfwt3ClhgVg+/DrEr/oBnkavuWrEOK14cdYk6obTbFuq0LanPTwmll/QRN8WENVjpIK0fNl0ldXqr1mSY6hpc68BwHCoh/BfkUzu1JDWFFRBsKZcIIdJMgTFCe8M+nxfgGRVbCFw0bkaBspezDoLAR0hiCZmRlt6PvtHtBYFsWKnO+1EyCklphl3D6jG90YfRzJMnbPj9D2h8UQ7XwBJ1XDu/AnAP1BYyQ/rXciY7Uo1YaDvkiZJifcDp1hBAs8os7Rr6yLRo6ZJ5pdK1CzViWLQcqb7qM/31+D+rQBRVrVkFtrRUc0mgo6KXWFZmoBgRTYOQONU+b9D9Jj7TrpIUQ8ofYhvKI8R0+hqQceKADfIkgvl2r6RghqrtUvG+JJZaHRPw/tHYDAi8R5qNhKH4dxCWQCknAWz7IRC2rbGiSmIuxKzqtMErINxLXUOn02j9QyH+libIF0UYBiFFnNN8HDcM6TdEGHMHg2RUq0CfZncJhdygK2LO8KTxf+xSRfxnDQwOKZlnGErcCKA==
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe11_ Global\UsGthrCtrlFltPipeMssGthrPipe11 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
"C:\Users\Alex\Downloads\RSITx64 (1).exe"

======Scheduled tasks folder======

C:\Windows\tasks\0214dUpdateInfo.job - C:\ProgramData\Avg_Update_0214d\0214d_AVG-Secure-Search-Update.exe /SETINFO /CMPID=0214d /INFORETRY=3
C:\Windows\tasks\927b1222-e48d-4dcc-aafd-ef472139fb07-1-6.job - C:\Program Files (x86)\CinemaP-1.9cV12.02\927b1222-e48d-4dcc-aafd-ef472139fb07-1-6.exe /rawdata=UHsZatL6BqZ2azLvLG+08i7sA+FfCxBbWVFgT/v010eiGPRLWU4PgGC0ZUNB0tH8cC6IyZ//oBZf7SUlJpdiz8J2tFrPuBXTLehkGZpjfMCvEluxbamyoDSt2ReYwaZewWvNaw2oESVPHYMjoDSj5kgRtSkpbu9qiQJZtnqsovJyrxPn9cEd4no/x4MpoyOEb0zl3OZzKyO00fMytbO2glWabp1P9cQTv0eziwecaY40EaY+b1lgNdJhvJdttnPXlg+4uYGc8SQnJjCqHSq1mHr6TzVgxNOWQWbD/4ZqBNZ7z77G8ELQUPhvjiGzpVqZbkowbIdu91hfwh7DrdbXFDddqpHjb7kMd4JEeM968tOFQe2DPpDyLz9GdiTv5VmDV8rdYqi4prG6kbtmOPMBEYpm52aKFtyKaeq9jxSUh5btdsuDp2wI4jKijKwgEXnxnWt6SpLPrJkBgZDaDDVNX3RVoT/DZFINviFC1uRuIDCpffr4dnwJZZY2sYLsybh4n6aJenAhf46m3jcClEmmL0+pNlv8MP2qEczUrvZhVtAvNISJnxwCtuBGYqHTNADlHbGnNVlJjImrlMigh4wZKXSyO7kJjNBduWta0lEvJsdQUzyMCxfDRBpdCyEFTRzOnwEg7sqL4aDOS4PI1MVOykWyqkzVQslZk3UZGjXrx718czw8hrEkOcDxrhZUKAVIVGKcMoI+oIqLvbVnXopav0YKnFkpnj8jzmCY9SrQzsZnEnWbhOzsFVqswadRLvN4355uL9JVKTfQf05MJ2LuzWwOogD5eUNVhXjZwGu6um+da0l+njeU15g8M8vsKKxbn/vbY84Tl6d1MEd6m9Xdj4HCG1UD1MvfzEuzO8pUGNl0DT/1PDedzqCExqPnxuOSqPnYFzbVm4k4fDEPfcUGpYO+RDu4AM/lnobEbx/hiO/PoNJwmtM3nWflto6riVtbqpCyxY8R/jOZ05z59vGBkXIxxMUXWX1s1gMjhCVY7jtgReigcVs9WR07c3rnHofsAO5zMIYX0XS0K1c5lK8oFWpRGgvBfGiIt9fR095DTrDDrtOCE984M/keS9fPvbyZoNSpXUtGtiZgYv4clQB6p82lNKwywikgPakkn6lw8t9TuXJJ4c/c+FTNFwYm0DVsw2Ay24yIW8GX4KUJ5cmeF/LL/9eyjbecYaOgpu2D+B2yEhnIx75ukiL9eQlG87glzHMc3nxp7UqOgmk7Q7WGsPq0TCporhWbulwO4bKt8u78cE2Ds56de6FrNqq03EO7nXwPMVGlifjyYsNkwbouw9Tj5WHWtfOJ0jrJ998hGW7IC55lo+EzS1BSjgnablSQ8PcDvIMW8N9Y3u1r64YeyQ==
C:\Windows\tasks\927b1222-e48d-4dcc-aafd-ef472139fb07-1-7.job - C:\Program Files (x86)\CinemaP-1.9cV12.02\927b1222-e48d-4dcc-aafd-ef472139fb07-1-7.exe /rawdata=P7VDwcTccut15+IQodx7B4Mnq9nTcmQ7pT8svNJIAc9R3qSos88Er+m0Zz79jI24Q2Ua8Wak/rhuZUQQil6pin5tg6S0GdDO1T2p/ApghQdhg5Rbcb9fiX+loMJVAnCX1Tm5JLac3IC3zbVTn2hX6pN+Zqp6hoOhmrJ4Hh5mZjY+F1+NsHKliJQohwQDmgYNaWIS6HWR0/jfe5q3xVrILuAtNz3p9s3DDMnVFdojgyilYtIbaLQurml7rGywhzrHeTK5SqH+JHF1wY15Amh0me0mOuI6yBWD1W8fxKAE1lsUuvaOtvWorO4mF8Q2rI73FlgnRCNh/5imY1m+7iqXpiIYNaXrJiP1jHHeSrh8VDAOBSXXAHka0+L9LfVj/KAvpL6hUvCsr5QtNWIYWS4PNAn5LEcgtDJWTA9ZkWKffUtZOsbxA4Pis2a70g15vXATJMbVmygrR1O9hlYinYHEHXDcWaayZgH/LwDJXy/CuH+UKtVvb5KMzLeOcqCPY6QzQij3yzQKY0RSNbrty33+ErVZLZTcKJKvHkaMKdcStBQxUUhOnT5dOHnRQwlUgUfp65GS2agMG6i++g5Rw0Mv5E/mqbLgqh5xCZrrExPjXkPC64pAlmmJD2iDD+jQuODuYexyAhS8oYpsI3+V/bIFktWBTIbAlbyU0rK32iclCO5Z+Zb607V/YJfW6n1DxavPt06GPBU3+DOiu/fDcFpYmR8F9w4QrlFD48SAmw4L/eAub4yT/Q0hgfe6YT0m0AZ/NBulxcXvSx6PHUirJ5hdy/wFsjwqiA8N0CUDGY8A9e9IBEBUaR8cYgpr7djO2/YRxGPZrU3KmdzCuPvCh6yZp4/OMiM1y4mD0JobgVD1+DQLOUK/VrbPb3M4vAF0fNL8rQ30WEBFD9sHOTTvTkjEjWEg09PoHk2gH6NVPEpzn7eF7tuYob8LHkWZFd65eivvV7/PkN0M7QTdGASV320ryf4iNHW9INt5miC1TIuAEwbH5nUwhz2Rvxf84nBGl6mnbimiDJaKRDOoH4Q9OsnVuCn5gkBID/eE4FBHGrZfiCZu70rr00pxS9NNh04fowVdVU153dJWVwIAop/0iA8joAcqSd+DVTug0Dk15ZnynDMZqYk/V2/XCh+xLh/HQQUg7hGCDsZ7+2UOCkJmmcABWKz1YqYd5HRaCpsTjoslam+ZOoFG0/X0pN3Cv42rVVKjY4fhccaQ9FCRqslzQQvf14LKdc14DrfiZweFEs1QVqHuwCx1Y+PxG4ylcJ5nCW0omFbEt6heD8MzeiBH1gNmAad169dRhhZyCY0gtCw6CLdlIkPzoVAjfELdP5Xo83cGg0KZtEy9iMkrcsMVIG14CkbVi6NM6hqloWSrK7KXXZpkvN773kaq5UPKS8eeD4GkrXZGPRCtAFl4x11XhNoJ9eS4PGCg3sd6B6C9aqw1xUP+NE1FD/4bGRpQU3PIfpJ/NxvgIjGbAOXwAYGzzGguCepmK2egxcakdhwknnkUGAQmv3ruI0mH4vWMLbdmTDAL
C:\Windows\tasks\927b1222-e48d-4dcc-aafd-ef472139fb07-10_user.job - C:\Program Files (x86)\CinemaP-1.9cV12.02\927b1222-e48d-4dcc-aafd-ef472139fb07-10.exe /rawdata=ZbLC9mY/X8mjkd5SExgq4wnCwJhOSYA9/9fDdxyg2arX6VeULmxQ+0RXPksMCYUdc5lM7N5vsYRO42ZeKZLsBuyWuvGHtjPeiECzk9SvCIicgdX7eD6QbK6aJ+4g0nTieQMdPWUN+Jeev4UFWTQ+p0mBUEMN53RdGB0OfTOr+Lc6Qgu9x4fgI9OZgcKwnaatnMcziQGxK8tAyqUkBH+XQc+OXeYPI4ow5YX+n8EKfiUNVCgrZvljYvPUxeAZnuGhufKkhewgTMTJZI4D0QBqka5zj2YLw9buIFvsGX3qSxCMWlWWh/GwAQmUoAI85IGc81kOnOLfwt3ClhgVg+/DrEr/oBnkavuWrEOK14cdYk6obTbFuq0LanPTwmll/QRN8WENVjpIK0fNl0ldXqr1mSY6hpc68BwHCoh/BfkUzu1JDWFFRBsKZcIIdJMgTFCe8M+nxfgGRVbCFw0bkaBspezDoLAR0hiCZmRlt6PvtHtBYFsWKnO+1EyCklphl3D6jG90YfRzJMnbPj9D2h8UQ7XwBJ1XDu/AnAP1BYyQ/rXciY7Uo1YaDvkiZJifcDp1hBAs8os7Rr6yLRo6ZJ5pdK1CzViWLQcqb7qM/31+D+rQBRVrVkFtrRUc0mgo6KXWFZmoBgRTYOQONU+b9D9Jj7TrpIUQ8ofYhvKI8R0+hqQceKADfIkgvl2r6RghqrtUvG+JJZaHRPw/tHYDAi8R5qNhKH4dxCWQCknAWz7IRC2rbGiSmIuxKzqtMErINxLXUOn02j9QyH+libIF0UYBiFFnNN8HDcM6TdEGHMHg2RUq0CfZncJhdygK2LO8KTxf+xSRfxnDQwOKZlnGErcCKA==
C:\Windows\tasks\927b1222-e48d-4dcc-aafd-ef472139fb07-6.job - C:\Program Files (x86)\CinemaP-1.9cV12.02\927b1222-e48d-4dcc-aafd-ef472139fb07-6.exe /rawdata=Az3nxnVgrKDzJR8fM2JYNkT+4ORzoNox7SXf7KZNwVJFmaY1uXIE6taCmpEGsaA2hW9IEXs86ggvbZp4QBog4qBfYu2b15l1UT5cLGY+OCpfFlfrjJ4fpx5yfZEJiJO9IjkScBu1AIAxLZtvv8Imdcw9TvWhtPg4HBhf7kbEQgWapG8W8UMVz4cHHgsKhOLNFsg/W9pCOJ7Bid3Ty91zsoqFVMoMop8iFn3kJAIaLOdYCUBgw4V5pkDgUxZ7dQ8Cqv7VlkgJm15alyVH0otctCUpvNUUt/k+FVOGRHpxn10j8RFcZnZjK0J9dFLpKk1qriauGfYqJ/mdiD74v2Rg1BLGi6Ymil4sgKj1/qB0owUqPQ0EfWowXWkqy7KJ6lyZRdeC/3jRE9Ttif5lVuTfwuH3/T2I/2HCSYn9pvjYXECFSkuxVhUyBi8KtDUV1hnL3kBoAq5FTy/bEyLWHWTvQIZeNKzIe94Yb6fsee5IBotagns1M8m4+OkRHpij7RRgC9axJp5Hxzh/c3IKUl+mSuKjrZw9NWK8yGr7CZiB1VmxX2TyqI65NpajdjAnmhxZwWEwl/VoEgu53UUBff8Bu78kNvR3pOby13AYOvo64Dp8fh6nLNcUfV+ewoQ1xatYH19R0Mqq6c1/P0fnVChY3Kre2ntDybHWd0O0IU6OoD9quhP+N7f9nmlzFA55PBDqGCtIl1h5bmmXmwMeXa2qLuXquvJdIAPfDtbdauaBxZgVuZGzryucYtxfKJXh1P+CxVMw6cEXmykjaQS9FRM5eNO8TgUJ3uGegL4AAvxbs11/SHBxZtpDpTIvuYEWKaZDTQj7LCOBmcqkbgDClDn2GG2wRduGmA6uVAcw13dcAvWmanhxmMa7QrfmEvCLL949bNmm7/5wHw/6FAEGhrjS3dKWb5NymIdwNaagr+ZVb9b4v79eQ5RoLzlJMePwLlS6CcDSMJs/Nb6kax+9U1Nq1zuAmHOhTwx5Bw1RdSVDgbK99YDXHuetO6/MrNTq7GVJsXIypdtq/M9wEv8hJnGfbj9lfcoosubdN0wSI8iG1rYVE5bvFxLn4jFi37O4BhFfRxnuJbEitszmzXgTPs2KdMWPHX7bvoS7NuL7432spsd1pHiizpuoxTvVbiFJQmWLSyx3aUPzSsAxYEEmQAHwKtFiWKWuhd4EwIvV43mhhm6uY91Qn/hlYCrq0r9JH42hxStg4tXLb7L4X7/N8M6t1vIxeWbc3nMDSs/mMm99p78MsLJI+dnl+W5U5Wfgzck0x8tbcYSN9T1rNEhwPNRnfBMxv92Mb98nq+6bO7ZYLiDkEOJEJO6PW3UyVTjtoDM175YnvxTRc7Pcml5x5z0b6D1d2vfe+Oku5PkbqtTtysq2tyig03Z1zNQdrP3PpjQ8UMKGeInE2Ejrj0kw7DLXMgGCw5qkegQleRLaERPyjDlDbgwFwKmcNolpqU6VQ4k4mJgSgNLbNZujN2lvxqqeUQdQn49FHXWZt7sZK04GqTZCyuKqSUXwRFoYQATeEyHiXb/xF6gWgFCiYSg5pEC3powjI6lNVdhRBIZHPtxdmt8U/8ecB/kL6Cpq8CVcaSl5OJFE+Jgle1ViJpJHFNFKHynghgGpWCiM88npMOmRdeHbHzXVMM0OWNjyW1W56/2rrvD6QCKKkFPVl6poeGps1t4QHy6cqb8WwNGQVdmoiEZc2gXS4EzemLpq05G/1xwCrZSvhdK79g7qjhljEkwBSsbcmaqKv7uesWTek95F444d2wm6KhK1x2O4S4ZccOSv2vIX6a3hO60ejpZXR7MJXFPm6ulZVyjEWyCEdixW2ozkZKjT8rM7Vk6vQU6FRQFrk77ZxLYvtIMW52eXiJSOO6WYSRk+Yhar12jriLk895ozgthd61QRYnDwfm37wCDQCq1lAejSMf7of7hteJ+tQ5STbkJqU52hLV0JcO8x+2m7HQihqDd/30jKdDDSOBN+VWqwdbYNILqXA8MU4LEnunKl8tZyEZhHryuiYU5/tq/XA4Pub1LfqGP2r4zPGzffkXqUme5Aa+ANAc0dYom1gxSzVQLmq05HrHvRsP6s+6s4PaTMwUCF7Rm96RsCexi9IBciWFTWACPJllU365Qjd79T8Wb1imXWw3hfFt/lqHzwvaNvyoCIK3UtenQBWJufk0QDj7TvxhdmGnXFGGpJJ3vXblgwgySn1iz0/ECQe7NiS0LpteMcks2L/ur04QGOLOj4wcrAu8YfJLPKhi+xmUVnWWOFwejp4qCXoGGUG0uNWN4kvtgkZWIAyhHhhtguEpGGv/NiSKOUWvEO2BvJelskRphdRJnkTDy9cSDl4o/NopFeTqLAdYAAdm4+mB81zq08ymye/9gPObA5orkdGwvEJc3Ha4CWudZ86vtS944yLWusqAc+XFrGUZjH1TzS9UbJ4SfzkxLu9nFxKFa3ocLEUCDwL+1t2v3Dqu4YE3VrOQEX4qZeXUcZO9hp9GkVcc/rXwTLSspnp4c5WHdNLuvYwpIEnzMLQeSUjKUF94896oz3c6aG4uFm2H4sSrvu
C:\Windows\tasks\927b1222-e48d-4dcc-aafd-ef472139fb07-7.job - C:\Program Files (x86)\CinemaP-1.9cV12.02\927b1222-e48d-4dcc-aafd-ef472139fb07-7.exe /rawdata=ezSOrb8Ax0DnATR3ALb+txL4JNS1KuWK0CudVUZ7Rb/1uhROEeyIUB3niYxn/PWbal/KG+KYGIiQAn2jp0ptqJPk/r1Q7nTRbA4Y5x+7rYiyKt7AoELHbGOXJa/elsRgJXgk1IV3l6Go6GI5nEUS/s4w538oMrMioQnyW4baeS6MIi2aX0zMzroNPZcci6SH6U4NWBKM0r9luKggJI5Y1lU939fESDiylnAdXPK5xMrJfC93umN3sQppZaTpHOiydwGtawGrQqMlGZFFy9TT7uX1wEOYcQsQ+aecTrN1yUGUYeVWoPOk5KhjD/mUlJC3W++kF7LurgrBuvAST64bCj6gWyHZwRX4SH+m3hfGbpv5boemITwhr57eAO1S9wQ7wG6TATPOriidMWhysrA6Gx3xvazWDSA7Tzn5AjFjwOB53EujpSYZ9XOZQo2TYHYQKREE1vmgXdcCKtqfOmVbfm9qv8dYhG+HEzkMcUo569FpWOfISDPb5aqpy5+RPjW9i9o4LC22S2Pu/rcYpTALANghsFnyNyJenoazXGxjHtjeeGU/Y8wNx1T+gdgSCIIID7ziHPuBGYvt9L4BMKj3wFiofMU/I0LstlrpI4GosURvTi0Bs09RBp+RZFpLBjsPBtMYl6gs7qi2PevvMtOyNPAwhH4epp1XhqdrbYuCA9E8aCHJwG/7q/RSZhGzCo5yK8AdSImyCgnJkIvE6BrUvfQ0lhmE3Du4dB3muQIEf4kaufjhkRDPUWCNVeALgRPgO9vRLZ49vCAebfTpNp6dpyF27RnHfbCYhRYxTnJ+B3+Ll5kjV8gDBLv88//KXJgjhIRsGc1wABhvmcqinzY1uSmCG3zduDlX57k/A6Fh8YWwj1ozN3OxfUHHGPnaokkLnIOXiIynxBCS2SbWmZPB5Oxk3PiUM2NnlHjB46ws+o7HkBDs1eiY+k0I4w5RpF/ndtIEm9ExRzY5qe4xuSqPwdaQkhUk7V5EqSM9xoqT1XWq1rt0qFRaGugacK1nYEtDBmwUhTC5QqRB3tw3jJdVP4B+bjSXaaVohL7fUCNy1PjU2ywlGY8kxsm7Cnok7zmRV9CRbGJjpQo213sP4aPtrXLo2+n1rsxbFTYMM9jY4bqf8iByXLL7tgvVNyLKhmrvdaTVoTP7ZmatVfStllA+tjYkxJs7TgDgjewcEvUkwtgeekxCHynDhZCiWEwm6ilx9WmdFGzWeJVh0E8YWR/onfCzeHSss4cDizZnsCeG8jPF6YvM7ReDzVOyYQGPgKyR/GsfQlaI0JX/CyB/+nLmnN9a9mxGp0AnGZp87SqzjpFcWHxZV5xLsClf3OE6FwvmlQE/lRJT5fP7mcyl/OUjs7cxM3mlkwcPF3LYt/PNOSr6T7W+tZkaGmXrd/Q3k0voA9imJXexuza+nFui8Imom5nG9/JkJzg9AS913sogZRvkrTkVdrma5JIWeb4kj2uXV74Vsz2UsODYrGUz0qCIsk6AbrEolsi7cYMLwgEzCFDbbC+8paPc5lJxZHDJyTHZRuoyWBeSyXxr/locMUwR4QEcrT8gBKkFUI75w9sAeC1BLIUtf6F3KZMwcPpMlxJtsWWAHDA4Kzz/19g9SvdMhIAn9+YpiJ7rrCTg+J22r+P/uFBp2Oor7bVg4E8A/i1X+eqA10cqNaDF5AMsqIcfVNebcGXr8k+hVSprPR+WKAGrj3eOcT9PzXD7asXwEM62qDvQxENc5x1V8AyKjfLzgrP7Q+45K4mar4maJuIsIUFssE0MKOBOIj8C3erj680PTtQ8weVQBAI9ITRKtogUZb2O+Cvi9C6b9KyudTkMVA1IJwxEK5VFw5VUUPaFGzvoTJhaBiJhdGPSmwvkih5cnLTeXFmF1ON+S9UlDqsi3cuS6gSxeSwyWty05ye2nOLSkD+ABD5ySNPYTDerd140LEVktZA5ItUZsn1JH05JWKVH0rusfnb70lIMZuuhoPpnKSPIjmMX7w7Z8MjX+5e/U7JNijVeSsZyMngwVtMeA3wCVZdEJe3Tp9okmsG558toxqnYDz4WIWC9GbITRR25kmHE6JVgy0LnCZWZPqzRXI6UsfOy3/l7s3r91va0J2/YzS349tCbVjVIp73EEJSUBcSXIaJVZXGYyYQbC/dMqvWYtj+DAIj7YJgAdkGhQCt5aomWszgERVS2U48YYEs+oKM4GgHaXZAIt207HaAJk1ety6B+0YB5wqvI2IjC2ZdwrFYB5hGAqZfPfdjX5A4i4E3b+fQPmW6D4GiWCfLCpH8l+nZjIIsgycWeZ33ivqsJAIoDoZNrdUUVxCye1+MjZbZiVYFDxIUA7z3dsGH0HtWTwFy1QfuyjHDcfsX/xcsFgSlYCIszSyrysLfgLTbXhJ9Ht0DIrHmDWK/8oVPZihHZTu2bv2CKq0bZWRFtbvLml0OX0SO885y1E4pZli4jMnO1n3DuulDvDGsZvabWmK0C/reEuE6vuaZ1jJIvNqj/th2TU4oPVBgZT6Sw7XUo4p0EYWs2zUiAOaQ7O5WiEYOErfg55ofqO/q4PqiO+IGq
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-12-18 6671064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-02-13 705448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31264a33-a653-46c4-af49-1232c59a7da5}]
BS Player ControlBar B Toolbar - C:\Users\Alex\AppData\LocalLow\BS_Player_ControlBar_B\prxtbBS_P.dll [2014-09-30 423744]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL [2013-12-18 4171480]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_20\bin\ssv.dll [2014-10-06 460712]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-02-13 586968]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}]
Advanced SystemCare Surfing Protection - C:\PROGRA~2\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL [2014-10-17 669984]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_20\bin\jp2ssv.dll [2014-10-06 172968]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{31264a33-a653-46c4-af49-1232c59a7da5} - BS Player ControlBar B Toolbar - C:\Users\Alex\AppData\LocalLow\BS_Player_ControlBar_B\prxtbBS_P.dll [2014-09-30 423744]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-06-16 13672152]
"Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdcBase.exe [2007-05-31 660360]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2015-01-30 1332296]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"miner"=C:\Users\Alex\AppData\Roaming\miner\nircmd.exe [2013-08-11 44032]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2014-10-30 6501656]
"Advanced SystemCare 8"=C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe [2015-01-20 2428704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19 1022152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 7]
C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe /Auto []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
C:\Program Files\CCleaner\CCleaner64.exe [2014-10-30 6501656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CyberGhost]
C:\Program Files\CyberGhost 5\CyberGhost.EXE /autostart /min []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload]
C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Raptr]
C:\PROGRA~2\Raptr\raptrstub.exe --startup []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"=C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2012-11-05 89184]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-12-05 343168]
"seznam-listicka-distribuce"=C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]
"HP Software Update"=C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2011-03-24 49208]
""= []
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2015-02-13 5227112]

C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
MONITO~1.LNK - C:\Windows\system32\RunDll32.exe
Sledovat výstrahy inkoustu - HP Photosmart 5510d series (Síť).lnk - C:\Windows\system32\RunDll32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-12-18 6671064]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL [2013-12-18 4171480]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.FPS1"=frapsv64.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2015-02-13 21:07:32 ----D---- C:\rsit
2015-02-13 21:07:32 ----D---- C:\Program Files\trend micro
2015-02-13 18:17:48 ----D---- C:\Users\Alex\AppData\Roaming\AVAST Software
2015-02-13 18:15:51 ----D---- C:\Windows\SYSWOW64\vbox
2015-02-13 18:15:50 ----D---- C:\Windows\system32\vbox
2015-02-13 18:14:58 ----A---- C:\Windows\system32\drivers\aswVmm.sys
2015-02-13 18:14:58 ----A---- C:\Windows\system32\drivers\aswStm.sys
2015-02-13 18:14:58 ----A---- C:\Windows\system32\drivers\aswSP.sys
2015-02-13 18:14:58 ----A---- C:\Windows\system32\drivers\aswRvrt.sys
2015-02-13 18:14:58 ----A---- C:\Windows\system32\drivers\aswmonflt.sys
2015-02-13 18:14:57 ----A---- C:\Windows\system32\drivers\aswsnx.sys
2015-02-13 18:14:57 ----A---- C:\Windows\system32\drivers\aswRdr2.sys
2015-02-13 18:14:57 ----A---- C:\Windows\system32\drivers\aswHwid.sys
2015-02-13 18:14:55 ----A---- C:\Windows\system32\aswBoot.exe
2015-02-13 18:14:47 ----A---- C:\Windows\avastSS.scr
2015-02-13 18:13:00 ----D---- C:\Program Files\AVAST Software
2015-02-13 18:11:39 ----D---- C:\ProgramData\AVAST Software
2015-02-13 18:07:30 ----D---- C:\Program Files (x86)\Tbccint
2015-02-13 18:07:28 ----D---- C:\Users\Alex\AppData\Roaming\BSplayer Pro
2015-02-13 18:07:28 ----D---- C:\Users\Alex\AppData\Roaming\BSplayer
2015-02-13 18:07:28 ----D---- C:\ProgramData\Tbccint
2015-02-13 18:07:15 ----D---- C:\Program Files (x86)\Webteh
2015-02-13 17:40:00 ----D---- C:\Users\Alex\AppData\Roaming\Ashampoo
2015-02-13 17:39:51 ----D---- C:\ProgramData\Ashampoo
2015-02-13 17:39:42 ----D---- C:\Program Files (x86)\Ashampoo
2015-02-12 21:05:33 ----D---- C:\Users\Alex\AppData\Roaming\Opera Software
2015-02-12 21:04:35 ----D---- C:\Program Files (x86)\e40bd81a-300a-45d3-8b66-156fc6b891c1
2015-02-12 21:04:29 ----D---- C:\Program Files (x86)\globalUpdate
2015-02-12 21:04:22 ----D---- C:\Program Files (x86)\Opera
2015-02-12 21:04:19 ----D---- C:\Program Files (x86)\CinemaP-1.9cV12.02
2015-02-12 20:00:34 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2015-02-12 20:00:34 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2015-02-12 20:00:34 ----A---- C:\Windows\system32\jscript9.dll
2015-02-12 20:00:33 ----A---- C:\Windows\system32\jscript9diag.dll
2015-02-12 18:26:02 ----D---- C:\ProgramData\IsolatedStorage
2015-02-12 17:35:25 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2015-02-12 17:35:25 ----A---- C:\Windows\system32\crypt32.dll
2015-02-12 17:35:09 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2015-02-12 17:35:09 ----A---- C:\Windows\system32\oleaut32.dll
2015-02-12 17:35:03 ----A---- C:\Windows\SYSWOW64\schannel.dll
2015-02-12 17:35:03 ----A---- C:\Windows\system32\schannel.dll
2015-02-12 17:35:02 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2015-02-12 17:35:02 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2015-02-12 17:35:02 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2015-02-12 17:35:02 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2015-02-12 17:35:02 ----A---- C:\Windows\system32\wdigest.dll
2015-02-12 17:35:02 ----A---- C:\Windows\system32\TSpkg.dll
2015-02-12 17:35:02 ----A---- C:\Windows\system32\ncrypt.dll
2015-02-12 17:35:02 ----A---- C:\Windows\system32\msv1_0.dll
2015-02-12 17:35:02 ----A---- C:\Windows\system32\kerberos.dll
2015-02-12 17:35:01 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2015-02-12 17:35:01 ----A---- C:\Windows\SYSWOW64\credssp.dll
2015-02-12 17:35:01 ----A---- C:\Windows\system32\credssp.dll
2015-02-12 17:34:43 ----A---- C:\Windows\system32\profsvc.dll
2015-02-12 17:34:40 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2015-02-12 17:34:40 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2015-02-12 17:34:40 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2015-02-12 17:34:40 ----A---- C:\Windows\system32\ieetwproxystub.dll
2015-02-12 17:34:40 ----A---- C:\Windows\system32\ieetwcollector.exe
2015-02-12 17:34:39 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2015-02-12 17:34:39 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2015-02-12 17:34:39 ----A---- C:\Windows\system32\iernonce.dll
2015-02-12 17:34:39 ----A---- C:\Windows\system32\ie4uinit.exe
2015-02-12 17:34:38 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2015-02-12 17:34:38 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2015-02-12 17:34:37 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2015-02-12 17:34:37 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2015-02-12 17:34:37 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2015-02-12 17:34:37 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-12 17:34:35 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2015-02-12 17:34:35 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2015-02-12 17:34:35 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2015-02-12 17:34:35 ----A---- C:\Windows\system32\urlmon.dll
2015-02-12 17:34:35 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2015-02-12 17:34:35 ----A---- C:\Windows\system32\iedkcs32.dll
2015-02-12 17:34:34 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2015-02-12 17:34:34 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2015-02-12 17:34:34 ----A---- C:\Windows\SYSWOW64\ieui.dll
2015-02-12 17:34:34 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2015-02-12 17:34:34 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-12 17:34:34 ----A---- C:\Windows\system32\dxtrans.dll
2015-02-12 17:34:33 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2015-02-12 17:34:33 ----A---- C:\Windows\system32\msfeeds.dll
2015-02-12 17:34:33 ----A---- C:\Windows\system32\iesetup.dll
2015-02-12 17:34:32 ----A---- C:\Windows\system32\ieapfltr.dll
2015-02-12 17:34:31 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2015-02-12 17:34:31 ----A---- C:\Windows\system32\iertutil.dll
2015-02-12 17:34:30 ----A---- C:\Windows\SYSWOW64\wininet.dll
2015-02-12 17:34:30 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2015-02-12 17:34:30 ----A---- C:\Windows\system32\jsproxy.dll
2015-02-12 17:34:30 ----A---- C:\Windows\system32\ieUnatt.exe
2015-02-12 17:34:29 ----A---- C:\Windows\SYSWOW64\msrating.dll
2015-02-12 17:34:29 ----A---- C:\Windows\system32\dxtmsft.dll
2015-02-12 17:34:28 ----A---- C:\Windows\system32\ieui.dll
2015-02-12 17:34:28 ----A---- C:\Windows\system32\ieframe.dll
2015-02-12 17:34:27 ----A---- C:\Windows\system32\mshtmlmedia.dll
2015-02-12 17:34:27 ----A---- C:\Windows\system32\mshtmled.dll
2015-02-12 17:34:26 ----A---- C:\Windows\system32\vbscript.dll
2015-02-12 17:34:25 ----A---- C:\Windows\system32\wininet.dll
2015-02-12 17:34:24 ----A---- C:\Windows\system32\MshtmlDac.dll
2015-02-12 17:34:23 ----A---- C:\Windows\system32\msrating.dll
2015-02-12 17:34:23 ----A---- C:\Windows\system32\mshtml.dll
2015-02-12 17:33:52 ----A---- C:\Windows\system32\generaltel.dll
2015-02-12 17:33:52 ----A---- C:\Windows\system32\appraiser.dll
2015-02-12 17:33:52 ----A---- C:\Windows\system32\aeinv.dll
2015-02-12 17:33:51 ----A---- C:\Windows\system32\invagent.dll
2015-02-12 17:33:51 ----A---- C:\Windows\system32\devinv.dll
2015-02-12 17:33:51 ----A---- C:\Windows\system32\aitstatic.exe
2015-02-12 17:33:50 ----A---- C:\Windows\system32\aepic.dll
2015-02-12 17:33:50 ----A---- C:\Windows\system32\aepdu.dll
2015-02-12 17:33:47 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2015-02-12 17:33:47 ----A---- C:\Windows\system32\lsasrv.dll
2015-02-12 17:33:47 ----A---- C:\Windows\system32\drivers\cng.sys
2015-02-12 17:33:47 ----A---- C:\Windows\system32\adtschema.dll
2015-02-12 17:33:46 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2015-02-12 17:33:46 ----A---- C:\Windows\SYSWOW64\secur32.dll
2015-02-12 17:33:46 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2015-02-12 17:33:46 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2015-02-12 17:33:46 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2015-02-12 17:33:46 ----A---- C:\Windows\system32\sspisrv.dll
2015-02-12 17:33:46 ----A---- C:\Windows\system32\sspicli.dll
2015-02-12 17:33:46 ----A---- C:\Windows\system32\secur32.dll
2015-02-12 17:33:46 ----A---- C:\Windows\system32\msobjs.dll
2015-02-12 17:33:46 ----A---- C:\Windows\system32\msaudite.dll
2015-02-12 17:33:46 ----A---- C:\Windows\system32\lsass.exe
2015-02-12 17:33:46 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2015-02-12 17:33:46 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2015-02-12 17:33:46 ----A---- C:\Windows\system32\auditpol.exe
2015-02-12 17:33:36 ----A---- C:\Windows\SYSWOW64\nlaapi.dll
2015-02-12 17:33:36 ----A---- C:\Windows\SYSWOW64\ncsi.dll
2015-02-12 17:33:36 ----A---- C:\Windows\system32\nlasvc.dll
2015-02-12 17:33:34 ----A---- C:\Windows\system32\TSWbPrxy.exe
2015-02-12 17:33:33 ----A---- C:\Windows\SYSWOW64\WindowsCodecs.dll
2015-02-12 17:33:33 ----A---- C:\Windows\system32\WindowsCodecs.dll
2015-02-12 17:33:30 ----A---- C:\Windows\system32\drivers\mrxdav.sys
2015-02-12 17:32:06 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-02-12 17:32:05 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2015-02-12 17:32:05 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2015-02-12 17:32:04 ----A---- C:\Windows\system32\srcore.dll
2015-02-12 17:32:04 ----A---- C:\Windows\system32\rstrui.exe
2015-02-12 17:32:03 ----A---- C:\Windows\SYSWOW64\srclient.dll
2015-02-12 17:32:03 ----A---- C:\Windows\system32\srclient.dll
2015-02-12 17:29:11 ----A---- C:\Windows\system32\scesrv.dll
2015-02-12 17:29:10 ----A---- C:\Windows\SYSWOW64\scesrv.dll
2015-02-12 17:26:43 ----A---- C:\Windows\system32\win32k.sys

======List of files/folders modified in the last 1 month======

2015-02-13 21:11:35 ----D---- C:\Windows\Temp
2015-02-13 21:10:59 ----D---- C:\Windows\System32
2015-02-13 21:10:37 ----D---- C:\Windows\system32\config
2015-02-13 21:07:32 ----RD---- C:\Program Files
2015-02-13 21:05:23 ----D---- C:\Windows\Tasks
2015-02-13 21:05:23 ----D---- C:\Windows\system32\Tasks
2015-02-13 20:54:53 ----D---- C:\Windows\winsxs
2015-02-13 20:50:54 ----D---- C:\Windows
2015-02-13 20:49:04 ----SHD---- C:\System Volume Information
2015-02-13 20:48:20 ----D---- C:\Windows\Microsoft.NET
2015-02-13 18:21:10 ----D---- C:\Windows\system32\drivers
2015-02-13 18:19:45 ----D---- C:\ProgramData\IePluginServices
2015-02-13 18:15:51 ----D---- C:\Windows\SysWOW64
2015-02-13 18:11:39 ----HD---- C:\ProgramData
2015-02-13 18:07:30 ----RD---- C:\Program Files (x86)
2015-02-13 17:13:08 ----D---- C:\Windows\system32\catroot2
2015-02-13 17:08:41 ----D---- C:\Windows\SYSWOW64\en-US
2015-02-13 17:08:41 ----D---- C:\Windows\system32\en-US
2015-02-12 21:17:39 ----D---- C:\Windows\system32\catroot
2015-02-12 21:16:00 ----D---- C:\Windows\inf
2015-02-12 21:10:18 ----SHD---- C:\Boot
2015-02-12 21:07:48 ----D---- C:\Windows\system32\DriverStore
2015-02-12 21:04:59 ----D---- C:\Program Files (x86)\AGEIA Technologies
2015-02-12 21:04:42 ----SHD---- C:\Windows\Installer
2015-02-12 21:04:41 ----SHD---- C:\Config.Msi
2015-02-12 20:57:45 ----D---- C:\Windows\debug
2015-02-12 20:07:16 ----D---- C:\Program Files (x86)\Samsung
2015-02-12 19:59:32 ----D---- C:\Program Files (x86)\HP
2015-02-12 19:59:27 ----D---- C:\Windows\twain_32
2015-02-12 18:16:25 ----D---- C:\Windows\system32\NDF
2015-02-12 18:08:34 ----D---- C:\Program Files (x86)\Google
2015-02-12 18:03:29 ----D---- C:\Windows\SoftwareDistribution
2015-02-12 18:03:27 ----D---- C:\ProgramData\ProductData
2015-02-12 17:54:05 ----SD---- C:\Windows\system32\CompatTel
2015-02-12 17:54:04 ----D---- C:\Windows\SYSWOW64\sk-SK
2015-02-12 17:54:04 ----D---- C:\Windows\SYSWOW64\cs-CZ
2015-02-12 17:54:04 ----D---- C:\Windows\system32\sk-SK
2015-02-12 17:54:04 ----D---- C:\Windows\system32\cs-CZ
2015-02-12 17:54:04 ----D---- C:\Windows\system32\appraiser
2015-02-12 17:54:04 ----D---- C:\Program Files\Internet Explorer
2015-02-12 17:54:03 ----D---- C:\Program Files (x86)\Internet Explorer
2015-02-12 17:54:01 ----D---- C:\Windows\PolicyDefinitions
2015-02-12 17:53:53 ----RSD---- C:\Windows\assembly
2015-02-12 17:53:26 ----D---- C:\ProgramData\Package Cache
2015-02-12 17:51:12 ----D---- C:\ProgramData\Microsoft Help
2015-02-12 17:51:12 ----A---- C:\Windows\win.ini
2015-02-12 17:45:37 ----D---- C:\Program Files\Microsoft Security Client
2015-02-12 17:45:36 ----D---- C:\Program Files (x86)\Microsoft Security Client
2015-02-12 17:45:09 ----D---- C:\Windows\system32\MRT
2015-02-12 17:25:43 ----D---- C:\Program Files (x86)\IObit
2015-02-12 13:06:48 ----SD---- C:\ProgramData\Microsoft
2015-02-12 13:06:48 ----D---- C:\Program Files (x86)\Microsoft
2015-02-12 13:05:01 ----D---- C:\Users\Alex\AppData\Roaming\HpUpdate
2015-02-12 13:04:02 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-01-29 17:49:32 ----A---- C:\Windows\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2015-02-13 65776]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2015-02-13 267632]
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2014-11-15 274696]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2015-02-13 93568]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2015-02-13 1050432]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2015-02-13 436624]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 vpcnfltr;Virtual PC Network Filter Driver; C:\Windows\system32\DRIVERS\vpcnfltr.sys [2010-11-20 59392]
R1 vpcvmm;@%SystemRoot%\system32\drivers\vpcvmm.sys,-100; C:\Windows\system32\drivers\vpcvmm.sys [2010-11-20 360832]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2015-02-13 29208]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2015-02-13 87912]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2015-02-13 116728]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2014-11-15 124560]
R2 VBoxAswDrv;VBoxAsw Support Driver; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2015-02-13 271752]
R3 amdiox64;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2014-06-16 3962840]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2005-03-29 8192]
R3 NVNET;NVIDIA nForce 10/100 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmf6264.sys [2010-08-12 350952]
R3 vpcbus;Virtual PC Host Bus Service; C:\Windows\system32\DRIVERS\vpchbus.sys [2010-11-20 194944]
R3 vpcusb;USB Virtualization Connector Service; C:\Windows\system32\DRIVERS\vpcusb.sys [2010-11-20 95232]
S3 ALSysIO;ALSysIO; \??\C:\Users\Alex\AppData\Local\Temp\ALSysIO64.sys []
S3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2014-09-15 16750080]
S3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2014-09-15 576000]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2011-10-17 93712]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 EagleX64;EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys []
S3 netr7364;Belkin Wireless 54G USB Network Adapter Driver; C:\Windows\system32\DRIVERS\netr7364.sys [2014-06-12 716800]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x64.sys [2009-06-10 408960]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\ssadserd.sys [2011-05-13 146920]
S3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\Windows\system32\drivers\serscan.sys [2009-07-14 12288]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [2010-11-21 88960]
S3 SysTool;SysTool Overclocking Utility; C:\Windows\system32\DRIVERS\SysTool64.sys [2005-12-30 30720]
S3 tap0901;TAP-Windows Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2013-08-22 40664]
S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys [2012-08-23 29696]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 WinUsb;WinUsb Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-03 81088]
R2 AdvancedSystemCareService8;Advanced SystemCare Service 8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [2014-11-04 815392]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2014-09-15 239616]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-12-05 361984]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-02-13 50344]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2015-01-30 23784]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-01-31 878368]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-01-31 1259296]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2014-11-29 76152]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 TBSrv;Toolbar Service; C:\Program Files (x86)\Tbccint\ToolbarService\ToolbarService.exe [2014-09-30 350528]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R3 AvastVBoxSvc;AvastVBox COM Service; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2015-02-13 4012248]
R3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2015-01-30 366512]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-12 107848]
S2 LiveUpdateSvc;LiveUpdate; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2015-01-16 2724128]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-12 107848]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-01-12 114688]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2013-12-18 30814400]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2014-06-13 1255736]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-29 267440]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 14 úno 2015 13:09

Zdravim

Jen se zeptam pouzivate legalni operacni system, nejvyssi licence (v hodnote nejake tisic) Ultimate zrovna neni bezna domaci verze

luko · #3 Příspěvek od **luko** » 14 úno 2015 13:43

No dúfam že áno....kúpil som ho nainštaloval zadal produkt key....

#4 Příspěvek od **vyosek** » 14 úno 2015 14:16

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Po spusteni probehne stazeni databaze
Kliknete na Scan a nasledne Clean
Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

Udelejte MBAM dle tohoto navodu http://forum.viry.cz/viewtopic.php?f=29&t=137928

luko · #5 Příspěvek od **luko** » 15 úno 2015 11:34

# AdwCleaner v4.110 - Logfile created 15/02/2015 at 11:25:44
# Updated 05/02/2015 by Xplode
# Database : 2015-02-14.2 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Alex - JANKO-PC
# Running from : C:\Users\Alex\Desktop\adwcleaner_4.110.exe
# Option : Cleaning

***** [ Services ] *****

Service Deleted : TBSrv

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\IePluginServices
Folder Deleted : C:\ProgramData\Tbccint
Folder Deleted : C:\ProgramData\FreeWorldApp
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\Tbccint
Folder Deleted : C:\Users\Alex\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Alex\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Alex\AppData\Local\Tbccint
Folder Deleted : C:\Users\Alex\AppData\Local\CrashRpt
Folder Deleted : C:\Users\Alex\AppData\LocalLow\Tbccint
Folder Deleted : C:\Users\Alex\AppData\LocalLow\BS_Player_ControlBar_B
File Deleted : C:\END

***** [ Scheduled tasks ] *****

Task Deleted : 927b1222-e48d-4dcc-aafd-ef472139fb07-1-6
Task Deleted : 927b1222-e48d-4dcc-aafd-ef472139fb07-1-7
Task Deleted : 927b1222-e48d-4dcc-aafd-ef472139fb07-10_user
Task Deleted : 927b1222-e48d-4dcc-aafd-ef472139fb07-6
Task Deleted : 927b1222-e48d-4dcc-aafd-ef472139fb07-7

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\Alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IECT3329621
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3329621
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3A1209A4-8568-40F0-9B5E-4A06A2A06417}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31264A33-A653-46C4-AF49-1232C59A7DA5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31264A33-A653-46C4-AF49-1232C59A7DA5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3A1209A4-8568-40F0-9B5E-4A06A2A06417}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{31264A33-A653-46C4-AF49-1232C59A7DA5}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{31264A33-A653-46C4-AF49-1232C59A7DA5}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{31264A33-A653-46C4-AF49-1232C59A7DA5}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Tbccint
Key Deleted : HKCU\Software\Tbccint_HKLM
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Tbccint
Key Deleted : HKCU\Software\AppDataLow\Software\BS_Player_ControlBar_B
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\istartsurfSoftware
Key Deleted : HKLM\SOFTWARE\SupTab
Key Deleted : HKLM\SOFTWARE\supWindowsMangerProtect
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17631

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Google Chrome v40.0.2214.111

*************************

AdwCleaner[R0].txt - [11133 bytes] - [15/02/2015 11:13:18]
AdwCleaner[R1].txt - [11193 bytes] - [15/02/2015 11:21:33]
AdwCleaner[S0].txt - [10239 bytes] - [15/02/2015 11:25:44]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10299 bytes] ##########

#6 Příspěvek od **vyosek** » 15 úno 2015 11:37

Pokracujte MBAMem

luko · #7 Příspěvek od **luko** » 17 úno 2015 12:59

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 17. 2. 2015
Čas skenování: 9:10:14
Protokol: logmbm.txt
Správce: Ano

Verze: 2.00.4.1028
Databáze malwaru: v2015.02.17.05
Databáze rootkitů: v2015.02.03.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Sebeobrany: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Alex

Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 552369
Uplynulý čas: 2 hod, 23 min, 10 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Žádné zákerné zjištěny položek)

Moduly: 0
(Žádné zákerné zjištěny položek)

Klíče registru: 11
PUP.Optional.Cinema.A, HKLM\SOFTWARE\CinemaP-1.9cV12.02-nv, , [3158928d4e3cb77f797d7832f40fa957],
PUP.Optional.Cinema.A, HKLM\SOFTWARE\WOW6432NODE\CinemaP-1.9cV12.02, , [4f3a25fafb8f94a28a6cb4f640c31ee2],
PUP.Optional.Cinema.A, HKLM\SOFTWARE\WOW6432NODE\CinemaP-1.9cV12.02-nv, , [1f6af22d3f4bd5614bab9f0b20e3b44c],
PUP.Optional.Cinema.A, HKLM\SOFTWARE\WOW6432NODE\CinemaP-1.9cV12.02-nv-ie, , [ea9f3ee134566fc71ed89e0c44bfab55],
PUP.Optional.Cinema.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CinemaP-1.9cV12.02-nv, , [0782f32cabdf9e984ea94466e61d3ec2],
PUP.Optional.Cinema.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CinemaP-1.9cV12.02-nv-ie, , [cebb67b86d1df145a3544268679c47b9],
PUP.Optional.Cinema.A, HKU\S-1-5-21-2086334020-214299838-3944995583-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CinemaP-1.9cV12.02, , [2267041b0d7dec4a6790822890736a96],
PUP.Optional.Cinema.A, HKU\S-1-5-21-2086334020-214299838-3944995583-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CinemaP-1.9cV12.02-nv, , [ea9fc7580b7f7abcbe3928828281eb15],
PUP.Optional.Cinema.A, HKU\S-1-5-21-2086334020-214299838-3944995583-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CinemaP-1.9cV12.02-nv-ie, , [8ffa6cb33357d0664aad7e2c887bcd33],
PUP.Optional.Qone8, HKU\S-1-5-21-2086334020-214299838-3944995583-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [24652ef182085fd7987e04f8030113ed],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2086334020-214299838-3944995583-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\30935, , [5e2bab74286214221af53276ff040df3],

Hodnoty registru: 1
Trojan.Agent.MNR, HKU\S-1-5-21-2086334020-214299838-3944995583-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|miner, "C:\Users\Alex\AppData\Roaming\miner\nircmd.exe" exec hide "C:\Users\Alex\AppData\Roaming\miner\start.bat", , [d0b98798b3d760d6f710af5231d48d73]

Data registru: 0
(Žádné zákerné zjištěny položek)

Složky: 1
PUP.Optional.Cinema.A, C:\Program Files (x86)\CinemaP-1.9cV12.02, , [36531d02cac086b00db0096f09fa669a],

Soubory: 42
PUP.Optional.ClientConnect, C:\AdwCleaner\Quarantine\C\Program Files (x86)\Tbccint\ToolbarService\ToolbarService.exe.vir, , [4f3afd22355504320a776d5a37cac13f],
PUP.Optional.ClientConnect, C:\AdwCleaner\Quarantine\C\ProgramData\Tbccint\IE\CT3329621\UninstallerUI.exe.vir, , [8cfd120d2961c076f190f0d7df228080],
PUP.Optional.ClientConnect, C:\AdwCleaner\Quarantine\C\ProgramData\Tbccint\Multi\CT3329621\UninstallerUI.exe.vir, , [8504fb2439519a9c3c45b61143be629e],
PUP.Optional.ClientConnect, C:\AdwCleaner\Quarantine\C\Users\Alex\AppData\Local\Tbccint\Community Alerts\Alert.dll.vir, , [4346b966682244f294ed8d3a2cd559a7],
PUP.Optional.Conduit.A, C:\AdwCleaner\Quarantine\C\Users\Alex\AppData\Local\Tbccint\CT3329621\BS_Player_ControlBar_BAutoUpdateHelper.exe.vir, , [8dfc50cf2b5f7bbbda80063ad92709f7],
PUP.Optional.Conduit.A, C:\AdwCleaner\Quarantine\C\Users\Alex\AppData\Local\Tbccint\CT3329621\BS_Player_ControlBar_BToolbarHelper.exe.vir, , [8cfdba650783e94d0b4f42fe02fe34cc],
PUP.Optional.ClientConnect, C:\AdwCleaner\Quarantine\C\Users\Alex\AppData\LocalLow\BS_Player_ControlBar_B\hk64tbBS_P.dll.vir, , [d6b3f52abad0d0663c4596318b76d52b],
PUP.Optional.ClientConnect, C:\AdwCleaner\Quarantine\C\Users\Alex\AppData\LocalLow\BS_Player_ControlBar_B\hktbBS_P.dll.vir, , [cdbc4ed1cdbdb87e93ee3f8861a0dc24],
PUP.Optional.ClientConnect, C:\AdwCleaner\Quarantine\C\Users\Alex\AppData\LocalLow\BS_Player_ControlBar_B\ldrtbBS_P.dll.vir, , [e7a2f52ad4b689ad245ddbec6c95ea16],
PUP.Optional.ClientConnect, C:\AdwCleaner\Quarantine\C\Users\Alex\AppData\LocalLow\BS_Player_ControlBar_B\prxtbBS_P.dll.vir, , [e8a149d690facc6aa9d82e99cf329a66],
PUP.Optional.ClientConnect, C:\AdwCleaner\Quarantine\C\Users\Alex\AppData\LocalLow\BS_Player_ControlBar_B\tbBS_P.dll.vir, , [0980e43bbad07fb788f924a3f60b837d],
PUP.Optional.Nova.A, C:\Program Files (x86)\AGEIA Technologies\1c86ea0b-c48e-4d2b-9dab-ad90af2d1c48.dll, , [6623140ba7e3ab8b589855b2c83a6b95],
PUP.Optional.Nova.A, C:\Program Files (x86)\CinemaP-1.9cV12.02\0f6531ac-84bf-45a1-b554-cf5463058954.dll, , [ee9b908fff8bce68c8287a8d679bf30d],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\CinemaP-1.9cV12.02\927b1222-e48d-4dcc-aafd-ef472139fb07-1-6.exe, , [6227150afa90e353218df9fccd385ba5],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\CinemaP-1.9cV12.02\927b1222-e48d-4dcc-aafd-ef472139fb07-1-7.exe, , [c6c3b96691f9df57e0ce01f4a85d946c],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\CinemaP-1.9cV12.02\927b1222-e48d-4dcc-aafd-ef472139fb07-10.exe, , [a3e6dc43afdbd16506a8965f778ebd43],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\CinemaP-1.9cV12.02\927b1222-e48d-4dcc-aafd-ef472139fb07-6.exe, , [0f7a49d6503ab87eddd103f21fe6c838],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\CinemaP-1.9cV12.02\927b1222-e48d-4dcc-aafd-ef472139fb07-7.exe, , [82071906e4a69d99614dfef7fb0ada26],
PUP.Optional.Nova.A, C:\Program Files (x86)\e40bd81a-300a-45d3-8b66-156fc6b891c1\9ed32917-9e66-4f3f-8dbf-cd4274d38464.dll, , [e5a4a6798dfd152107e95bac22e0659b],
PUP.Optional.BabylonToolBar.A, C:\System Volume Information\_restore{CDD60102-7C87-4A0E-B0C5-9BBA2330CE4B}\RP629\A0507878.dll, , [aedbfc23f496f83e1e3a2c136a97b050],
PUP.Optional.BabylonToolBar.A, C:\System Volume Information\_restore{CDD60102-7C87-4A0E-B0C5-9BBA2330CE4B}\RP629\A0507880.dll, , [791042dd2f5b6bcb4513dd6231d0bc44],
PUP.Optional.BabylonToolBar.A, C:\System Volume Information\_restore{CDD60102-7C87-4A0E-B0C5-9BBA2330CE4B}\RP629\A0507881.dll, , [5732e53a602ad75f391f0738ad5450b0],
PUP.Optional.BabylonToolBar.A, C:\System Volume Information\_restore{CDD60102-7C87-4A0E-B0C5-9BBA2330CE4B}\RP629\A0507883.exe, , [f792ad724e3c40f6490f7bc4c33ebe42],
PUP.Optional.BabylonToolBar.A, C:\System Volume Information\_restore{CDD60102-7C87-4A0E-B0C5-9BBA2330CE4B}\RP629\A0507887.dll, , [b9d02ff01e6c68ce4f09ff400af79e62],
PUP.Optional.BabylonToolBar.A, C:\System Volume Information\_restore{CDD60102-7C87-4A0E-B0C5-9BBA2330CE4B}\RP629\A0507888.exe, , [8efba27d6e1cea4c81d7a89709f815eb],
PUP.Optional.BabylonToolBar.A, C:\System Volume Information\_restore{CDD60102-7C87-4A0E-B0C5-9BBA2330CE4B}\RP629\A0507889.dll, , [8bfe97883456a88e3820c778c041857b],
PUP.Optional.BabylonToolBar.A, C:\System Volume Information\_restore{CDD60102-7C87-4A0E-B0C5-9BBA2330CE4B}\RP629\A0507891.exe, , [1d6cc659bfcb5adc273098a73fc27e82],
PUP.Optional.BabylonToolBar.A, C:\System Volume Information\_restore{CDD60102-7C87-4A0E-B0C5-9BBA2330CE4B}\RP629\A0507892.dll, , [a3e6fc233d4d03334d0b70cfac559070],
PUP.Optional.BabylonToolBar.A, C:\System Volume Information\_restore{CDD60102-7C87-4A0E-B0C5-9BBA2330CE4B}\RP629\A0507893.dll, , [6f1aba65484248eeb8a0340b35ccf40c],
PUP.Optional.BabylonToolBar.A, C:\System Volume Information\_restore{CDD60102-7C87-4A0E-B0C5-9BBA2330CE4B}\RP629\A0507894.exe, , [3356b9669eec0234d3858cb307facd33],
PUP.Optional.BabylonToolBar.A, C:\System Volume Information\_restore{CDD60102-7C87-4A0E-B0C5-9BBA2330CE4B}\RP629\A0507895.dll, , [058473ac7d0d3afce96f70cf8a77926e],
PUP.Optional.BabylonToolBar.A, C:\System Volume Information\_restore{CDD60102-7C87-4A0E-B0C5-9BBA2330CE4B}\RP629\A0507897.exe, , [08816db2800a38fe8bcce55a54adb24e],
PUP.Optional.BabylonToolBar.A, C:\System Volume Information\_restore{CDD60102-7C87-4A0E-B0C5-9BBA2330CE4B}\RP629\A0507898.dll, , [c0c92df211792d09f167b689a35e8977],
PUP.Optional.BabylonToolBar.A, C:\System Volume Information\_restore{CDD60102-7C87-4A0E-B0C5-9BBA2330CE4B}\RP629\A0507899.dll, , [7019b56a404a0a2c2b2db58adf22bc44],
PUP.Optional.BabylonToolBar.A, C:\System Volume Information\_restore{CDD60102-7C87-4A0E-B0C5-9BBA2330CE4B}\RP629\A0507900.exe, , [38519986a4e6ed4963f5b887df2245bb],
PUP.Optional.BabylonToolBar.A, C:\System Volume Information\_restore{CDD60102-7C87-4A0E-B0C5-9BBA2330CE4B}\RP629\A0507901.dll, , [0881d946840647ef61f74ff0ff02a858],
PUP.Optional.BabylonToolBar.A, C:\System Volume Information\_restore{CDD60102-7C87-4A0E-B0C5-9BBA2330CE4B}\RP629\A0507886.dll, , [7c0d100f27632c0a80d84ff06e9357a9],
Trojan.Agent.W, C:\Windows\Setup\SCRIPTS\Windows7Loader.exe, , [1a6f9c8315754aec380bd49ad82d46ba],
Trojan.BitcoinMiner, C:\Users\Alex\AppData\Roaming\miner\start.bat, , [0d7ce837b7d349ed466a4e684db6f808],
Trojan.Agent.MNR, C:\Users\Alex\AppData\Roaming\miner\nircmd.exe, , [d0b98798b3d760d6f710af5231d48d73],
PUP.Optional.Cinema.A, C:\Program Files (x86)\CinemaP-1.9cV12.02\496144f3-ecc6-473a-8aa9-665ccbca5dc3.dll, , [36531d02cac086b00db0096f09fa669a],
PUP.Optional.Cinema.A, C:\Program Files (x86)\CinemaP-1.9cV12.02\bgNova.html, , [36531d02cac086b00db0096f09fa669a],

Fyzické sektory: 0
(Žádné zákerné zjištěny položek)

(end)

#8 Příspěvek od **vyosek** » 17 úno 2015 15:03

luko píše:No dúfam že áno....kúpil som ho nainštaloval zadal produkt key....

A kupoval jste si verzi Windows Ultimate?? mate k tomu instalacni DVD nebo nalepku OEM???

Jelikoz je tam zcela jasne viditelny aktivator na nelegalni system a byl pouzit

VIRY.CZ

prosil by som o kontrolu dakujem

prosil by som o kontrolu dakujem

Re: prosil by som o kontrolu dakujem

Re: prosil by som o kontrolu dakujem

Re: prosil by som o kontrolu dakujem

Re: prosil by som o kontrolu dakujem

Re: prosil by som o kontrolu dakujem

Re: prosil by som o kontrolu dakujem

Re: prosil by som o kontrolu dakujem