VIRY.CZ

Prosím o kontrolu notebooku , provedl jsem sken MBAM na lezeno 30 malwaru (Miner ...) a tak prosím o kontrolu logu z RSIT
Logfile of random's system information tool 1.10 (written by random/random)
Run by Zbyna at 2015-04-11 16:57:49
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 313 GB (34%) free of 909 GB
Total RAM: 8094 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:58:16, on 11.4.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17689)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
C:\Program Files (x86)\LockKey\LockKey.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Games\World_of_Tanks_test\WoTLauncher.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Zbyna.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=s ... earchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=s ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: 65.112.87.186 armedass.available.gamespy.com #armed assault check
O1 - Hosts: 65.112.87.186 armedass.ms12.gamespy.com #armed assault server list
O1 - Hosts: 65.112.87.186 armedass.master.gamespy.com #armed assault heartbeats
O1 - Hosts: 65.112.87.186 battlefield2.available.gamespy.com #battlefield 2 check
O1 - Hosts: 65.112.87.186 battlefield2.ms14.gamespy.com #battlefield 2 server list
O1 - Hosts: 65.112.87.186 battlefield2.master.gamespy.com #battlefield 2 heartbeats
O1 - Hosts: 63.239.170.53 bf2web.gamespy.com #login locks up without this
O1 - Hosts: 65.112.87.186 bfvietnam.available.gamespy.com #battlefield vietnam check
O1 - Hosts: 65.112.87.186 bfvietnam.ms0.gamespy.com #battlefield vietnam
O1 - Hosts: 65.112.87.186 bfvietnam.master.gamespy.com #battlefield vietnam
O1 - Hosts: 65.112.87.186 bderlandspc.available.gamespy.com #borderlands check
O1 - Hosts: 65.112.87.186 bderlandspc.master.gamespy.com #borderlands heartbeats
O1 - Hosts: 65.112.87.186 bderlandspc.ms18.gamespy.com #borderlands server list
O1 - Hosts: 65.112.87.186 crysis.available.gamespy.com #crysis check
O1 - Hosts: 65.112.87.186 crysis.master.gamespy.com #crysis heartbeats
O1 - Hosts: 65.112.87.186 crysis.ms5.gamespy.com #crysis server list
O1 - Hosts: 65.112.87.186 crysiswars.available.gamespy.com #crysis wars check
O1 - Hosts: 65.112.87.186 crysiswars.master.gamespy.com #crysis wars heartbeats
O1 - Hosts: 65.112.87.186 crysiswars.ms2.gamespy.com #crysis wars server list
O1 - Hosts: 65.112.87.188 gamestats.gamespy.com #statistics, required by some games
O1 - Hosts: 63.239.170.53 motd.gamespy.com #message of the day placeholder
O1 - Hosts: 65.112.87.187 peerchat.gamespy.com #chat/lobby, required by some games
O1 - Hosts: 65.112.87.186 gpcm.gamespy.com #gamespy login session tracking
O1 - Hosts: 65.112.87.186 gpsp.gamespy.com #gamespy account validation
O1 - Hosts: 65.112.87.186 hd2.available.gamespy.com #hidden and dangerous 2 check
O1 - Hosts: 65.112.87.186 hd2.master.gamespy.com #hidden and dangerous 2 heartbeats
O1 - Hosts: 65.112.87.186 hd2.ms14.gamespy.com #hidden and dangerous 2 server list
O1 - Hosts: 213.165.90.5 hd2.ms14.gamespy.com
O1 - Hosts: 65.112.87.186 master.gamespy.com #older games server list
O1 - Hosts: 65.112.87.186 master0.gamespy.com #older games server list
O1 - Hosts: 65.112.87.186 nwn.available.gamespy.com #neverwinter nights check
O1 - Hosts: 65.112.87.186 nwn.master.gamespy.com #neverwinter nights heartbeats
O1 - Hosts: 65.112.87.186 painkiller.available.gamespy.com #painkiller check
O1 - Hosts: 65.112.87.186 painkiller.ms15.gamespy.com #painkiller server list
O1 - Hosts: 65.112.87.186 painkiller.master.gamespy.com #painkiller heartbeats
O1 - Hosts: 65.112.87.186 swbfront2pc.available.gamespy.com #star wars battlefront 2 check
O1 - Hosts: 65.112.87.186 swbfront2pc.ms6.gamespy.com #star wars battlefront 2 server list
O1 - Hosts: 65.112.87.186 swbfront2pc.master.gamespy.com #star wars battlefront 2 heartbeats
O1 - Hosts: 65.112.87.186 tribesv.available.gamespy.com #tribes vengeance check
O1 - Hosts: 65.112.87.186 tribesv.master.gamespy.com #tribes vengeance heartbeats
O1 - Hosts: 65.112.87.186 tribesv.ms15.gamespy.com #tribes vengeance server list
O1 - Hosts: 65.112.87.186 tron20.master.gamespy.com #tron heartbeats
O1 - Hosts: 65.112.87.186 tron20.ms9.gamespy.com #tron server list
O1 - Hosts: 65.112.87.186 vietcong2.available.gamespy.com #vietcong 2 check
O1 - Hosts: 65.112.87.186 vietcong2.master.gamespy.com #vietcong 2 heartbeats
O1 - Hosts: 65.112.87.186 vietcong2.ms1.gamespy.com #vietcong 2 server list
O1 - Hosts: 65.112.87.186 wolfmaster.idsoftware.com #rtcw
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll
O4 - HKLM\..\Run: [LockKey] C:\Program Files (x86)\LockKey\LockKey.exe
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [ApnTBMon] "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Odeslat do zařízení Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Odeslat do zařízení &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Ask Update Service (APNMCP) - APN LLC. - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP SI Service (HPSIService) - Unknown owner - C:\Windows\system32\HPSIsvc.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: Fast boot service of lenovo (NSDSvc) - Unknown owner - C:\Windows\System32\NSDSvc.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Reimage Real Time Protector (ReimageRealTimeProtector) - Reimage® - C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: AVG PC TuneUp Service (TuneUp.UtilitiesSvc) - AVG - C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 17654 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\system32\WLANExt.exe 19309200
\??\C:\Windows\system32\conhost.exe "-135795999784202507-1758357895-601269602-470474662-599328474-768258294-1625270345
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
"C:\Windows\system32\Dwm.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"taskhost.exe"
taskeng.exe {89EB79AA-4661-4B34-92C0-997CCC96972A}
C:\Windows\Explorer.EXE
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe"
"C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe"
"C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe"
"C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe"
"C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe"
"C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe" /TUStart /pid:2772
C:\Windows\system32\svchost.exe -k bthsvcs
"C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe"
"C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe"
"C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
ngservice.exe pipeserver
"C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\spoolsv.exe
"C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
"C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe"
C:\Windows\system32\HPSIsvc.exe
C:\Windows\system32\igfxCUIService.exe
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" nss 233bd772-f76d-44a1-8644-50a9900a6d1e 1
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" serviceapp
\??\C:\Windows\system32\conhost.exe "-14260287111622760283329960459-209543500325713822311561121802096666066-190155916
\??\C:\Windows\system32\conhost.exe "-1109124355-1009346401-185713512545687336-101733003710832849445522324411324377389
"C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service
"C:\Program Files (x86)\LockKey\LockKey.exe"
"C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe"
"C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe"
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4
"C:\Program Files\Realtek\Audio\HDA\FMAPP.exe"
"C:\Program Files\Realtek\Audio\HDA\FMAPP.exe" -START
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /LENOVO_MICPKEY
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="3428.0.1690758445\2064687611" --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,18,40 --gpu-vendor-id=0x8086 --gpu-device-id=0x0166 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=10.18.10.3958 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/CTRequiredForEVTrial/RequirementEnforced/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group8 pct:10h stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/NewProfileManagement/Enabled/OmniboxBundledExperimentV1/Hivemind_A2_Stable_R7_Postperiod/PasswordGeneration/Disabled/QUIC/Control/RememberCertificateErrorDecisions/Default/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_09/UMA-Uniformity-Trial-10-Percent/group_06/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-50-Percent/group_01/UwSInterstitialStatus/On/VoiceTrigger/Install/WebRTC-IPv6Default/Enabled/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --font-cache-shared-mem-suffix=3428 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --channel="3428.2.1389907256\518019390" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/CTRequiredForEVTrial/RequirementEnforced/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group8 pct:10h stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/NewProfileManagement/Enabled/OmniboxBundledExperimentV1/Hivemind_A2_Stable_R7_Postperiod/PasswordGeneration/Disabled/QUIC/Control/RememberCertificateErrorDecisions/Default/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_09/UMA-Uniformity-Trial-10-Percent/group_06/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-50-Percent/group_01/UwSInterstitialStatus/On/VoiceTrigger/Install/WebRTC-IPv6Default/Enabled/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --font-cache-shared-mem-suffix=3428 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --channel="3428.3.284110545\1384953955" /prefetch:673131151
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/CTRequiredForEVTrial/RequirementEnforced/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group8 pct:10h stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/NewProfileManagement/Enabled/OmniboxBundledExperimentV1/Hivemind_A2_Stable_R7_Postperiod/PasswordGeneration/Disabled/QUIC/Control/RememberCertificateErrorDecisions/Default/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_09/UMA-Uniformity-Trial-10-Percent/group_06/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-50-Percent/group_01/UwSInterstitialStatus/On/VoiceTrigger/Install/WebRTC-IPv6Default/Enabled/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --font-cache-shared-mem-suffix=3428 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --channel="3428.6.1261717331\749181104" /prefetch:673131151
"c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 6860
"C:\Games\World_of_Tanks_test\WoTLauncher.exe" -commit 97.427
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/CTRequiredForEVTrial/RequirementEnforced/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group8 pct:10h stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/NewProfileManagement/Enabled/OmniboxBundledExperimentV1/Hivemind_A2_Stable_R7_Postperiod/PasswordGeneration/Disabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/QUIC/Control/RememberCertificateErrorDecisions/Default/SHA1ToolbarUIJanuary2017/HTTP/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_09/UMA-Uniformity-Trial-10-Percent/group_06/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-50-Percent/group_01/UwSInterstitialStatus/On/VoiceTrigger/Install/WebRTC-IPv6Default/Enabled/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --font-cache-shared-mem-suffix=3428 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --channel="3428.76.1189027550\543181027" /prefetch:673131151
"C:\Windows\system32\taskmgr.exe" /4
"C:\Windows\system32\SearchFilterHost.exe" 0 536 540 548 65536 544

"C:\Users\Zbyna\Downloads\RSITx64.exe"
C:\Windows\System32\svchost.exe -k WerSvcGroup

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [2013-12-19 6671064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-24 551848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14 2117216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-24 212904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-24 460712]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14 1709152]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-24 172968]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-12-16 2866960]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-12-11 13776088]
"RtHDVBg_Dolby"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-12-11 1391472]
"OnekeyStudio"=C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [2013-04-20 789856]
"UpdatePRCShortCut"=C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [2009-05-14 222504]
"Energy Management"=C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [2013-04-20 8076848]
"EnergyUtility"=C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [2013-04-20 6199344]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2014-12-13 2531472]
"ShadowPlay"=C:\Windows\system32\nvspcap64.dll [2014-12-13 2824504]
"RtHDVBg_LENOVO_DOLBYDRAGON"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-12-11 1391472]
"RtHDVBg_LENOVO_MICPKEY"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-12-11 1391472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnTBMon]
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2014-03-04 3696912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files (x86)\QuickTime\QTTask.exe [2010-11-29 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-03-07 335232]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"LockKey"=C:\Program Files (x86)\LockKey\LockKey.exe [2011-08-26 337776]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2011-11-30 284440]
"VeriFaceManager"=C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [2013-04-20 329056]
"UpdatePRCShortCut"=C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [2009-05-14 222504]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2015-03-31 5227648]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2011-12-05 291096]
"ApnTBMon"=C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware (cleanup)"=C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [2015-03-17 54072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\Windows\system32\nvinitx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
igfxdev.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [2013-12-19 6671064]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\Program Files\Lenovo\Bluetooth Software\BtwProximityCP.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bttray.exe]
"Debugger=""C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\filedecrypt.exe]
"Debugger=""C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\imfrmwrk.exe]
"Debugger=""C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\open energymanagement.exe]
"Debugger=""C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\veriface.exe]
"Debugger=""C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\youcam.exe]
"Debugger=""C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux2"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux3"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"aux4"=wdmaud.drv
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
"aux5"=wdmaud.drv
"wave9"=wdmaud.drv
"midi9"=wdmaud.drv
"mixer9"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2015-04-11 16:57:53 ----D---- C:\Program Files\trend micro
2015-04-11 16:57:48 ----D---- C:\rsit
2015-04-11 16:56:44 ----A---- C:\Windows\system32\drivers\kfkmjl.sys
2015-04-11 15:35:36 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2015-04-11 15:32:10 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2015-04-11 15:32:01 ----A---- C:\Windows\system32\drivers\mwac.sys
2015-04-11 15:31:53 ----A---- C:\Windows\system32\drivers\mbam.sys
2015-04-11 15:31:38 ----D---- C:\ProgramData\Malwarebytes
2015-04-11 15:31:38 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-11 14:01:14 ----D---- C:\Games
2015-04-04 22:49:59 ----SD---- C:\Windows\SYSWOW64\GWX
2015-04-04 22:49:59 ----SD---- C:\Windows\system32\GWX
2015-03-28 17:25:25 ----D---- C:\Users\Zbyna\AppData\Roaming\java
2015-03-28 17:17:03 ----D---- C:\ProgramData\LogMeIn
2015-03-28 17:13:50 ----AH---- C:\Windows\system32\hamachi.sys
2015-03-26 12:11:54 ----D---- C:\Windows\SYSWOW64\NV
2015-03-26 12:11:54 ----D---- C:\Windows\system32\NV
2015-03-26 12:06:01 ----A---- C:\Windows\SYSWOW64\nvwgf2um.dll
2015-03-26 12:06:01 ----A---- C:\Windows\SYSWOW64\nvopencl.dll
2015-03-26 12:06:01 ----A---- C:\Windows\SYSWOW64\nvoglv32.dll
2015-03-26 12:06:01 ----A---- C:\Windows\SYSWOW64\nvoglshim32.dll
2015-03-26 12:06:01 ----A---- C:\Windows\SYSWOW64\NvIFROpenGL.dll
2015-03-26 12:06:01 ----A---- C:\Windows\SYSWOW64\NvIFR.dll
2015-03-26 12:06:01 ----A---- C:\Windows\SYSWOW64\NvFBC.dll
2015-03-26 12:06:01 ----A---- C:\Windows\SYSWOW64\nvEncodeAPI.dll
2015-03-26 12:06:01 ----A---- C:\Windows\system32\nvwgf2umx.dll
2015-03-26 12:06:01 ----A---- C:\Windows\system32\nvopencl.dll
2015-03-26 12:06:01 ----A---- C:\Windows\system32\nvoglv64.dll
2015-03-26 12:06:01 ----A---- C:\Windows\system32\nvoglshim64.dll
2015-03-26 12:06:01 ----A---- C:\Windows\system32\NvIFROpenGL.dll
2015-03-26 12:06:01 ----A---- C:\Windows\system32\NvIFR64.dll
2015-03-26 12:06:01 ----A---- C:\Windows\system32\NvFBC64.dll
2015-03-26 12:06:01 ----A---- C:\Windows\system32\nvEncodeAPI64.dll
2015-03-26 12:06:01 ----A---- C:\Windows\system32\nvdispgenco6434788.dll
2015-03-26 12:06:01 ----A---- C:\Windows\system32\nvdispco6434788.dll
2015-03-26 12:06:01 ----A---- C:\Windows\system32\drivers\nvpciflt.sys
2015-03-26 12:06:01 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2015-03-26 12:06:00 ----A---- C:\Windows\SYSWOW64\nvcuvid.dll
2015-03-26 12:06:00 ----A---- C:\Windows\SYSWOW64\nvcuda.dll
2015-03-26 12:06:00 ----A---- C:\Windows\SYSWOW64\nvcompiler.dll
2015-03-26 12:06:00 ----A---- C:\Windows\SYSWOW64\nvapi.dll
2015-03-26 12:06:00 ----A---- C:\Windows\system32\nvd3dumx.dll
2015-03-26 12:06:00 ----A---- C:\Windows\system32\nvcuvid.dll
2015-03-26 12:06:00 ----A---- C:\Windows\system32\nvcuda.dll
2015-03-26 12:06:00 ----A---- C:\Windows\system32\nvcompiler.dll
2015-03-25 11:34:32 ----A---- C:\Windows\system32\invagent.dll
2015-03-25 11:34:32 ----A---- C:\Windows\system32\generaltel.dll
2015-03-25 11:34:32 ----A---- C:\Windows\system32\devinv.dll
2015-03-25 11:34:32 ----A---- C:\Windows\system32\appraiser.dll
2015-03-25 11:34:32 ----A---- C:\Windows\system32\aeinv.dll
2015-03-25 11:34:32 ----A---- C:\Windows\system32\acmigration.dll
2015-03-25 11:34:31 ----A---- C:\Windows\system32\aepic.dll
2015-03-25 11:34:31 ----A---- C:\Windows\system32\aepdu.dll
2015-03-24 16:26:58 ----D---- C:\ProgramData\Reimage Protector
2015-03-24 16:26:50 ----D---- C:\Program Files\Reimage
2015-03-24 16:07:47 ----A---- C:\Windows\system32\WindowsAccessBridge-64.dll
2015-03-24 16:05:45 ----D---- C:\Program Files\Java
2015-03-24 15:57:28 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2015-03-24 15:20:33 ----D---- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-03-24 15:14:29 ----D---- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2015-03-24 15:12:55 ----D---- C:\Program Files (x86)\QuickTime
2015-03-23 18:13:43 ----D---- C:\Program Files\Common Files\Apple

======List of files/folders modified in the last 1 month======

2015-04-11 16:58:08 ----D---- C:\Windows\Temp
2015-04-11 16:57:53 ----D---- C:\Program Files
2015-04-11 16:56:44 ----D---- C:\Windows\system32\drivers
2015-04-11 16:56:44 ----D---- C:\Windows\cs-CZ
2015-04-11 16:56:37 ----HD---- C:\ProgramData
2015-04-11 16:56:36 ----D---- C:\Windows\SysWOW64
2015-04-11 15:31:38 ----D---- C:\Program Files (x86)
2015-04-11 14:04:13 ----D---- C:\Windows\system32\config
2015-04-11 13:55:10 ----D---- C:\ProgramData\VeriFace
2015-04-11 13:55:10 ----AD---- C:\Windows\System32
2015-04-11 07:31:16 ----D---- C:\Windows\Prefetch
2015-04-11 07:30:58 ----SHD---- C:\System Volume Information
2015-04-10 21:40:44 ----D---- C:\Users\Zbyna\AppData\Roaming\uTorrent
2015-04-10 19:54:55 ----D---- C:\hry
2015-04-10 14:21:01 ----D---- C:\Users\Zbyna\AppData\Roaming\Skype
2015-04-10 09:19:42 ----D---- C:\Filmy
2015-04-10 07:37:07 ----SHD---- C:\Windows\Installer
2015-04-10 07:36:53 ----D---- C:\ProgramData\Skype
2015-04-10 07:34:09 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-04-09 21:30:35 ----D---- C:\Users\Zbyna\AppData\Roaming\TS3Client
2015-04-09 07:11:19 ----D---- C:\Windows\system32\Tasks
2015-04-07 23:03:00 ----D---- C:\Users\Zbyna\AppData\Roaming\vlc
2015-04-05 13:45:26 ----AD---- C:\Windows
2015-04-05 13:07:22 ----D---- C:\Windows\SYSWOW64\cs-CZ
2015-04-05 13:07:22 ----D---- C:\Windows\system32\cs-CZ
2015-04-05 13:06:07 ----D---- C:\Windows\SYSWOW64\RTCOM
2015-04-05 13:05:51 ----D---- C:\Windows\inf
2015-04-05 13:05:29 ----D---- C:\Windows\system32\DriverStore
2015-04-04 22:50:22 ----D---- C:\Windows\winsxs
2015-04-04 22:50:14 ----D---- C:\Windows\Logs
2015-04-03 18:43:53 ----D---- C:\Windows\system32\NDF
2015-04-03 14:44:13 ----D---- C:\Windows\ModemLogs
2015-04-01 17:37:00 ----A---- C:\Windows\SYSWOW64\PnkBstrB.exe
2015-04-01 09:50:37 ----D---- C:\Users\Zbyna\AppData\Roaming\.minecraft
2015-03-30 16:32:16 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2015-03-30 16:30:42 ----D---- C:\ProgramData\Alternative Software Ltd
2015-03-28 17:12:14 ----D---- C:\Windows\system32\catroot2
2015-03-27 18:11:00 ----SHD---- C:\$RECYCLE.BIN
2015-03-26 12:11:51 ----D---- C:\ProgramData\NVIDIA
2015-03-26 12:08:16 ----D---- C:\Program Files\NVIDIA Corporation
2015-03-25 14:06:09 ----SD---- C:\Windows\system32\CompatTel
2015-03-25 14:06:08 ----D---- C:\Windows\system32\wbem
2015-03-25 14:06:08 ----D---- C:\Windows\system32\appraiser
2015-03-25 14:06:08 ----D---- C:\Windows\AppPatch
2015-03-24 19:25:01 ----DC---- C:\Windows\system32\DRVSTORE
2015-03-24 18:08:19 ----D---- C:\Windows\system32\catroot
2015-03-24 18:07:58 ----D---- C:\Windows\system32\drivers\etc
2015-03-24 16:27:56 ----A---- C:\Windows\Reimage.ini
2015-03-24 15:57:43 ----D---- C:\Program Files (x86)\Common Files
2015-03-24 15:57:42 ----D---- C:\ProgramData\Oracle
2015-03-24 15:13:31 ----D---- C:\Program Files\Internet Explorer
2015-03-23 18:13:43 ----D---- C:\Program Files\Common Files
2015-03-23 18:13:08 ----D---- C:\ProgramData\Apple
2015-03-20 22:28:04 ----D---- C:\ProgramData\Origin
2015-03-20 22:27:31 ----D---- C:\Program Files (x86)\Origin
2015-03-13 21:41:47 ----A---- C:\Windows\SYSWOW64\nvumdshim.dll
2015-03-13 21:41:47 ----A---- C:\Windows\SYSWOW64\nvinit.dll
2015-03-13 21:41:47 ----A---- C:\Windows\SYSWOW64\nvd3dum.dll
2015-03-13 21:41:47 ----A---- C:\Windows\system32\nvumdshimx.dll
2015-03-13 21:41:47 ----A---- C:\Windows\system32\nvinitx.dll
2015-03-13 21:41:47 ----A---- C:\Windows\system32\nvapi64.dll
2015-03-13 18:16:47 ----A---- C:\Windows\system32\nvsvc64.dll
2015-03-13 18:16:47 ----A---- C:\Windows\system32\nvcpl.dll
2015-03-13 18:16:45 ----A---- C:\Windows\SYSWOW64\oemdspif.dll
2015-03-13 18:16:45 ----A---- C:\Windows\system32\nvvsvc.exe
2015-03-13 18:16:45 ----A---- C:\Windows\system32\nvsvcr.dll
2015-03-13 18:16:45 ----A---- C:\Windows\system32\nvshext.dll
2015-03-13 18:16:45 ----A---- C:\Windows\system32\nvmctray.dll
2015-03-13 18:16:45 ----A---- C:\Windows\system32\nv3dappshextr.dll
2015-03-13 18:16:45 ----A---- C:\Windows\system32\nv3dappshext.dll
2015-03-12 19:48:07 ----D---- C:\Windows\rescache
2015-03-12 09:09:49 ----RD---- C:\Program Files (x86)\Skype
2015-03-12 08:56:33 ----D---- C:\Program Files\Windows Media Player
2015-03-12 08:56:33 ----D---- C:\Program Files (x86)\Windows Media Player
2015-03-12 08:56:32 ----D---- C:\Windows\SYSWOW64\Dism
2015-03-12 08:56:31 ----D---- C:\Windows\system32\Dism
2015-03-12 08:56:30 ----D---- C:\Windows\system32\en-US
2015-03-12 08:56:28 ----D---- C:\Windows\system32\CodeIntegrity
2015-03-12 08:56:28 ----D---- C:\Windows\system32\Boot
2015-03-12 07:27:53 ----D---- C:\Windows\SYSWOW64\en-US
2015-03-12 07:27:52 ----D---- C:\Program Files (x86)\Internet Explorer
2015-03-12 07:27:35 ----D---- C:\ProgramData\Microsoft Help
2015-03-12 07:21:09 ----D---- C:\Windows\system32\MRT
2015-03-12 07:12:34 ----A---- C:\Windows\system32\MRT.exe
2015-03-12 07:10:15 ----A---- C:\Windows\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2014-12-20 65776]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2014-12-20 267632]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2011-11-30 568600]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2011-12-05 16152]
R0 LHDmgr;LHDmgr; C:\Windows\System32\DRIVERS\LhdX64.sys [2013-04-20 39008]
R0 NSD;NSD; C:\Windows\system32\drivers\nsd.sys [2011-12-24 24160]
R0 nvpciflt;nvpciflt; C:\Windows\system32\DRIVERS\nvpciflt.sys [2015-03-13 32456]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2014-12-20 93568]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2014-12-20 1050432]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2014-12-20 436624]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2014-03-22 283064]
R1 nm3;Microsoft Network Monitor 3 Driver; C:\Windows\system32\DRIVERS\nm3.sys [2010-06-09 46392]
R1 Nsdfltr;Nsdfltr; C:\Windows\system32\drivers\Nsdfltr.sys [2011-12-22 59488]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2014-12-20 29208]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2014-12-20 83280]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2014-12-20 116728]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver; C:\Windows\system32\DRIVERS\AcpiVpc.sys [2013-04-20 30816]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter; C:\Windows\system32\DRIVERS\AMPPAL.sys [2011-12-05 195584]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter; C:\Windows\system32\drivers\bcbtums.sys [2011-12-23 134696]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
R3 btwampfl;btwampfl Bluetooth filter driver; \??\C:\Windows\system32\drivers\btwampfl.sys [2011-12-23 621096]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2011-12-23 167976]
R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\DRIVERS\btwavdt.sys [2011-12-23 178728]
R3 BTWDPAN;Bluetooth Personal Area Network; C:\Windows\system32\DRIVERS\btwdpan.sys [2011-12-23 89640]
R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2011-12-23 39976]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2011-12-23 21544]
R3 clwvd;CyberLink WebCam Virtual Driver; C:\Windows\system32\DRIVERS\clwvd.sys [2011-01-29 31088]
R3 hswpan;WPAN Driver; C:\Windows\system32\DRIVERS\hswpan.sys [2011-12-08 108288]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2014-10-01 3828152]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2014-12-11 4351960]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\iusb3hub.sys [2011-12-05 355096]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2011-12-05 785688]
R3 iwdbus;IWD Bus Enumerator; C:\Windows\system32\DRIVERS\iwdbus.sys [2011-12-21 25496]
R3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2011-08-25 173656]
R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys [2011-11-15 111216]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2015-03-17 25816]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [2015-04-11 136408]
R3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [2015-03-17 63704]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2012-07-17 62784]
R3 NETwNs64;___ Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows 7 64 Bit; C:\Windows\system32\DRIVERS\NETwsw00.sys [2013-11-26 11530992]
R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-12-13 19600]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2014-11-22 38032]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2011-12-16 411920]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [2013-09-18 14112]
S3 AF15BDA;AF9015 BDA Device; C:\Windows\system32\DRIVERS\AF15BDA.sys [2014-05-29 507392]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol; C:\Windows\system32\DRIVERS\amppal.sys [2011-12-05 195584]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 cpuz134;cpuz134; \??\C:\Users\Zbyna\AppData\Local\Temp\cpuz134\cpuz134_x64.sys []
S3 esgiguard;esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys []
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\Windows\system32\DRIVERS\ew_hwusbdev.sys []
S3 ew_usbenumfilter;huawei_CompositeFilter; C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys []
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2015-01-14 33856]
S3 huawei_cdcacm;huawei_cdcacm; C:\Windows\system32\DRIVERS\ew_jucdcacm.sys []
S3 huawei_enumerator;huawei_enumerator; C:\Windows\system32\DRIVERS\ew_jubusenum.sys []
S3 huawei_ext_ctrl;huawei_ext_ctrl; C:\Windows\system32\DRIVERS\ew_juextctrl.sys []
S3 huawei_wwanecm;huawei_wwanecm; C:\Windows\system32\DRIVERS\ew_juwwanecm.sys []
S3 intaud_WaveExtensible;Intel WiDi Audio Device; C:\Windows\system32\drivers\intelaud.sys [2011-12-21 34200]
S3 massfilter_hs;HS HandSet Mass Storage Filter Driver; \??\C:\Windows\system32\drivers\massfilter_hs.sys [2012-06-08 20232]
S3 mvusbews;USB EWS Device; C:\Windows\System32\Drivers\mvusbews.sys [2012-12-24 20480]
S3 NETwNx64;___ Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows XP 64 Bit; C:\Windows\system32\DRIVERS\NETwNx64.sys [2011-12-01 11037696]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2010-11-21 109056]
S3 tap0901;TAP-Win32 Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2014-02-07 38216]
S3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2009-07-14 38400]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2014-08-15 54784]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-18 65432]
R2 APNMCP;Ask Update Service; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [2015-01-31 177560]
R2 Apple Mobile Device Service;Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-01-20 77128]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-12-20 50344]
R2 c2cautoupdatesvc;Skype Click to Call Updater; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-07-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-07-14 1767520]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2011-12-08 618256]
R2 GfExperienceService;NVIDIA GeForce Experience Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-12-13 1148560]
R2 HPSIService;HP SI Service; C:\Windows\system32\HPSIsvc.exe [2011-11-11 126520]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-30 13592]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service; C:\Windows\system32\igfxCUIService.exe [2014-10-01 319376]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-09 607456]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-03-17 1080120]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-03-17 1871160]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-12-13 1701520]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-12-13 19823248]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2015-03-13 935056]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2015-02-22 66872]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2011-12-08 148752]
R2 ReimageRealTimeProtector;Reimage Real Time Protector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2015-01-14 7410024]
R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2014-07-14 2253112]
R3 AvastVBoxSvc;AvastVBox COM Service; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2014-12-20 4012248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19 107912]
S2 NSDSvc;Fast boot service of lenovo; C:\Windows\System32\NSDSvc.exe [2011-12-24 120160]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-02-18 315488]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05 267440]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2014-10-01 281488]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19 107912]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-02-20 114688]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2013-12-19 50942144]
S3 npggsvc;nProtect GameGuard Service; C:\Windows\syswow64\GameMon.des [2014-05-06 3071632]
S3 Origin Client Service;Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2015-03-20 1910640]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2014-07-16 542912]
S4 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service; C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-12-05 659968]
S4 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service; C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-12-05 135952]
S4 btwdins;Bluetooth Service; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [2011-12-22 1086752]
S4 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2011-12-16 161560]
S4 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2011-12-16 277784]
S4 MyWiFiDHCPDNS;Wireless PAN DHCP Server; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-12-08 273168]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-12-16 363800]

-----------------EOF-----------------

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

# AdwCleaner v4.201 - Log vytvořen 11/04/2015 v 18:19:21
# Aktualizováno 08/04/2015 by Xplode
# Databáze : 2015-04-08.1 [Server]
# Operační system : Windows 7 Home Premium Service Pack 1 (x64)
# Uživatelské jméno : Zbyna - ZBYNA-NB
# Spuštěno z : C:\Users\Zbyna\Downloads\adwcleaner_4.201.exe
# Nastavení : Čištění

***** [ Služby ] *****

Služba Smazáno : APNMCP
[#] Služba Smazáno : ReimageRealTimeProtector
[#] Služba Smazáno : WindowsMangerProtect

***** [ Soubory / Složky ] *****

Složka Smazáno : C:\ProgramData\apn
Složka Smazáno : C:\ProgramData\AskPartnerNetwork
Složka Smazáno : C:\ProgramData\Partner
Složka Smazáno : C:\ProgramData\Reimage Protector
Složka Smazáno : C:\ProgramData\ytd video downloader
Složka Smazáno : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
Složka Smazáno : C:\Program Files (x86)\AskPartnerNetwork
Složka Smazáno : C:\Program Files (x86)\GreenTree Applications
Složka Smazáno : C:\Windows\Util
Složka Smazáno : C:\Users\Zbyna\AppData\Local\Temp\apn
Složka Smazáno : C:\Program Files\Reimage
Složka Smazáno : C:\Users\Zbyna\AppData\Local\AskPartnerNetwork
Složka Smazáno : C:\Users\Zbyna\AppData\Roaming\mystartsearch
Soubor Smazáno : C:\Windows\Reimage.ini
Soubor Smazáno : C:\Users\Zbyna\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
Soubor Smazáno : C:\Users\Zbyna\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
Soubor Smazáno : C:\Users\Zbyna\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_wlogin.icq.com_0.localstorage
Soubor Smazáno : C:\Users\Zbyna\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_wlogin.icq.com_0.localstorage-journal

***** [ Naplánované úlohy ] *****

Úloha Smazáno : ReimageUpdater

***** [ Zástupci ] *****


***** [ Registry ] *****

Klíč Smazáno : HKLM\SOFTWARE\Classes\AppID\SMBarBroker.EXE
Klíč Smazáno : HKLM\SOFTWARE\Classes\SMBarBroker.SMBarDealer
Klíč Smazáno : HKLM\SOFTWARE\Classes\SMBarBroker.SMBarDealer.1
Hodnota Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Klíč Smazáno : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
Klíč Smazáno : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
Klíč Smazáno : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
Klíč Smazáno : HKLM\SOFTWARE\Classes\AppID\{3A188115-B81B-48F2-A958-F974C8F3F309}
Klíč Smazáno : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{43769158-3B03-4932-8D8A-8F0F344BF024}
Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{78CE34FD-F6D4-4866-B79C-A37268D06A04}
Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{80904944-C726-4C7D-A452-3FFF2A882095}
Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Klíč Smazáno : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{78CE34FD-F6D4-4866-B79C-A37268D06A04}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{80904944-C726-4C7D-A452-3FFF2A882095}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Klíč Smazáno : HKCU\Software\AskPartnerNetwork
Klíč Smazáno : HKCU\Software\Reimage
Klíč Smazáno : HKCU\Software\AppDataLow\Software\WinToFlash Suggestor
Klíč Smazáno : HKLM\SOFTWARE\AskPartnerNetwork
Klíč Smazáno : HKU\.DEFAULT\Software\AskPartnerNetwork
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Reimage
Klíč Smazáno : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Reimage Protector
Klíč Smazáno : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
Klíč Smazáno : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\icq.com
Klíč Smazáno : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\wlogin.icq.com

***** [ Prohlížeče ] *****

-\\ Internet Explorer v11.0.9600.17689


-\\ Google Chrome v41.0.2272.118

[C:\Users\Zbyna\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Smazáno [Extension] : aaaaaiabcopkplhgaedhbloeejhhankf
[C:\Users\Zbyna\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Smazáno [Startup_URLs] : hxxp://www.mystartsearch.com/?type=hp&ts=14190 ... J9ECC23932

-\\ Chromium v


*************************

AdwCleaner[R0].txt - [5340 bytů] - [11/04/2015 18:18:07]
AdwCleaner[S0].txt - [5080 bytů] - [11/04/2015 18:19:21]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5138 bytů] ##########

Dejte nový log RSIT.