VIRY.CZ

Logfile of random's system information tool 1.10 (written by random/random)
Run by Chichi at 2015-11-20 16:52:44
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 6 GB (5%) free of 122 GB
Total RAM: 8191 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:52:49, on 20.11.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.18631)
Boot mode: Normal

Running processes:
C:\Windows\SysWOW64\ExMgr.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\Chichi\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\QIP 2012\qip.exe
C:\Users\Chichi\AppData\Local\Akamai\netsession_win.exe
C:\Users\Chichi\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Users\Chichi\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe
C:\Program Files (x86)\QIP 2012\qip.exe
C:\Program Files\trend micro\Chichi.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=s ... earchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=s ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 0.0.0.1 mssplus.mcafee.com
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - (no file)
O2 - BHO: SourceApp 1.0.0.4 - {9f7ab9c4-4da3-440e-ba84-95903165f129} - (no file)
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~2\Office15\GROOVEEX.DLL
O4 - HKLM\..\Run: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [ADSKAppManager] "C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe" -showminimized -checkautorun
O4 - HKLM\..\Run: [Endeavors Technologies Application Jukebox Core] "C:\Program Files\Numecent\Application Jukebox Player\CoreCLI.exe" client start
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\Chichi\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\Chichi\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Chichi\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Infium] "C:\Program Files (x86)\QIP 2012\qip.exe" /autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Autodesk Application Manager Service (AdAppMgrSvc) - Autodesk Inc. - C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ATLMonitorService - Cmedia Electronics Inc - C:\Windows\system\MonitorService.exe
O23 - Service: ATLOISAService - Cmedia Electronics Inc. - C:\Windows\system\ATLOISAService.exe
O23 - Service: Autodesk Content Service - Autodesk, Inc. - C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FlexNet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: ihpmServer - Ray you - C:\Program Files (x86)\RayDld\ihpmServer.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.11.226\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Streaming Core Service (StreamingCore) - Numecent, Inc. - C:\Program Files\Numecent\Application Jukebox Player\StreamingCore.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WF 1.10.0.28 Client Service (wfsrvc_1.10.0.28) - WF - C:\Program Files (x86)\WordFly_1.10.0.28\Service\wfsrvc.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12493 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
taskeng.exe {CC050AC1-5D72-4FE3-8418-F512752DD905}
"taskhost.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE"
"C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe"
"C:\Windows\SysWOW64\ExMgr.exe" Envoke
"C:\Program Files\ASUS Phoebus Audio Sound Card\CPL\Phoebus_x64.exe" /h /d
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"C:\Program Files\Bentley\Bentley Live Player\bentleyliveplayer.exe" -ProviderTag=82233c04-154e-4caf-b22a-92ad3019c980 /NoSplashScreen /CheckAutoStart
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
"C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe"
"C:\Users\Chichi\AppData\Local\Akamai\netsession_win.exe"
"C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE"
"C:\Program Files (x86)\QIP 2012\qip.exe" /autorun
"C:/Users/Chichi/AppData/Local/Akamai/netsession_win.exe" --client
szndesktop.exe default start
"C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart
"C:\Program Files (x86)\RayDld\ihpmServer.exe"
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
"C:\Users\Chichi\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe"
\??\C:\Windows\system32\conhost.exe "-10609624148252903611586439673-2050930755870155581527903631607682889-61227688
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe"
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Users\Chichi\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe" -showminimized -checkautorun
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Numecent\Application Jukebox Player\StreamingCore.exe" /srv
"C:\Program Files (x86)\WordFly_1.10.0.28\Service\wfsrvc.exe"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files\Numecent\Application Jukebox Player\CoreHelper.exe" -t 4294967295
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files\Windows Media Player\wmpnetwk.exe"

"C:\Program Files (x86)\QIP 2012\qip.exe" /flash 394168 "https://youtube.com/v/8Xm0zLDyoVQ?autoplay=1" 0
"C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe"
"C:\Users\Chichi\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\40db1533-f551-4998-8bca-934da85073e3-1-6.job - C:\Program Files (x86)\CinemaP-1.9cV09.11\40db1533-f551-4998-8bca-934da85073e3-1-6.exe /rawdata=s31lz6C9lUTepLN4PDcBF9DDMvc7t7Vw/35PxHYf8rSc6sklqKUfzAW70fi1kpAI7yscyjDLnpW8+Af+F1g3d+aj41KYnn1edtdZSyeHnDEWoB9GrGkM/4u3Hjl++FMBHyJzRkBWO/QQP+BZYpBfXiaeN/bj7LJ2+1ZQTuw1EHQK6o9mN3ttQH2cOPCRUT0CGUlXX4IU6mxH9c6nrEv15E8QDQHSKdXT1JkoCGbKAZMV49DRq4sjZsnVrHpnFt3mwCj+Uh+Ts2cViwbErWiNaGuX31SKkUXtbtZr1wjgHe+dX5mK4qXXBJp11gf8dDgDTO4161zJg/psV0mz89JP/p1X1x5M3msb5C7RIBZaew9nYH78zoerpy6XM922Dv8cKVDkHp3romR+LeHzY0xfyo+vlT4WFn72chMsUMdPmFEAwVI/D6JkvSCklH4Q+v7LFAIuQhRP1FQdYfq4FVlqFV+V07k40zte609EiTfK5P2wnWobgvEN84zIqlhTeR81SEYZQwNnw7itsrufW1cYyAcpXsiIk0rHaKcb6pPUoXgdgNcslW/IRCD6PUjfSBhwv5PgQaof5AhSX/Utk/EJI/XjLEeLZ7FXUSQSy8ZFF5Un1/RmImrNYm+zEpHgJesIlHmWn8v3emfXJD1DZn6mZ/SBE0+tGdUPMl/UFsnp1vh9llJUzbZ2j7bXc1QpSZzumNwkzoaebV8MsO6/TsVMgSPkUTpcQi0vjEDfalDcjueSAZn3sjvzAOFPAuWUjg1q6lnai86P3x9+fpDHp8NgYSzAzK7dHPnSDx1iD8iyMiLQT3L1G2aJBC4Vidujhkjd5xCYdwdsO27pM+grRMyg5J0sMLrJoKDSzf13IS3WuWLHwXs/DQSwqzhSIrojTii5ZcrUlt0aDiVkn/A1h3GO7d0O4L0PH5KISSnlWgYAq9BknmnZJEW3jwjjAm29VR8G6XaXtUq2bH0lI/6t0VfSBaTPd777uGQBs2QFV1v/g8ud1DhT3U9TH+N56+26VdU3ZdJO9qHL0dOyByUrgUSoyfo71jqfen5I2rtcSRMFZppRsw9jS1gG1HJ1RVPHhOIDgh0+mX0I5xnlnliAj5rSnh4rMnFy2YjLzCHvlDaTPvPQ2kHV1wJRTA39DH48tB0fPIw0q3Evfpy/2+3T/U5VAue3A1h9j5OpFSaF/9cezFA7IEBVXN3tfgdz7mkwnvtFSVaz4FZ2ECAAs0qGENUOX9Q6E/h8/RV75zCxJVZbStk00ydzXc6MgHIuscsObHd/MhiGF70SJQDr7/NBiGNm7PRJGU0wqIou+5Lh/RrciciMwO+UEJQYKtOWdZfKguqIpbGkYauje+5b7AHqHM+Ksw==
C:\Windows\tasks\40db1533-f551-4998-8bca-934da85073e3-1-7.job - C:\Program Files (x86)\CinemaP-1.9cV09.11\40db1533-f551-4998-8bca-934da85073e3-1-7.exe /rawdata=a9Q21e/g7Fk7n+9i9K3CyPz97j1+VYKTDrvG2I0Eodi0LwkHoDNDiNsEhZab9kEfRHvyMqynssX21qXWm0DiK5VGO263TL3IlZO6MY7l30gcWVSX3iknnOgvVta1dQf7sSAh0gG3+eiZj9DwBkGhQ2osrOsi007AUgK9crOujxsma9gMl7hFLpS4Sv3Wos+/7o3hObNthQQ1cbizQK5HynVyqejNWaILEin2rZtHutroACanSbb6o4ED+qFeuzb6n7tqYxmjEJVRjw69DZCr9p3lYwnuXe4+gpOrY6rNjk0PVC7o++ZKIb4Q8DwVyDqmT5PULrfXgebyCyKFyODy3sHVWkX27fyVdOWQwVBGbUWBefBZoPEgagV+e5ZXPOetLIvYO6BWIg2yrotU9Lg09Iug+cx4Rsjtxbn4s7ObcXBF6LVIHZSCDyNSZJo7Auz0l3Xb7dZdpOkKjRO0QOVJcfydJ2vI/elQn6H1dl9eM5RFlA4nftjrohb81Ih3vDHrwm2/kxLYckyIO4jh+WmD0XqblZOJ+Jv58u6Pg2eD/79/eB+/u7pVjWER2T331ykYFJuZwZwLE9xZYSYVVfu+NM73MD25eZEv+mlMkSvSSrryEmdUweLWAzxG6ftvFFw2mRa3u32K4aWSlL26XO9Pm85bzyR5KYudVkFr/1cjUK5ttL1/jrijNeRSC49uoEkDLTM2ztXNF1VZ66AhfSmabhVSewL41dh5UkbyVlCdTMZz5E9788LZXkDSvpVaU7b6C9ILweuU2tABEbAYW5WsRdWq+0D1D4GH/8Ye90m4KoWV6i0OdOAmR0wXOJixvD/LAXx2Rdl/OjRj5c8TpDBGDZrFbD5hnHdi/M41yD6pYPqPqK7GFHzh7SkIcohSjshUUrM55Nk56lUVmzdk86biSGcFIMQ2cZTyeprZr5TsevF2spI7jG9zW0U5MfE6riyBgFI2ywefyd8X9ivBGXCJTYas6sjDSubrunW2tBo6JjbwKQIBqw+wvx2qo96jpIGMab8otyG1amIsYo86FwnKUfDR4yTZDimt/bzdRkrfa1trxX4gfypdsLQdb6GTaNkWEnP9zWPmGpAfUaCXmPUWJKsl7K72XldbWw0lLPwQo2QxFGeMytVlVur6JC7FNpbAy19fDd6JH+nFiqTDcWhFT5vsx0onak0Oo4uXQzGUK2kLM5tKprdZzSyHks8v85cq/ZIL/Qr9tOuSJNsYhQD7lD/SxqR8Pz4bjrh+ZbPazZtjLy76tM+rkyWCvlUcJ2Bsyiy9+YsxfAm9INcZYiAOT2lz20cnu/y3Z5LkxnZDKjh/6h3PFCYqdxdnADxDO8UuUF8gdHloLvzDza53qrP8lQ==
C:\Windows\tasks\40db1533-f551-4998-8bca-934da85073e3-10_user.job - C:\Program Files (x86)\CinemaP-1.9cV09.11\40db1533-f551-4998-8bca-934da85073e3-10.exe /rawdata=BMUV+v4aRZXl6Qzz/JXz+F+KcwR+KbBg/3uhjWLNk9h8e1ymRzmMQrG8JueTwCC0UUYdg/L02Xb+t/RQB+je/zpmteU5kDAThPr8i+RxELTbHIUgyNQllWsnGcfsXeAsOtJpJlRlGNTD6nlj3phdwBPeBOAmu48AXiy4l5rZYemOpzzKOp+m24yQLVtjyuwjIZ377W/qNp11klgwotF1X2jm6jBHm6eRMuTTQkyjNmbk1wi1bj7TOLIgfr8+aAFgrGBtdzG3IK21Diuq/QWF3qW0rSRBWfdZZ8U3vYJ7k7zw2FIGG/r1uY131k8EZfGzoWh0x1xIDSDlhPUZRXhOC3RTdZtIP4wOcPZODHZFvxq+MKt8Tp2n+x8iQVha44GDYj4VwpblNiA0wbxLWvUR+JGbTT4DhP6RjrnI3jMoWx5YyNletBSrVTLXz6Z7+hu3BNkJD393rpwrFsbTR+X45XvLqd2TTh8YYFnIGa5+TD8rgGCZ7q78pposXni6k0EchHrnPyp8ddMULNVvh0s6+Zy5OOX9cT3J5YFQdJimjw0KTef3TFSZqtzJEEPrXBXdy3AkLWqz22gn0ZFQLuhAm0z1yZNiANdtI3q4KI9fO7ePb93NkuuP/hmjy1YC4GHW0CYdhuWdugarIWrCo1vfs4TSSzTLPAsu9AwU63zvBeUbE2y0rWtfo1OsSWoL0tPQQ8fVAQ/uZpz0lM7RqVOOLEAFaqdJqgfQuKvCHMLt68V2cvahF875mZE/6xqBkAjWwKgHjbGfKzDrn1CYG2S0CIlwBB7ZJmceTqfAbKtlo0xVDMxRvqO/aWoPEow7rtfNQ95gQJG4t9t+4aGagK2WUg==
C:\Windows\tasks\40db1533-f551-4998-8bca-934da85073e3-11.job - C:\Program Files (x86)\CinemaP-1.9cV09.11\40db1533-f551-4998-8bca-934da85073e3-11.exe /rawdata=eXf64ePOvRLzcBl0gG4ephHDrJkfr/8G7oLJJou4M2KlP9o9LOFpfdcULlOmuXGg9GEGoBgINsADrrHnezmpJczk4uTcoThNAwlZl0iqc7YldigUH2ammZz3Y6KNZSC3fyIJgjuVJWY1bO964zy2BcJvQWl8Q+XU+IP4uEOJ4zJVxkeImueSa90K0TQrZanNHqQ/Xcy3bDlv63cMmedqTAR+UY3AulfDFf6QmvkqSvF2Upvo19fpI8/Oth6CuXW2/KnLerM0rJWbcrDeCZNdWIpEbyvYLQHjMs6ni8EliMYgsFl3k7kpxWN9ojH/Qo2zyYbvKCxhCq4dLmx9kQaWd7JWGbYwCWqjAuoyktOSHGGiuoQpfeAJ9KQCYvJCtApan2IMpyN4dm1ADdLh9WpdrIzG01Zwlhl1jHF1eULbtGXN55+8K4rjE1dbZ3i0fcSKb19pSeFFBCLtO7xAPhTArvJf6RU9qBz/5Q/yIEOqYCU3EZrD1Po2W+dCbqyufJ92D2k/mox/uQn2qGskfYa2WB7eQ+vkpN4baZGD+RhKp9IK7aLieuQ+Sip6BhKq65oNdl3/aJzHJL2D4fZtUa3+NaBiHXwWVfDkn2S4H8J+QvGPiBraqCPQsGOYB3vWS+eihvjSJFMLrfu2lAQcu4593GbJMQ37a3Eeob/WIRx5dxxepgGXTvrgJESmJdyrMCTXNz+uwW1PirbMzDlTk7uV36sgtgAhDIimKId+UeyAbcJeqe+l29tOKrcGG47ovJdXNV6IuH1r7eYhYISBiC/bLYWhiiQ6BE1xTW9DmAhHj2bFNpjb/jGkSDeLwjSbenoR/OHdnLzJNeHMfdZ+ysEdH5+fmAqRN917xewCavHVObISbLY+L2QPP1s/ebMN+sNM9ibgeuKjGgccMhD+o50J8YjcXdZp1g31usosEn7Tasg0bGb2wNl9mn3OUOsWZzJCYQcwUULK4R3oJ1Cg16DdbJ5zhS5j8Ve86TvYam9BQvCU/nhwTO022N8xvZ9RxcYfkNVm1ZyqIYKUGvQNCBjlYBabbujGcRWHYsljJ06XYeJ2kOV6V5tYmOD0RP/5qy8cU/yhvDHVSz5LeD7uSSG+4c/GHAMnUDK7HrADc4U4VZn7CuzLhW48USXApHcgQVk9KTh/r3ylfIp4rYVW5lkCH/22EDevyyOd8WggZWtFYc5YvkxVit+0EShppv0UF23b90ojefXZeSGn+yKRQ21tljLZGkVm8l80LagLLni4dFgc3KtF/W3T9E59YJdwpW1gboCJVILD+VLwzNc9Tgk36v25KnrkgKc4cXEayn92t1Pul5cSTZA7QrK+VFLGWmGyxaqNtKRPvmsgLv7oV1AgSLB/zAp4Fr5UThf8+4dH0ru2RFS76oV/VG40kqh8sHNI2LW5uQb2cT6nvjK7AXs3+xfhbW8xajZST8wSW9w5jCI7hT8D/bea9fZLA4CLC3E0ffXh1bIGS/45YCrjbsBGO9+vdMoICx6b9NjSiH7OYHwNtmmcVxWs/LQ/180PHkpobXRC6CfBFxgM3T+6ics310M1ijWwDUclC/T+4OI44ErlOE2z9AEH7smtRguIVOQ8dCclQDDf+BQ5PC74k8jb5kdwj8/IOEeXrAMSLpl8nUYyJT4cwEJL1Pjor3tVPhMA9QxBmm1HdUhkZ3Rlwf/UmPYrMFhvoVHAFIahcjif9h8bkJdEirjrtInszB1ZO9fxyoGOCyNVIXT8AeSAVEBO0F3IPOdepeJtO6DfvkG/cfsrG19QHymgdJE2n7btrOK1ToCSC9eFPQi7RDIIYuwoZe0u/XcGq+FS6fn1ZO1Kc1S99FRWZx2i5ozinbDOCIkzQ9onjW6Y0bXab/cFEFLHtoOl3MeoizaqHjpakV0akshTpUdcLjgu6CCjzsxMue7bbLmjeq2z/z5oZCDenILhsJMmbOl8NT9UGqo4lb2jGYzj3SAvqlq3VrOX2mrE+i8tmNgvHia+6TfSpIkHXJgbR1EHVWS6XY0uOBeVPWP5Mcu/U8lHrDmekiyDCqbvPDspJ+73pQWYktsSBU9VEg0Cu93ptuhQ/oyWh4TLVdSZUHsp5C2F1Uo/qROYDLGPwAkMNseEQjmViuw1CRVr+kxLhK8+usrJbvU7h9XFPnkWNRt8DikpfjdB/+ZTCpFbMlUsG2MN++mpnspRpci5hnidFGShZnUtrUtedNlM3Wfre8kvp9CfBWxTLdYc4xAK1Q7FqoLEpJ91KQRmcig4sQgvLtMzWiuUBqzJUdO1Ec1jn3YVScS+7RWbgM1HOcY68UhyXljpFntFSG63UGMEdhi7qB2JijpwEratITTK2FRsp89Qgfomz3IxFo0l8Z8fRWqfL4KQS1HbZe5k+ZZMguUgtA==
C:\Windows\tasks\40db1533-f551-4998-8bca-934da85073e3-3.job - C:\Program Files (x86)\CinemaP-1.9cV09.11\40db1533-f551-4998-8bca-934da85073e3-3.exe /rawdata=MxSvmyJl7+l3k5AbdcC4a/4VpmCIYhPyowgxHtWlOyojR5xO360gACtXDINQvpzozLP9Ju/B0bliQOly25iDj8kMUfYFJirkBda3laxOJuSj8xDe/L94vhgmslxAxLsk+J49QIKQai5+Y1Rw1vLBJ01QCGyB9mVAG+VrkngvovlLsz+cGpAn4m2RHERpfW4eZtWGxRZQPjU6mm92PxIFynYgeX2/AWsk+tsy3/bLvrr/PxoyQiah4FuC6Nv+DxBCiEJIOKRkH0UeLFtwGYSQmxsSqWxEsX/xHPQY5iwYpo8YqwvYktY/CyOJwx9sWuMDjDIfLyN4YLjaMVILEdzB5RC6rrC0QIw2JpZtTU6+r2rJo/NIaJKDX4SYwhWfxqCtu5XYOkz2KpmOhxRQix0nn9N0B+m19QqqJFqbDlFZXxsiht5H5g7crj/974UI8OOX2EXHZ/ER7qAb8ZlLcDgaZTkaIEcy7IL77nsjBU5gIyu6Tgx7O/734G/S9KJhRSh2WGNIUfU+I4gTp5mDuZ2bTrjOWqJMyomxihRso9UVNcBZICJ1tEA89bA+o05vKd7Vrl6KupjAn0c8c6NNrpcAJ9+DFyBtePNOPHzy50t4R14PQlBI62G8BBpYbjxo9XWmiHo19SiIbB3/MFrmLKNVPEXM57P5Gg5Lsq2CtreuubyaviT9++x5jj1mn3P/BoYE9HB5EyJ2T6Q0qUdngVg6ip7mmqb2avo4Os5sGOw8efX90K2vXEkCqTCd/BZf7XysRe9dwrVj9dy/cqMLupjKkxVST1WcWJ9TNCvfUrakHc+LTeHFPo6Z8gaRtKIvkaB/jXBygTU3iAiPAWFbe/wec2nIOnNUTfNpNHhumYVdI3xirkZluBKxqYMTE4JOv8w+DOhU5QIsAHhHxqM5UYPoLa1r8e4iOf0LyHHN2zqiJPq18BrG1V2V0Jqwm2qWa3XfgdeCAuCrsRV4C9hHyf7rkx3l3rkxHGtmaJf8x5PjqCsoQefZ68ldPJ/iHLCw+icNZuaeWy5CycUbcmm90+1lTG/bedDWPGBAZyU3YsxyTWLg9daAdId8mAneCw8v8IPMilCaKt7TUoYIxhK2n8rDwnHN/2bK78TdMBsCUMEaRNUpStAMKme+QWx5kPbR8L3QVn8AXrsuPUJ/PE2oq9/U/tsunz25udXnGYANpfsr2ulioSkT77TOrWs4sccA7TWcYELriZwzKmw3j0UuVn6WRoFGpEvw3SwU6H4bKGtT4DwNP+e3rJ+gbuDQl3oiCmV1qwDzE+U4se2QT/JV+CwKnFcgZvDdkufbf7kFmhGT1+RZoQnxVWKa3H+WvStoPOLvERVBfVHPW62FuGvK1XrKi4fPOnB79mcfx41uT883fo1Lu9dAuNORqBK0ilI+4XggljNTYlACazcwS/MtA8lUjf4FWA9ojRFDLhMR1P6+hl25NHoGBmePlU0Bcoyh07DYZrrk1L18adr1GKHlL/jqJr1OXiMYk7VYam3DmRl86Lelh51hViGFfSDJ+JMd4kTvH+f9B6AOXJ3WJZIz+hdeTzPM0PKiIEV2OiCFt/uQIcB/RVLpVO6p5GRQgcDRqT/BwSfJxNTWYW91xMySL9TZJgOQGSmKkpVpAy7VwUPMI0zUFrh2EIg+g7hSdFUKcglCbbTfOmU3iZU38toIPwprWdIFLFbC3oEO79NwtOEr56Eg84OZSXEOZ79DdK8+cOgEyCXWJTIgwhbJRPASjcDKJg5bRIzZO9ksDhQa5/DG6P4REuYCq14qAX8yrwPhNmdWVhOh7dQrfGHTe0nfJ3HRdtiONjQhIqnA6cI3u0OkNXFSBYiLc2Lxi6u0EHDqAfh9BlMsFsFD/prRroJSmQvH8Q==
C:\Windows\tasks\40db1533-f551-4998-8bca-934da85073e3-4.job - C:\Program Files (x86)\CinemaP-1.9cV09.11\40db1533-f551-4998-8bca-934da85073e3-4.exe /rawdata=lkeu6hfS+w7+pT+l41uDi/9qcxO+2gPGwnfJdziyY3XOFJjTSdHPwi8+IHJuhWxk2Z+yztO6vwGAUcUHiUXAMd3RfRAFzhlcws3m31FYUoDrSqqqPOR5mnx3ePIhjCiZ0jrB60y2TD439twDy3SYwv2lla5/S9ZZni3ZAQ47JABfPvOGq1Dar5Zs141HI6Jk1PtGkHsCoAoIYwGqPRo7Gz+LfBZFcCH9DhYeHiupWgS8/dXUaQ3tvXDIRA9f5HADWiDWAZS4Vsg/9IHPeIdGQrIWtjOQQvaUMkv0T4uT3VKBRstuEWBw1z1LP471S7JLn9kZQnqJ8Yk56uTPNgEqHsEDJA+t93gPqvSKLJ3LHfw56WOBVEXDOuMz6XE+xbUw8SZdxDCWDWh/Bk3gMv644VESCq46pbo7OfN+ZIT5VWnwRS5Tive5+Z+EMuTGTh/yo6ZaHRf/Gbv8kKLoJNNAW6qHe+RQ72ccpkSNhA4nBLktnu2W8kkIDcLm9kzbr473prSNoPZUWansl1bCUwhU+q0RLf8V2ZRJRbj7yZFMBVZPO3+KDpG3a/CVGzhxTNmLwpIhA0vdiRUBtExIqnZfPDzdhiS7lRn38kAw36hZFuHJ6taIHvr6mwF1hjPSKOIbdqQVWEfwzO6EscPbl6aFkTifU+KOZsryOVquhbDXY8UIYSvbJjinNipdbXMz+OTfCBIoITKuPGS6aC2V2ApNBFOQx/X34/NVa4l/Kw60TB7NRs9QBdrTkqTBUq5ofEwDgqeO8lh79JXtFey6F8NGbfP5WFOhxk96zFvyARpm598B765043tIZsQlSAiS7ms/r7BpFCOcPclZN4p5Wfan1ULbjN33SQd4025SRKQ1yADeuUnEwKJ5cWaMevGGRyy/+2V524ffjwURTNSrNjOGbonGzwp6Mgyz87E6810OaRZiZ5WuuAYcbC3ic2z6AymDfivLEeWAsllh48S4lMbxA0V8+YOqq5060iWXuqRzACu0FqECvmJI+s8mb7aYuVFxYvel1Gy4nz+ma0MghPSnOop4cbwWgNXnCvlLRXUfJF00qdRAI20/tRN/BKKST7qB8d781nRS2lJzKLjs3gAcWzoWYd8/MZ9VKJEaS8ttrdHHRhoRuHy+O2nschPE7JWHBz0dxtFZ2MWAFtfWXJqZEIF9HVtkvV1oGPdQUiKIyxEUHTk1Tc//cVNLMhG3fIJ8ovYCgtv9FdPVnD60ghaqDF5D93yg2VivvywdfAGUCq+FFW5sqaIn+x+JIstV9QjaIDI+aWS1VRFp+otAXhAcPf+Svv91iEiFxLk3a9a9A31kf1VDEfjDMMy5sv16hxBfyLBr3OH1jSA0AoHpl24wvp8lAsp4nlYVuNg9C2wc50LnzM7A0rUsvWwRiTkMnULzJYa2AWWCJyB1xgVZXlduQnAsBHPRatSvdYqf4RmLvLS8ZpNumjK/LaeQfG4mpjw8pEsKAiyDCiCVla8VpmafB+pB2gzy7Dh0duIJ4jK1xTgnnFrgI2CFF5MFcMWtuQSWxKvGuGm+UC2IV5DZlM/VaWra4DMNtLYIIDpgZ610TrQay1t6g1yvCoJTpG09czwjOYVGRIccKM7RI+xAoSxnSC1ex3gU1xulr2wJmgvDOz6FFKSr8wktQ8RWYg50jDlbk0hRJhFKHH++/GO0EcrgITtKEB0G57iiEIZbcqHn6teTfEA38Kp5zWvXk3cBim4DhApsVoj6EM5Czw4miSD7EJP126IG1YNYMGE2MIZfMpQ6w1xAXW0lEap0xQHHYfvhe4bdQCtieQWIYB2zUpeM+7dDsaBx0rcOoYlofZvZLbbJ1PdPpuIqO8R60yAVYH5m+IYBxRCEz7pu6GV+0068Zg==
C:\Windows\tasks\40db1533-f551-4998-8bca-934da85073e3-5.job - C:\Program Files (x86)\CinemaP-1.9cV09.11\40db1533-f551-4998-8bca-934da85073e3-5.exe /rawdata=m+CYax62TYPyKGCfIN/oMqYCp+nHS4hlguTaI6Hftg9fM/5v6BgeN6nNn4pDBggu7nRGEckdWlxxA7FUSEaSpG46lIj+aeCaMF2US6khV0QOlKhflKW4FrOkoMsxI6hXuSZZXJgoBcJ2jDutqIzm76zRCbWf+g5cjdz8VTTWsgpdPW0ldp33Vp0/UnyolidXcnG0CY/Q39L0+eUgOJfo7uetsN7H28iMbSb9Yx1tCiOERGk+dLdmd9PMgebGGh+A3ZuLTpG9+HcL/CMTu8oTZFLAXNgNe7aRNHWwvM0HWlSjY8XVzzWOA8rXchPlUV8ijKmlzFvKgjvnDnZ7Y7jaSGX/W3UdsxahoGfL4aF3ZLSVak5EoO6qwaaeCKF3JOb0YxERlyrwZvb9BAggqon+O1ziugN0gNy7eFtV9rn4yZjKBzHDBr/C5E6KI8/gSTtGPdSxcsnuUcSvu7TLlza64u3yc7egTwDPPWre/UI8JhETCYZtGxoNj2RWHR+WAhf1NPFqK69nicNFRsKX7VJMYc7p6pUNedjvOilwxDgBHbnO8HIjkteHl3BppcW+uio4yXsOicIYl0Xq+vV/Go0ij0Rp/s3k9xBZdPAhoyu3EKk1jMj5QSzXumLwBAnopOWV+SWIvmKKgP9tNW5ioLVCOvRa4EEGYGdbKLUdCX/xFHlEWaVT94K7lBwOuqtwJ5a6if+AHKU34MBQ6YVYv1eMyVt9iWR0auD6aNr59amDmRMgOx4eQ4q8Pw2K+Q184XeGolOOyg7gW5SHWlocCc+mPExGxQbjR0I5kLlGB0+APPZlQv1CruJ5giKUex6RcMPE3BdfIH5HPGAjQYujhSmkWY7g8NyMyw697f2vCFpJJEScAorGfFV6ev77XmsIlRNlkqrOpxIs+geK3wO+rUhag+6Ox8ZxhuztdoSSrXX2Ml3o2VEwTFrs/BCEXR89IWWW4ABYvtUU4UTwIiWtMwa34cXImkOvVx6e2HuB8Vg5tedd16PLjqe29xaYut2DC6jk
C:\Windows\tasks\40db1533-f551-4998-8bca-934da85073e3-5_user.job - C:\Program Files (x86)\CinemaP-1.9cV09.11\40db1533-f551-4998-8bca-934da85073e3-5.exe /rawdata=m+CYax62TYPyKGCfIN/oMqYCp+nHS4hlguTaI6Hftg9fM/5v6BgeN6nNn4pDBggu7nRGEckdWlxxA7FUSEaSpG46lIj+aeCaMF2US6khV0QOlKhflKW4FrOkoMsxI6hXuSZZXJgoBcJ2jDutqIzm76zRCbWf+g5cjdz8VTTWsgpdPW0ldp33Vp0/UnyolidXcnG0CY/Q39L0+eUgOJfo7uetsN7H28iMbSb9Yx1tCiOERGk+dLdmd9PMgebGGh+A3ZuLTpG9+HcL/CMTu8oTZFLAXNgNe7aRNHWwvM0HWlSjY8XVzzWOA8rXchPlUV8ijKmlzFvKgjvnDnZ7Y7jaSGX/W3UdsxahoGfL4aF3ZLSVak5EoO6qwaaeCKF3JOb0YxERlyrwZvb9BAggqon+O1ziugN0gNy7eFtV9rn4yZjKBzHDBr/C5E6KI8/gSTtGPdSxcsnuUcSvu7TLlza64u3yc7egTwDPPWre/UI8JhETCYZtGxoNj2RWHR+WAhf1NPFqK69nicNFRsKX7VJMYc7p6pUNedjvOilwxDgBHbnO8HIjkteHl3BppcW+uio4yXsOicIYl0Xq+vV/Go0ij0Rp/s3k9xBZdPAhoyu3EKk1jMj5QSzXumLwBAnopOWV+SWIvmKKgP9tNW5ioLVCOvRa4EEGYGdbKLUdCX/xFHlEWaVT94K7lBwOuqtwJ5a6if+AHKU34MBQ6YVYv1eMyVt9iWR0auD6aNr59amDmRMgOx4eQ4q8Pw2K+Q184XeGolOOyg7gW5SHWlocCc+mPExGxQbjR0I5kLlGB0+APPZlQv1CruJ5giKUex6RcMPE3BdfIH5HPGAjQYujhSmkWQ1c8R0KOOu/YRVSPEPX89AgC0jqs4S1aM5VAjr5rU/f6xL13JXn28Ghs+T7pQTEvOUcxNvm20ujXTTRBtL5SvmCvmVhN3EpRae0oMjeEYwlSxcmGvKocKaAe3AxZA1L2dL3175cquyX3Uz+XlboROLi1OMhiyfMnyd/2ME6VlPV
C:\Windows\tasks\40db1533-f551-4998-8bca-934da85073e3-6.job - C:\Program Files (x86)\CinemaP-1.9cV09.11\40db1533-f551-4998-8bca-934da85073e3-6.exe /rawdata=dM41GQucUhQ1A3Gp7V3J8TbgF1fJ7zD68nw6ekPRxdnUZGV94rd1nG30AEqp5Wrsk/dDh6rybglMzxijxrMTgdWOWpHuB0x8n+N0QJJBuCYa9a1AmgtoqogcdXSqtKNZBxqYzt0BQyaH/Vz613PHxQwpsoQNgYIzRAoKN4FMV98JwiSUpMlIpTSAPjREm/4ceeXN9XtHg1UuAn/syqOPuxGso+5PNfEmi89HV48pdsKmnxj9EFMO4L569Tgshyb8GxXr7heDMu6Chf0/Wmww+0uRQhbFjAdq6g1V/rOni9AFg4iuugWOiKomPIArEmN3DYN6BDYscfnUoXgYfOFWf2AFXIA9BHIlPpRh99d6kTIy7BBapJZrbHcee9LQOjIkcw8d+Qt2u4oLFrTLRKNJqYYWc9OLGLE8GirWN8dWxjvnVQTnoeX8Az/URB1EcrxE7eq/Pc48g1dC9kwc+dgbLHcbudgmqy2ZjgxCWLsMEgTjNspjr1TxIUWofzGl2iqmEXpR1bXvh5cr17vvosYDuXIfvl7YEgb+G5ek77xp0kRc4chl87FFoAvuIkeSlBd+XhYnhZWicZHE+ufbmbkD/QsGpSYF/8C5rPApqKWlVkckzrYmtnIpMYlWE8qP2m9fg/8n/xSHJWD3dWjUON8t6VkVlIzYgQHWTJ6zgRI+jldYUbajDVPuFNUj3nhuneU+lFzmNeblw9cJaLTozMoyM6PXthHR4swGdmkZMbiQRGr93wlFkKigU2dOVz02CV+QJGvlmz+MGlOws9ufgojzxeNeEIMhIfqKmC0eA/goY5+ejoa/Znau2og8YrFbQH/CPqzUh+MLwnDQA54Jr1NdiV2MldgNph3gvb2TrtI9/pSOYPVnPWOtHUymSiSaqtMQucdl2RQDwI50XyK+iOOj2637s7sZ1r3qxMd3ZVmgEO+C6U8qpJ3i6HjYX8XxIjWXto1j2+KIAuQ7DIxQOIhSccM2C0Eb4MGe+ARpfccnNEtl+U7dev8QUumf7PfV5DXct5RLlAbj94EhaTAhfjMrzhGTER7thhk4+BqiXimLp8aQfzu8CRx0gWknK+2WoTFqR/2tZv1vXjDL9BETP2iAQN0LMkWf6td3B1soHDOaYShI9tij3gf9dDPK3eXcK6d8tGL8uRnM+Om5bIet3u16oq6FpMpCK+zrRlCVBitBqE2Etu3lwvq8xq7FLbTldxHjlVcyVMFHSak8ngQ71qMrEXTzvrt64Z1UA5/ro6WRfdV9L2YVGcZxRd1qkHpmAA6N+lJ7BO3t4JYc6cMiqAh1waGTLXrazYVuUOarci0AR5bXmKhL769ISneh36DwCP64Cms7nbsVBpK2WPn/mtdQH7xAJ54Zxr/i883Oup/EtdMQpST0ab2yE6ydd9t4bm6RZlQUU4r2kUAuD3I2iXZ426T+vCJH+pi1JzGWdXzWRKjzZzzTBQJCOTl6KbzURWhKruvpfg4GOFoBVFM015+vtBEBsxKxMPJEi+Gw4w7Uq7Wj4LuX5QNKWFGd6QEm3eE4Pd5jKTI+PnbBzZYHIXg2gP9/lowmUfmF/upny05p86+PF6C8psyT9lhq2vDpWyPOvFTOXbRYbsQ/nhXqT+rNhFjLxml0LdgsUwoaXJq+ZOaa/C9RW7nX7OyuKh0wY1ZXoQcpEGEzHJTJbCuzBxCxWivrY36ojiAuFfN/bkV+d3xAlIl7UUV74fHuzibYvtkbSpP3UtLoMksCF1gbXNU6NCpj/hVfk5xxIhes3rXL5HSgqRJbmGK0bTpTwr4Ar1Ws473OOfG+Vo4Own2vKBWx/hTgG/Gyh+qFZaS4b3RxNTh7TrcHsRZiL4iXIgvps1VSiFpHt8QeQfmWypRga5zYCzUUzmBCEcKn2XVQ3Inrvnhtz2uVFunChgBKd3Xc3oeK4bRnR5IC++9rWpTdpU+qHveTp0LrJZahmsOHauXdQKb7a6AWi0QjURXQzPgGV5LyppAEgD7SPDdwi7HsTs/oWMy44Bv12mrkUI9isZ0DBBU1/sYGPH+SGdn+jx+JbzP3GR2x3Fzaaa/dmfQ2jAFzNi9TroHXkpxsNRQy2uhD4Ek32DqImcEW2EVNmk6eLGKlvc3rHVMZlfJEcOc+ruB8FeTSfIREftTTnSEjIXkanh+Kk0Lt7+E68GsQWr7vYELKZfzzgWHZfXRel/kBXgHDAdAR80+r9XF3LOBjXD1SmLm6QWkia/CUdvCpuNfvEbwT9/8bfXerQOyhTFFGX8dnF8RYjY4sW3GAmFsjlBt2MHfSkK5M14exkK8GmYi4zwAqHFzQjYWG3D+YFzQ1pE8Ec+Gc1GmmE5hD/LrqpzldhMh6l987FV9YCme5ugOO/plIqpwdCB9z48c6zHOjGR+ui4xA1RtDPfs3JjOaXODW5RCDuklcEd0PsoRxeicH1l0UVtGecgTY2cJ+QlJ9XQPDl+xqPwyuzkxuOLhRGwHlK6lHZXvBACi/HvX4Wti9B1G+h0H5hh+ybrF+a2hm+jTQad6O8Z/mbqJgKVIz2IULnZ+bwq7jL/hzMfbA/b5VG1RT
C:\Windows\tasks\40db1533-f551-4998-8bca-934da85073e3-7.job - C:\Program Files (x86)\CinemaP-1.9cV09.11\40db1533-f551-4998-8bca-934da85073e3-7.exe /rawdata=bBHcXox3zQnrACE+JWOaY8/b59GlVo3Pw3qiALH2x+elU6sK5T5jX2f1ivj7c6ZZyxTfVQM4ilqFF+fXKfB0Zk6xhGadFpOiyrtiUiGYnpyINOJYzrIcJWmNJonvz/4lfwa/Cmkw/7aJlQVIJDRMJyvHhSt+kqGkPNd/YTRFgnpAya3BE3cvRx0Snb/XKOHfv8S1FwWagPW0Rjzk1wtocbtLP2YgnZcPhMDYRUrrjErOdyrZO+K7xXv5Eb+vun6PpCl/an2bT0fd1lpdj+id+qFuPsZEoCr6dHMtiFtf32akvuzgcL/Lg6DVUzRQTggV+T89vJ7KyjR37ODlV7RdIk600Qk5pfnO01OxSnm9E34iegi56yJB33Pp2fPu9qkPFe79/pCp4LwEYHCyj5ivH80kRRGVmhfJah88rjbrmMI+663cUWVAoWKuZTWEuPamagFI0kdjzRM7Tr81bZLYyPP+N8jhxbLDMgYAak6eUcGSHQHVBXEaf34bBiQcIs+dxYW7w1PY9tAZV4WbRZuNmVE04ItdT2mwpNci4QQ1gxbLocu/Gr1IZqSxJbmuQPtKnlriig4EIHv00hjrKqCg108yA58lpH3xfl5tTdICS3SEBkqy5CGoFmAOt0+sBu1oV8jP8GinQ3cjxuE9soYBM81zOShYsMJbmhpdm+e068x+y+/N0QhS4IUzx+kt4zTzPUkXFMx59oSZhBgtUB7TCbClunREo25Rwc520PDGpCrNBSnCOS1RKoUr9nvI3nKCEigangqvzJ/N4XgPotf4xbGuuNDrr4RbSU7UzqZmk37HOR2PmJlg4jWQq8SMLnTErzXHHtF1AfG8Qu53Wc9Mii2kX8AWhIHcIK5XVtrCgO4BXtAfUyC5incDwmo2dMkSGNqp8j2BDZk/hVG5oToFUVT6zo6PA5NZzEURiYyQ3aAKt/IsUftH6sVcnCHU1n9Qmg5fRYKKZE9t7gxLBN0aCruT/j1/eDXEcZua7feLE2e2L2m7r7mriMoXKs6R+sjjZvnryTXhOB320G9qz8rVVU6l1ex6ZXJ9ynxSRc52o/N1bQAnIEf1dFQ66hLamqTuXWrdbkjSPXUDEcrcS0hbor/7zBACqx8ejf2hLr1UsB1aVCzpF5/Z0ZDxK+gE3+LASr1g6XxSYS6LFkAAGKfc157DEXBTCTYJc0NcUE9qKIuujRl1kw2IXfvjFgZvr/MgayaJ5XbItCyh4+51nl6R8VIA7RcjDVhgE9NeLJyIZvUCxP2fdp+SaUx4D0UwVykgzji7mp+miwBfzmED4ihXG/cfnQ44hJ1Kgwt59jHClA0mYUpbC0kIKT+Np7r6Jh+S1fJq3OavLsxUkCMePQ1K+GqJ1ItaBarSTsQH+DjJ3iGIWg9r4NXrkKqd8p66MG7/nNM1s8oacm27zYALAhdyGSvJeePayBQiUuCw4tM+3bFYIy5MxSI3i1W+P+i16trsMhrb1jJ2C18+QfO5ANo8hKLMm6n+KkIjovEnmh8GpgTnBOuIH2y21F+In8WjYVkINAcW0F8SZ3nzzgjdXXvLKgSv+iGPJld2FKxc2FVKpBMeSccL0tS09k4WHClxmXufX2k+9AiCPqcHUA7sY/pYiYuE3qh4wyR9S6OqXyLHeDUd6rb5Y3e0S1evX6kIJAtg5yr94e7oV0ohlDh0e+ZTSB4YGWtFGzWckqrTKf9ziYAq7Puz9AG9zXWeWuCpK22N+WNjMKXFp30IEJtu+Rwtek1ZaD61nDcaiWNclAyAwCMFQQzNoqDhO0WlXmnZfUkMIgYzt8DFbpmutd3+sZtTCPyN5nhDiFnHm4KV/Zn+MR1Kl22Ujo/pRm4DUAB70HkvuwRhAizffNXJqxaM37qw1hezZVpymFUAbZ2HWh4wFnFuiljUqjOlhzSzT7NzEch2+9RNgnZ2QdzqXEX9uMjI2c6WsCZauopNbGu0Kdi08tOoZr1mnoRyl0Zvp26eyns5wnoU+UNSeiFSj+bS9YmkFU1sTD30OWgiq4D10AI1++Y0LlF7q7hIoSFMnBqMaPYRHJuQnrsToETxmK/A3yBeH0Z7MI7f9CiIftGDCaxBMNmC4h+exP5/SzSTg6+to3Rs90o9jA4QxJkL3Y6vkrBgxcEcRN39kvTJwWFQ4cQt3vD3mHgeUmV8l2Ve6DcqDDYWyNv38qsjU3xLlzcpdj3Qhe3nqfW9QzT4qH4dY3/20zIPMtJ/xX6E7dILbdRTkrx2nHBLi8Tddf8csqFK7eHwquf5ObB9lhogoHsRf+FzOa42cqkNccR/ffSbMowXWD5PyuhZ5j5Lioun6i0LV37GQpbMsAzhp6q25rQXYmmFh4WlmxivBf6SJvPZqrCFRh9FSwvQefEXqQvspH6AImiA2g==
C:\Windows\tasks\AmiUpdXp.job - C:\Users\Chichi\AppData\Local\29963\Updater.exe
C:\Windows\tasks\DJK7lq2X6tnMCL9kwV6KZYcd1p.job - C:\Users\Chichi\AppData\Roaming\DJK7lq2X6tnMCL9kwV6KZYcd1p.exe --c=bL6MA1NUqq6dXNDEYoJEE2I6YWdcF30UX6r4IkQ29DiMW7TdGeQgw+7JMkaRP2wJtGmC6mzCvz6q5oXfg9ql6njF4+fq1mayOtLJg2fo4ZZ71AOrbpp0FBh3f+/vu+IL9ZekOoKORtEPAl3GjCtWsG9onfQc0hXa8iNkFC5XCJB6tVRDZ+x7QDySIyIBXcF0R21aNeM4Df502jpyhofEGkwAXq3cC3V+JLLuBexyIuLzvkPZDUpezLfBMUkJxkNALqOQXMmG4fwlC2ni9ax+FqV07h6CUX5ZJr2QzGmWikL8OKvtuCsAfLju1z6cfZ8NYoMnckuWHvEdLwOSViHeSA==
C:\Windows\tasks\globalUpdateUpdateTaskMachineCore.job - C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe /c
C:\Windows\tasks\globalUpdateUpdateTaskMachineUA.job - C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe /ua /installsource scheduler
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\QTT1sr3Eymai.job - C:\Users\Chichi\AppData\Roaming\QTT1sr3Eymai.exe --c=kzA2irQdFLwKPa+DR7jRMOBtU3a6lgA5my3soyNEzWKb4qWeSPNPpV70+qW+K7UnEL/L1u/IOcEL2AWS925yoQj3odyZUP7zy70YdIzIUCZgoYysMuOTyNj4cXSeS64HoEftGf+KVE3DqP8fSShxuB56mWXn/LuFGba3+hatTYA1tfFkX8fPajFCaqlqt1uejDA5a7XJSwkUUM9fJJRds4FDbyJJwHq6+vGqLw5oVG40dAurvkfLLUmJ0cf582qf9AtnBiiM671p22CPl28R3znEuSC8eh66/L3j86NgONpKUsocQ9ORO1+IvjQRxF3YMegtWDytopxBj/6pVudDVg==

=========Mozilla firefox=========

ProfilePath - C:\Users\Chichi\AppData\Roaming\Mozilla\Firefox\Profiles\h9f3i4ph.default

prefs.js - "browser.search.useDBForOrder" - false
prefs.js - "keyword.URL" - "https://www.google.com/search/?trackid=sp-006"
prefs.js - "browser.startup.homepage" - "http://www.oursurfing.com/?type=hp&ts=1 ... b728600474"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 19.0.0.226 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0]
"Description"=Microsoft Lync Plug-in for Firefox
"Path"=C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10]
"Description"=globalUpdate Update
"Path"=C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4]
"Description"=globalUpdate Update
"Path"=C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 19.0.0.226 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL


C:\Program Files (x86)\Mozilla Firefox\plugins\
npMeetingJoinPluginOC.dll
nppdf32.dll

C:\Users\Chichi\AppData\Roaming\Mozilla\Firefox\Profiles\h9f3i4ph.default\searchplugins\
firmy.cz-172037.xml
google-avast.xml
oursurfing.xml
qip-search.xml
seznam.cz-172037.xml
videa.seznam.cz-172037.xml
zbozi.cz-172037.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01 205416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-31 655480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office15\URLREDIR.DLL [2012-10-01 877720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL [2012-10-01 2322576]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01 139368]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-31 559624]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9f7ab9c4-4da3-440e-ba84-95903165f129}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~2\Office15\URLREDIR.DLL [2012-10-01 704664]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~2\MICROS~2\Office15\GROOVEEX.DLL [2012-10-01 1720976]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PheobusEX"=C:\Windows\syswow64\ExMgr.exe [2011-02-25 204800]
"GamecomSound"=C:\Program Files\ASUS Phoebus Audio Sound Card\CPL\Phoebus_x64.exe [2013-11-20 2384384]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2014-11-06 2464072]
"BentleyCloudPage"=C:\Program Files\Bentley\Bentley Live Player\bentleyliveplayer.exe [2014-08-28 8344928]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2014-11-21 7063832]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2014-03-04 3696912]
"cz.seznam.software.autoupdate"=C:\Users\Chichi\AppData\Roaming\Seznam.cz\szninstall.exe [2013-05-16 1062472]
"cz.seznam.software.szndesktop"=C:\Users\Chichi\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [2015-05-26 103080]
"Akamai NetSession Interface"=C:\Users\Chichi\AppData\Local\Akamai\netsession_win.exe [2015-09-10 4691384]
"SpybotPostWindows10UpgradeReInstall"=C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [2015-07-28 1011200]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2015-11-08 7935904]
"Infium"=C:\Program Files (x86)\QIP 2012\qip.exe [2014-11-24 8505328]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Dolby Home Theater v4"=C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [2012-08-31 508144]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2015-11-06 6111312]
"seznam-listicka-distribuce"=C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]
"SDTray"=C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [2014-06-24 4101576]
"ADSKAppManager"=C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [2014-12-05 493960]
""= []
"Endeavors Technologies Application Jukebox Core"=C:\Program Files\Numecent\Application Jukebox Player\CoreCLI.exe [2014-02-04 243536]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
""=

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.scr - open - C:\Windows\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2015-11-20 16:52:44 ----D---- C:\rsit
2015-11-20 16:52:44 ----D---- C:\Program Files\trend micro
2015-11-20 16:36:14 ----D---- C:\Program Files\McAfee Security Scan
2015-11-19 19:01:20 ----D---- C:\Program Files (x86)\WordFly_1.10.0.28
2015-11-19 19:00:36 ----D---- C:\Windows\system32\appmgmt
2015-11-19 18:58:01 ----D---- C:\Program Files (x86)\ca373d01-2b6e-4153-b669-af6ed8d41ee2
2015-11-19 18:57:51 ----D---- C:\Program Files (x86)\globalUpdate
2015-11-19 18:57:47 ----D---- C:\Program Files (x86)\CinemaP-1.9cV09.11
2015-11-19 18:57:04 ----D---- C:\Program Files (x86)\RayDld
2015-11-19 18:57:04 ----D---- C:\Program Files (x86)\Opera
2015-11-19 18:56:36 ----D---- C:\Users\Chichi\AppData\Roaming\oursurfing
2015-11-18 21:05:14 ----D---- C:\ProgramData\CheckPoint
2015-11-18 21:05:10 ----D---- C:\Windows\Internet Logs
2015-11-18 21:05:02 ----D---- C:\Program Files (x86)\CheckPoint
2015-11-08 11:05:29 ----D---- C:\Program Files\TapinRadio
2015-11-08 10:38:42 ----D---- C:\Program Files (x86)\iRadio
2015-11-07 08:47:35 ----D---- C:\Users\Chichi\AppData\Roaming\NVIDIA
2015-11-02 11:28:48 ----A---- C:\ftconfig.ini
2015-11-01 16:26:45 ----D---- C:\Program Files (x86)\Mozilla Firefox
2015-11-01 12:29:33 ----D---- C:\Users\Chichi\AppData\Roaming\Bitmeter2
2015-11-01 12:29:33 ----D---- C:\ProgramData\Bitmeter2
2015-11-01 12:29:33 ----D---- C:\Program Files (x86)\Codebox
2015-10-30 00:47:04 ----A---- C:\Windows\system32\drivers\wfdrvr_vt_1_10_0_28.sys

======List of files/folders modified in the last 1 month======

2015-11-20 16:52:45 ----D---- C:\Windows\Temp
2015-11-20 16:52:44 ----RD---- C:\Program Files
2015-11-20 16:36:13 ----D---- C:\Windows\system32\drivers\etc
2015-11-20 16:12:01 ----D---- C:\Windows\system32\config
2015-11-20 16:07:46 ----D---- C:\Windows\System32
2015-11-20 16:07:46 ----D---- C:\Windows\inf
2015-11-20 16:07:46 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-11-20 16:06:47 ----D---- C:\Users\Chichi\AppData\Roaming\Seznam.cz
2015-11-20 16:02:33 ----D---- C:\Windows\Prefetch
2015-11-20 16:01:47 ----D---- C:\Program Files (x86)\QIP 2012
2015-11-20 16:01:43 ----D---- C:\ProgramData\NVIDIA
2015-11-19 20:43:00 ----D---- C:\Program Files (x86)\AGEIA Technologies
2015-11-19 19:48:01 ----D---- C:\Windows\system32\Tasks
2015-11-19 19:25:21 ----D---- C:\Windows\system32\drivers
2015-11-19 19:23:06 ----D---- C:\Windows\Tasks
2015-11-19 19:15:07 ----D---- C:\Windows\winsxs
2015-11-19 19:05:10 ----SHD---- C:\Windows\Installer
2015-11-19 19:05:10 ----HD---- C:\Config.Msi
2015-11-19 19:05:03 ----D---- C:\Program Files (x86)\Common Files
2015-11-19 19:04:48 ----SHD---- C:\System Volume Information
2015-11-19 19:01:20 ----RD---- C:\Program Files (x86)
2015-11-19 18:57:49 ----D---- C:\Windows\SysWOW64
2015-11-18 21:05:14 ----HD---- C:\ProgramData
2015-11-18 21:05:10 ----D---- C:\Windows
2015-11-15 15:26:22 ----D---- C:\Windows\system32\NDF
2015-11-14 22:42:47 ----D---- C:\Users\Chichi\AppData\Roaming\vlc
2015-11-10 18:36:24 ----D---- C:\Windows\system32\catroot2
2015-11-09 19:28:41 ----D---- C:\ProgramData\Origin
2015-11-09 17:25:00 ----D---- C:\Program Files\SUPERAntiSpyware
2015-11-08 12:36:18 ----D---- C:\Windows\system32\LogFiles
2015-11-08 12:14:38 ----SD---- C:\ProgramData\Microsoft
2015-11-07 17:54:56 ----D---- C:\Program Files (x86)\Origin
2015-11-05 17:11:25 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-02 19:08:35 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2015-07-31 65224]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2015-07-31 274808]
R0 ngvss;ngvss; C:\Windows\system32\drivers\ngvss.sys [2015-07-31 115152]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 speedfan;speedfan; C:\Windows\SysWOW64\speedfan.sys [2012-12-29 28664]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2015-07-31 93528]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2015-11-06 1059656]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2015-11-06 449992]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2014-12-01 283064]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R1 StreamingFSD;StreamingFSD; C:\Windows\system32\DRIVERS\StreamingFSD.sys [2014-02-04 751936]
R1 wfdrvr_vt_1_10_0_28;wfdrvr_vt_1_10_0_28; C:\Windows\system32\drivers\wfdrvr_vt_1_10_0_28.sys [2015-10-30 61296]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2015-07-31 28656]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2015-07-31 90968]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2015-07-31 150672]
R2 VBoxAswDrv;VBoxAsw Support Driver; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2015-07-31 273824]
R3 CmHdAudAddService;C-Media Function Driver for High Definition Audio Service; C:\Windows\system32\DRIVERS\CMHDAudioV64.sys [2013-07-17 67584]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2014-11-06 197408]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 NTIOLib_1_0_C;NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys []
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2014-10-03 38216]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\drivers\usbscan.sys [2013-07-03 42496]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 xnacc;Služba ovladače pro řadič XBOX 360 pro systém Windows; C:\Windows\system32\DRIVERS\xnacc.sys [2009-07-14 679936]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2014-07-23 172344]
R2 AdAppMgrSvc;Autodesk Application Manager Service; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [2014-12-05 599944]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-10-28 82128]
R2 Autodesk Content Service;Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [2015-02-05 31160]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-07-31 146600]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ihpmServer;ihpmServer; C:\Program Files (x86)\RayDld\ihpmServer.exe [2015-11-19 271592]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-11-06 1795912]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2014-11-12 934032]
R2 SDScannerService;Spybot-S&D 2 Scanner Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-06-24 1738168]
R2 SDUpdateService;Spybot-S&D 2 Updating Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-06-27 2088408]
R2 SDWSCService;Spybot-S&D 2 Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-04-25 171928]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-11-12 409800]
R2 StreamingCore;Streaming Core Service; C:\Program Files\Numecent\Application Jukebox Player\StreamingCore.exe [2014-02-04 9238864]
R2 wfsrvc_1.10.0.28;WF 1.10.0.28 Client Service; C:\Program Files (x86)\WordFly_1.10.0.28\Service\wfsrvc.exe [2015-10-30 301632]
R3 AvastVBoxSvc;AvastVBox COM Service; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2015-07-31 4047768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30 144200]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S3 ATLMonitorService;ATLMonitorService; C:\Windows\system\MonitorService.exe [2013-10-01 650752]
S3 ATLOISAService;ATLOISAService; C:\Windows\system\ATLOISAService.exe [2013-10-25 512000]
S3 FlexNet Licensing Service 64;FlexNet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe [2015-05-25 1369856]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30 144200]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.11.226\McCHSvc.exe [2015-10-30 289256]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-11-01 149160]
S3 Origin Client Service;Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2015-11-07 2099208]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-12-08 178760]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2012-10-01 5132888]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

# AdwCleaner v5.020 - Logfile created 20/11/2015 at 18:11:53
# Updated 13/11/2015 by Xplode
# Database : 2015-11-13.1 [Local]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Chichi - CHICHI-PC
# Running from : C:\Users\Chichi\Downloads\adwcleaner_5.020.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : ihpmServer
[-] Service Deleted : wfdrvr_vt_1_10_0_28
[-] Service Deleted : wfsrvc_1.10.0.28

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\globalUpdate
[-] Folder Deleted : C:\Program Files (x86)\SourceApp
[-] Folder Deleted : C:\Program Files (x86)\DriverToolkit
[-] Folder Deleted : C:\Program Files (x86)\RayDld
[-] Folder Deleted : C:\Program Files (x86)\WordFly_1.10.0.28
[-] Folder Deleted : C:\Program Files (x86)\CinemaP-1.9cV09.11
[-] Folder Deleted : C:\Users\Chichi\AppData\Local\globalUpdate
[-] Folder Deleted : C:\Users\Chichi\AppData\Local\DriverToolkit
[-] Folder Deleted : C:\Users\Chichi\AppData\Local\29963
[-] Folder Deleted : C:\Users\Chichi\AppData\Roaming\OpenCandy
[-] Folder Deleted : C:\Users\Chichi\AppData\Roaming\oursurfing

***** [ Files ] *****

[-] File Deleted : C:\Users\Chichi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lkadffjmnaiokkdncgdlecdegajoiemi_0.localstorage
[-] File Deleted : C:\Users\Chichi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lkadffjmnaiokkdncgdlecdegajoiemi_0.localstorage-journal
[-] File Deleted : C:\Users\Chichi\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_lkadffjmnaiokkdncgdlecdegajoiemi_0
[-] File Deleted : C:\Users\Chichi\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkadffjmnaiokkdncgdlecdegajoiemi
[-] File Deleted : C:\Users\Chichi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\Chichi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage-journal
[-] File Deleted : C:\Users\Chichi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\Chichi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage-journal
[-] File Deleted : C:\Users\Chichi\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.superfish.com_0.localstorage-journal
[-] File Deleted : C:\Users\Chichi\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxps_www.superfish.com_0.localstorage-journal
[-] File Deleted : C:\Users\Chichi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage
[-] File Deleted : C:\Users\Chichi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage-journal
[-] File Deleted : C:\Users\Chichi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_hdapp1008-a.akamaihd.net_0.localstorage
[-] File Deleted : C:\Users\Chichi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_hdapp1008-a.akamaihd.net_0.localstorage-journal
[-] File Deleted : C:\Users\Chichi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
[-] File Deleted : C:\Users\Chichi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
[-] File Deleted : C:\Users\Chichi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_search.icq.com_0.localstorage
[-] File Deleted : C:\Users\Chichi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_search.icq.com_0.localstorage-journal
[-] File Deleted : C:\Users\Chichi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_wlogin.icq.com_0.localstorage
[-] File Deleted : C:\Users\Chichi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_wlogin.icq.com_0.localstorage-journal
[-] File Deleted : C:\Users\Chichi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.oursurfing.com_0.localstorage
[-] File Deleted : C:\Users\Chichi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.oursurfing.com_0.localstorage-journal
[-] File Deleted : C:\Users\Chichi\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
[-] File Deleted : C:\Users\Chichi\AppData\Roaming\Mozilla\Firefox\Profiles\h9f3i4ph.default\searchplugins\qip-search.xml
[-] File Deleted : C:\Users\Chichi\AppData\Roaming\Mozilla\Firefox\Profiles\h9f3i4ph.default\searchplugins\oursurfing.xml
[-] File Deleted : C:\Windows\SysNative\drivers\wfdrvr_vt_1_10_0_28.sys

***** [ DLLs ] *****


***** [ Shortcuts ] *****

[-] Shortcut Disinfected : C:\Users\Public\Desktop\Mozilla Firefox.lnk
[-] Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[-] Shortcut Disinfected : C:\Users\Chichi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[-] Shortcut Disinfected : C:\Users\Chichi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

***** [ Scheduled tasks ] *****

[-] Task Deleted : AmiUpdXp
[-] Task Deleted : globalUpdateUpdateTaskMachineCore
[-] Task Deleted : globalUpdateUpdateTaskMachineUA
[-] Task Deleted : amiupdaterExd
[-] Task Deleted : amiupdaterExi
[-] Task Deleted : WordFly Auto Updater 1.10.0.28 Core
[-] Task Deleted : WordFly Auto Updater 1.10.0.28 Pending Update
[-] Task Deleted : 40db1533-f551-4998-8bca-934da85073e3-1-6
[-] Task Deleted : 40db1533-f551-4998-8bca-934da85073e3-1-7
[-] Task Deleted : 40db1533-f551-4998-8bca-934da85073e3-10_user
[-] Task Deleted : 40db1533-f551-4998-8bca-934da85073e3-11
[-] Task Deleted : 40db1533-f551-4998-8bca-934da85073e3-3
[-] Task Deleted : 40db1533-f551-4998-8bca-934da85073e3-4
[-] Task Deleted : 40db1533-f551-4998-8bca-934da85073e3-5
[-] Task Deleted : 40db1533-f551-4998-8bca-934da85073e3-5_user
[-] Task Deleted : 40db1533-f551-4998-8bca-934da85073e3-6
[-] Task Deleted : 40db1533-f551-4998-8bca-934da85073e3-7
[-] Task Deleted : 40db1533-f551-4998-8bca-934da85073e3-1-6
[-] Task Deleted : 40db1533-f551-4998-8bca-934da85073e3-1-7
[-] Task Deleted : 40db1533-f551-4998-8bca-934da85073e3-10_user
[-] Task Deleted : 40db1533-f551-4998-8bca-934da85073e3-11
[-] Task Deleted : 40db1533-f551-4998-8bca-934da85073e3-3
[-] Task Deleted : 40db1533-f551-4998-8bca-934da85073e3-4
[-] Task Deleted : 40db1533-f551-4998-8bca-934da85073e3-5
[-] Task Deleted : 40db1533-f551-4998-8bca-934da85073e3-5_user
[-] Task Deleted : 40db1533-f551-4998-8bca-934da85073e3-6
[-] Task Deleted : 40db1533-f551-4998-8bca-934da85073e3-7
[-] Task Deleted : globalUpdateUpdateTaskMachineCore
[-] Task Deleted : globalUpdateUpdateTaskMachineUA
[-] Task Deleted : globalUpdateUpdateTaskMachineCore
[-] Task Deleted : globalUpdateUpdateTaskMachineUA

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
[-] Key Deleted : HKCU\Software\Mozilla\Extends
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\globalupdate.exe
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\dream.capture.1
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\dream.capture
[-] Key Deleted : HKLM\SOFTWARE\829d1f93-71a5-4522-8aba-58d0756b7541
[-] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [deskCutv2@gmail.com]
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EDBF8C0-C94C-4A13-956F-E393BCA5BA4B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{117270FA-48AC-45BB-9171-B63D1B42A910}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAC7DE5C-9520-435D-91AA-4A02E4773CEA}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A6D54287-7939-466A-8579-92546D946C8C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B0660298-91AA-421F-BF0D-BFF6BB8BF3AE}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9F7AB9C4-4DA3-440E-BA84-95903165F129}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9F7AB9C4-4DA3-440E-BA84-95903165F129}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95289393-33EA-4F8D-B952-483415B9C955}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAC7DE5C-9520-435D-91AA-4A02E4773CEA}
[-] Key Deleted : HKCU\Software\GlobalUpdate
[-] Key Deleted : HKCU\Software\InstalledBrowserExtensions
[-] Key Deleted : HKCU\Software\SourceApp
[-] Key Deleted : HKCU\Software\DriverToolkit
[-] Key Deleted : HKCU\Software\YorkNewCin
[-] Key Deleted : HKCU\Software\HighDefAction
[-] Key Deleted : HKCU\Software\ArenaHD
[-] Key Deleted : HKCU\Software\PRODUCTSETUP
[-] Key Deleted : HKCU\Software\CinemaP-1.9cV09.11
[-] Key Deleted : HKCU\Software\CinemaP-1.9cV09.11-nv
[-] Key Deleted : HKCU\Software\CinemaP-1.9cV09.11-nv-ie
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
[-] Key Deleted : HKLM\SOFTWARE\AppDataLow\SOFTWARE\Crossrider
[-] Key Deleted : HKLM\SOFTWARE\AppDataLow\SOFTWARE\_CrossriderRegNamePlaceHolder_
[-] Key Deleted : HKLM\SOFTWARE\GlobalUpdate
[-] Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
[-] Key Deleted : HKLM\SOFTWARE\SourceApp
[-] Key Deleted : HKLM\SOFTWARE\YorkNewCin
[-] Key Deleted : HKLM\SOFTWARE\HighDefAction
[-] Key Deleted : HKLM\SOFTWARE\oursurfingSoftware
[-] Key Deleted : HKLM\SOFTWARE\ArenaHD
[-] Key Deleted : HKLM\SOFTWARE\RayDld
[-] Key Deleted : HKLM\SOFTWARE\ihpmserver
[-] Key Deleted : HKLM\SOFTWARE\WordFly_1.10.0.28
[-] Key Deleted : HKLM\SOFTWARE\CinemaP-1.9cV09.11
[-] Key Deleted : HKLM\SOFTWARE\CinemaP-1.9cV09.11-nv
[-] Key Deleted : HKLM\SOFTWARE\CinemaP-1.9cV09.11-nv-ie
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\oursurfing
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WordFly_1.10.0.28
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CinemaP-1.9cV09.11
[-] Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
[-] Key Deleted : [x64] HKLM\SOFTWARE\YorkNewCin
[-] Key Deleted : [x64] HKLM\SOFTWARE\HighDefAction
[-] Key Deleted : [x64] HKLM\SOFTWARE\ArenaHD
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
[-] Key Deleted : HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GLOBALUPDATE.EXE
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

***** [ Web browsers ] *****

[-] [C:\Users\Chichi\AppData\Roaming\Mozilla\Firefox\Profiles\h9f3i4ph.default\prefs.js] [Preference] Deleted : user_pref("browser.startup.homepage", "hxxp://www.oursurfing.com/?type=hp&ts=14479557 ... b728600474");
[-] [C:\Users\Chichi\AppData\Roaming\Mozilla\Firefox\Profiles\h9f3i4ph.default\prefs.js] [Preference] Deleted : user_pref("browser.newtab.url", "hxxp://www.oursurfing.com/newtab/?type=nt&ts=1 ... b728600474");
[-] [C:\Users\Chichi\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : oursurfing
[-] [C:\Users\Chichi\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : aminlpmkfcdibgpgfajlgnamicjckkjf
[-] [C:\Users\Chichi\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : jdkihdhlegcdggknokfekoemkjjnjhgi

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [19835 bytes] ##########

Dejte nový log RSIT.

Logfile of random's system information tool 1.10 (written by random/random)
Run by Chichi at 2015-11-20 18:23:52
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 6 GB (5%) free of 122 GB
Total RAM: 8191 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:23:54, on 20.11.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.18631)
Boot mode: Normal

Running processes:
C:\Windows\SysWOW64\ExMgr.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\Chichi\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\QIP 2012\qip.exe
C:\Users\Chichi\AppData\Local\Akamai\netsession_win.exe
C:\Users\Chichi\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Users\Chichi\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe
C:\Program Files\trend micro\Chichi.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=s ... earchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=s ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 0.0.0.1 mssplus.mcafee.com
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~2\Office15\GROOVEEX.DLL
O4 - HKLM\..\Run: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [ADSKAppManager] "C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe" -showminimized -checkautorun
O4 - HKLM\..\Run: [Endeavors Technologies Application Jukebox Core] "C:\Program Files\Numecent\Application Jukebox Player\CoreCLI.exe" client start
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\Chichi\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\Chichi\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Chichi\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Infium] "C:\Program Files (x86)\QIP 2012\qip.exe" /autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Autodesk Application Manager Service (AdAppMgrSvc) - Autodesk Inc. - C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ATLMonitorService - Cmedia Electronics Inc - C:\Windows\system\MonitorService.exe
O23 - Service: ATLOISAService - Cmedia Electronics Inc. - C:\Windows\system\ATLOISAService.exe
O23 - Service: Autodesk Content Service - Autodesk, Inc. - C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FlexNet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.11.226\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Streaming Core Service (StreamingCore) - Numecent, Inc. - C:\Program Files\Numecent\Application Jukebox Player\StreamingCore.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12085 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
winlogon.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
taskeng.exe {10FD6FD9-7367-4EF3-B170-26ABD25268BC}
C:\Windows\System32\spoolsv.exe
"taskhost.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE"
"C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe"
"C:\Windows\SysWOW64\ExMgr.exe" Envoke
"C:\Program Files\ASUS Phoebus Audio Sound Card\CPL\Phoebus_x64.exe" /h /d
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe"
"C:\Program Files\Bentley\Bentley Live Player\bentleyliveplayer.exe" -ProviderTag=82233c04-154e-4caf-b22a-92ad3019c980 /NoSplashScreen /CheckAutoStart
"C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
"C:\Users\Chichi\AppData\Local\Akamai\netsession_win.exe"
"C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE"
"C:\Program Files (x86)\QIP 2012\qip.exe" /autorun
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:/Users/Chichi/AppData/Local/Akamai/netsession_win.exe" --client
"C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe"
szndesktop.exe default start
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe"
"C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart
"C:\Users\Chichi\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe"
\??\C:\Windows\system32\conhost.exe "1005598238875309863-277036628-70255691793243147-18818243861916025174-1710093901
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe"
"C:\Users\Chichi\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe" -showminimized -checkautorun
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Numecent\Application Jukebox Player\StreamingCore.exe" /srv
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe"
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files\Numecent\Application Jukebox Player\CoreHelper.exe" -t 4294967295
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
"C:\Users\Chichi\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\DJK7lq2X6tnMCL9kwV6KZYcd1p.job - C:\Users\Chichi\AppData\Roaming\DJK7lq2X6tnMCL9kwV6KZYcd1p.exe --c=bL6MA1NUqq6dXNDEYoJEE2I6YWdcF30UX6r4IkQ29DiMW7TdGeQgw+7JMkaRP2wJtGmC6mzCvz6q5oXfg9ql6njF4+fq1mayOtLJg2fo4ZZ71AOrbpp0FBh3f+/vu+IL9ZekOoKORtEPAl3GjCtWsG9onfQc0hXa8iNkFC5XCJB6tVRDZ+x7QDySIyIBXcF0R21aNeM4Df502jpyhofEGkwAXq3cC3V+JLLuBexyIuLzvkPZDUpezLfBMUkJxkNALqOQXMmG4fwlC2ni9ax+FqV07h6CUX5ZJr2QzGmWikL8OKvtuCsAfLju1z6cfZ8NYoMnckuWHvEdLwOSViHeSA==
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\QTT1sr3Eymai.job - C:\Users\Chichi\AppData\Roaming\QTT1sr3Eymai.exe --c=kzA2irQdFLwKPa+DR7jRMOBtU3a6lgA5my3soyNEzWKb4qWeSPNPpV70+qW+K7UnEL/L1u/IOcEL2AWS925yoQj3odyZUP7zy70YdIzIUCZgoYysMuOTyNj4cXSeS64HoEftGf+KVE3DqP8fSShxuB56mWXn/LuFGba3+hatTYA1tfFkX8fPajFCaqlqt1uejDA5a7XJSwkUUM9fJJRds4FDbyJJwHq6+vGqLw5oVG40dAurvkfLLUmJ0cf582qf9AtnBiiM671p22CPl28R3znEuSC8eh66/L3j86NgONpKUsocQ9ORO1+IvjQRxF3YMegtWDytopxBj/6pVudDVg==

=========Mozilla firefox=========

ProfilePath - C:\Users\Chichi\AppData\Roaming\Mozilla\Firefox\Profiles\h9f3i4ph.default

prefs.js - "browser.search.useDBForOrder" - false
prefs.js - "keyword.URL" - "https://www.google.com/search/?trackid=sp-006"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 19.0.0.226 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0]
"Description"=Microsoft Lync Plug-in for Firefox
"Path"=C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 19.0.0.226 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL


C:\Program Files (x86)\Mozilla Firefox\plugins\
npMeetingJoinPluginOC.dll
nppdf32.dll

C:\Users\Chichi\AppData\Roaming\Mozilla\Firefox\Profiles\h9f3i4ph.default\searchplugins\
firmy.cz-172037.xml
google-avast.xml
seznam.cz-172037.xml
videa.seznam.cz-172037.xml
zbozi.cz-172037.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01 205416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-31 655480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office15\URLREDIR.DLL [2012-10-01 877720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL [2012-10-01 2322576]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01 139368]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-31 559624]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~2\Office15\URLREDIR.DLL [2012-10-01 704664]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~2\MICROS~2\Office15\GROOVEEX.DLL [2012-10-01 1720976]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PheobusEX"=C:\Windows\syswow64\ExMgr.exe [2011-02-25 204800]
"GamecomSound"=C:\Program Files\ASUS Phoebus Audio Sound Card\CPL\Phoebus_x64.exe [2013-11-20 2384384]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2014-11-06 2464072]
"BentleyCloudPage"=C:\Program Files\Bentley\Bentley Live Player\bentleyliveplayer.exe [2014-08-28 8344928]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2014-11-21 7063832]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2014-03-04 3696912]
"cz.seznam.software.autoupdate"=C:\Users\Chichi\AppData\Roaming\Seznam.cz\szninstall.exe [2013-05-16 1062472]
"cz.seznam.software.szndesktop"=C:\Users\Chichi\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [2015-05-26 103080]
"Akamai NetSession Interface"=C:\Users\Chichi\AppData\Local\Akamai\netsession_win.exe [2015-09-10 4691384]
"SpybotPostWindows10UpgradeReInstall"=C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [2015-07-28 1011200]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2015-11-08 7935904]
"Infium"=C:\Program Files (x86)\QIP 2012\qip.exe [2014-11-24 8505328]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Dolby Home Theater v4"=C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [2012-08-31 508144]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2015-11-06 6111312]
"seznam-listicka-distribuce"=C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]
"SDTray"=C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [2014-06-24 4101576]
"ADSKAppManager"=C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [2014-12-05 493960]
""= []
"Endeavors Technologies Application Jukebox Core"=C:\Program Files\Numecent\Application Jukebox Player\CoreCLI.exe [2014-02-04 243536]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
""=

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.scr - open - C:\Windows\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2015-11-20 18:08:12 ----D---- C:\AdwCleaner
2015-11-20 16:52:44 ----D---- C:\rsit
2015-11-20 16:52:44 ----D---- C:\Program Files\trend micro
2015-11-20 16:36:14 ----D---- C:\Program Files\McAfee Security Scan
2015-11-19 19:00:36 ----D---- C:\Windows\system32\appmgmt
2015-11-19 18:58:01 ----D---- C:\Program Files (x86)\ca373d01-2b6e-4153-b669-af6ed8d41ee2
2015-11-19 18:57:04 ----D---- C:\Program Files (x86)\Opera
2015-11-18 21:05:14 ----D---- C:\ProgramData\CheckPoint
2015-11-18 21:05:10 ----D---- C:\Windows\Internet Logs
2015-11-18 21:05:02 ----D---- C:\Program Files (x86)\CheckPoint
2015-11-08 11:05:29 ----D---- C:\Program Files\TapinRadio
2015-11-08 10:38:42 ----D---- C:\Program Files (x86)\iRadio
2015-11-07 08:47:35 ----D---- C:\Users\Chichi\AppData\Roaming\NVIDIA
2015-11-02 11:28:48 ----A---- C:\ftconfig.ini
2015-11-01 16:26:45 ----D---- C:\Program Files (x86)\Mozilla Firefox
2015-11-01 12:29:33 ----D---- C:\Users\Chichi\AppData\Roaming\Bitmeter2
2015-11-01 12:29:33 ----D---- C:\ProgramData\Bitmeter2
2015-11-01 12:29:33 ----D---- C:\Program Files (x86)\Codebox

======List of files/folders modified in the last 1 month======

2015-11-20 18:23:54 ----D---- C:\Windows\Temp
2015-11-20 18:18:54 ----D---- C:\Windows\System32
2015-11-20 18:18:54 ----D---- C:\Windows\inf
2015-11-20 18:18:54 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-11-20 18:18:02 ----D---- C:\Users\Chichi\AppData\Roaming\Seznam.cz
2015-11-20 18:13:09 ----D---- C:\Windows\system32\config
2015-11-20 18:13:02 ----D---- C:\Program Files (x86)\QIP 2012
2015-11-20 18:12:58 ----D---- C:\ProgramData\NVIDIA
2015-11-20 18:12:56 ----D---- C:\Windows
2015-11-20 18:11:56 ----D---- C:\Windows\Tasks
2015-11-20 18:11:56 ----D---- C:\Windows\system32\Tasks
2015-11-20 18:11:53 ----RD---- C:\Program Files (x86)
2015-11-20 18:11:53 ----D---- C:\Windows\system32\drivers
2015-11-20 16:52:44 ----RD---- C:\Program Files
2015-11-20 16:36:13 ----D---- C:\Windows\system32\drivers\etc
2015-11-20 16:02:33 ----D---- C:\Windows\Prefetch
2015-11-19 20:43:00 ----D---- C:\Program Files (x86)\AGEIA Technologies
2015-11-19 19:15:07 ----D---- C:\Windows\winsxs
2015-11-19 19:05:10 ----SHD---- C:\Windows\Installer
2015-11-19 19:05:10 ----HD---- C:\Config.Msi
2015-11-19 19:05:03 ----D---- C:\Program Files (x86)\Common Files
2015-11-19 19:04:48 ----SHD---- C:\System Volume Information
2015-11-19 18:57:49 ----D---- C:\Windows\SysWOW64
2015-11-18 21:05:14 ----HD---- C:\ProgramData
2015-11-15 15:26:22 ----D---- C:\Windows\system32\NDF
2015-11-14 22:42:47 ----D---- C:\Users\Chichi\AppData\Roaming\vlc
2015-11-10 18:36:24 ----D---- C:\Windows\system32\catroot2
2015-11-09 19:28:41 ----D---- C:\ProgramData\Origin
2015-11-09 17:25:00 ----D---- C:\Program Files\SUPERAntiSpyware
2015-11-08 12:36:18 ----D---- C:\Windows\system32\LogFiles
2015-11-08 12:14:38 ----SD---- C:\ProgramData\Microsoft
2015-11-07 17:54:56 ----D---- C:\Program Files (x86)\Origin
2015-11-05 17:11:25 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-02 19:08:35 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2015-07-31 65224]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2015-07-31 274808]
R0 ngvss;ngvss; C:\Windows\system32\drivers\ngvss.sys [2015-07-31 115152]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 speedfan;speedfan; C:\Windows\SysWOW64\speedfan.sys [2012-12-29 28664]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2015-07-31 93528]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2015-11-06 1059656]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2015-11-06 449992]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2014-12-01 283064]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R1 StreamingFSD;StreamingFSD; C:\Windows\system32\DRIVERS\StreamingFSD.sys [2014-02-04 751936]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2015-07-31 28656]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2015-07-31 90968]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2015-07-31 150672]
R2 VBoxAswDrv;VBoxAsw Support Driver; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2015-07-31 273824]
R3 CmHdAudAddService;C-Media Function Driver for High Definition Audio Service; C:\Windows\system32\DRIVERS\CMHDAudioV64.sys [2013-07-17 67584]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2014-11-06 197408]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 NTIOLib_1_0_C;NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys []
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2014-10-03 38216]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\drivers\usbscan.sys [2013-07-03 42496]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 xnacc;Služba ovladače pro řadič XBOX 360 pro systém Windows; C:\Windows\system32\DRIVERS\xnacc.sys [2009-07-14 679936]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2014-07-23 172344]
R2 AdAppMgrSvc;Autodesk Application Manager Service; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [2014-12-05 599944]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-10-28 82128]
R2 Autodesk Content Service;Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [2015-02-05 31160]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-07-31 146600]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-11-06 1795912]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2014-11-12 934032]
R2 SDScannerService;Spybot-S&D 2 Scanner Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-06-24 1738168]
R2 SDUpdateService;Spybot-S&D 2 Updating Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-06-27 2088408]
R2 SDWSCService;Spybot-S&D 2 Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-04-25 171928]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-11-12 409800]
R2 StreamingCore;Streaming Core Service; C:\Program Files\Numecent\Application Jukebox Player\StreamingCore.exe [2014-02-04 9238864]
R3 AvastVBoxSvc;AvastVBox COM Service; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2015-07-31 4047768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30 144200]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S3 ATLMonitorService;ATLMonitorService; C:\Windows\system\MonitorService.exe [2013-10-01 650752]
S3 ATLOISAService;ATLOISAService; C:\Windows\system\ATLOISAService.exe [2013-10-25 512000]
S3 FlexNet Licensing Service 64;FlexNet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe [2015-05-25 1369856]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30 144200]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.11.226\McCHSvc.exe [2015-10-30 289256]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-11-01 149160]
S3 Origin Client Service;Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2015-11-07 2099208]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-12-08 178760]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2012-10-01 5132888]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:

:files
C:\Users\Chichi\AppData\Local\Akamai
C:\Windows\tasks\DJK7lq2X6tnMCL9kwV6KZYcd1p.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\QTT1sr3Eymai.job
C:\Program Files\McAfee Security Scan
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"=-

:commands
[Purity]
[Emptytemp]
[Emptyflash]

a klikněte na >MoveIt!<. Před skenem vypněte antivir a po něm restartujte PC. Dejte nový log RSIT.

Logfile of random's system information tool 1.10 (written by random/random)
Run by Chichi at 2015-11-20 19:42:51
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 6 GB (5%) free of 122 GB
Total RAM: 8191 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:42:53, on 20.11.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.18631)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\SysWOW64\ExMgr.exe
C:\Users\Chichi\AppData\Roaming\Seznam.cz\szninstall.exe
C:\Users\Chichi\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
C:\Program Files (x86)\QIP 2012\qip.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Users\Chichi\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe
C:\Program Files\trend micro\Chichi.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=s ... earchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=s ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 0.0.0.1 mssplus.mcafee.com
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~2\Office15\GROOVEEX.DLL
O4 - HKLM\..\Run: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [ADSKAppManager] "C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe" -showminimized -checkautorun
O4 - HKLM\..\Run: [Endeavors Technologies Application Jukebox Core] "C:\Program Files\Numecent\Application Jukebox Player\CoreCLI.exe" client start
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\Chichi\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\Chichi\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKCU\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Infium] "C:\Program Files (x86)\QIP 2012\qip.exe" /autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Autodesk Application Manager Service (AdAppMgrSvc) - Autodesk Inc. - C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ATLMonitorService - Cmedia Electronics Inc - C:\Windows\system\MonitorService.exe
O23 - Service: ATLOISAService - Cmedia Electronics Inc. - C:\Windows\system\ATLOISAService.exe
O23 - Service: Autodesk Content Service - Autodesk, Inc. - C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FlexNet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - Unknown owner - C:\Program Files\McAfee Security Scan\3.11.226\McCHSvc.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Streaming Core Service (StreamingCore) - Numecent, Inc. - C:\Program Files\Numecent\Application Jukebox Player\StreamingCore.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11821 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
winlogon.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
taskeng.exe {299ADDBD-1737-4FF4-A667-8BCD923D3217}
C:\Windows\System32\spoolsv.exe
"taskhost.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
taskeng.exe {438C75DC-06E5-42F7-89A9-27074C724A3F}
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
"C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE"
"C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Numecent\Application Jukebox Player\StreamingCore.exe" /srv
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe"
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\notepad.exe" C:\_OTM\MovedFiles\11202015_193936.log
"C:\Windows\SysWOW64\ExMgr.exe" Envoke
"C:\Program Files\ASUS Phoebus Audio Sound Card\CPL\Phoebus_x64.exe" /h /d
"C:\Program Files\Bentley\Bentley Live Player\bentleyliveplayer.exe" -ProviderTag=82233c04-154e-4caf-b22a-92ad3019c980 /NoSplashScreen /CheckAutoStart
"C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
"C:\Users\Chichi\AppData\Roaming\Seznam.cz\szninstall.exe" -c
"C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE"
szndesktop.exe default start
"C:\Program Files (x86)\QIP 2012\qip.exe" /autorun
"C:\Users\Chichi\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe"
\??\C:\Windows\system32\conhost.exe "1654930178-1082891544-999905663-2816537471283580977155558645-1136313258-842083208
"C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
C:\Windows\servicing\TrustedInstaller.exe
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Users\Chichi\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe" -showminimized -checkautorun
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Numecent\Application Jukebox Player\CoreHelper.exe" -t 4294967295
C:\Windows\System32\svchost.exe -k WerSvcGroup
"C:\Users\Chichi\Downloads\RSITx64.exe"

=========Mozilla firefox=========

ProfilePath - C:\Users\Chichi\AppData\Roaming\Mozilla\Firefox\Profiles\h9f3i4ph.default

prefs.js - "browser.search.useDBForOrder" - false
prefs.js - "keyword.URL" - "https://www.google.com/search/?trackid=sp-006"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 19.0.0.226 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0]
"Description"=Microsoft Lync Plug-in for Firefox
"Path"=C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 19.0.0.226 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL


C:\Program Files (x86)\Mozilla Firefox\plugins\
npMeetingJoinPluginOC.dll
nppdf32.dll

C:\Users\Chichi\AppData\Roaming\Mozilla\Firefox\Profiles\h9f3i4ph.default\searchplugins\
firmy.cz-172037.xml
google-avast.xml
seznam.cz-172037.xml
videa.seznam.cz-172037.xml
zbozi.cz-172037.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01 205416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-31 655480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office15\URLREDIR.DLL [2012-10-01 877720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL [2012-10-01 2322576]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01 139368]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-31 559624]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~2\Office15\URLREDIR.DLL [2012-10-01 704664]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~2\MICROS~2\Office15\GROOVEEX.DLL [2012-10-01 1720976]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PheobusEX"=C:\Windows\syswow64\ExMgr.exe [2011-02-25 204800]
"GamecomSound"=C:\Program Files\ASUS Phoebus Audio Sound Card\CPL\Phoebus_x64.exe [2013-11-20 2384384]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2014-11-06 2464072]
"BentleyCloudPage"=C:\Program Files\Bentley\Bentley Live Player\bentleyliveplayer.exe [2014-08-28 8344928]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2014-11-21 7063832]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2014-03-04 3696912]
"cz.seznam.software.autoupdate"=C:\Users\Chichi\AppData\Roaming\Seznam.cz\szninstall.exe [2013-05-16 1062472]
"cz.seznam.software.szndesktop"=C:\Users\Chichi\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [2015-05-26 103080]
"SpybotPostWindows10UpgradeReInstall"=C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [2015-07-28 1011200]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2015-11-08 7935904]
"Infium"=C:\Program Files (x86)\QIP 2012\qip.exe [2014-11-24 8505328]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Dolby Home Theater v4"=C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [2012-08-31 508144]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2015-11-06 6111312]
"seznam-listicka-distribuce"=C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]
"SDTray"=C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [2014-06-24 4101576]
"ADSKAppManager"=C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [2014-12-05 493960]
""= []
"Endeavors Technologies Application Jukebox Core"=C:\Program Files\Numecent\Application Jukebox Player\CoreCLI.exe [2014-02-04 243536]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
""=

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater"
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.scr - open - C:\Windows\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2015-11-20 19:39:36 ----D---- C:\_OTM
2015-11-20 18:08:12 ----D---- C:\AdwCleaner
2015-11-20 16:52:44 ----D---- C:\rsit
2015-11-20 16:52:44 ----D---- C:\Program Files\trend micro
2015-11-19 19:00:36 ----D---- C:\Windows\system32\appmgmt
2015-11-19 18:58:01 ----D---- C:\Program Files (x86)\ca373d01-2b6e-4153-b669-af6ed8d41ee2
2015-11-19 18:57:04 ----D---- C:\Program Files (x86)\Opera
2015-11-18 21:05:14 ----D---- C:\ProgramData\CheckPoint
2015-11-18 21:05:10 ----D---- C:\Windows\Internet Logs
2015-11-18 21:05:02 ----D---- C:\Program Files (x86)\CheckPoint
2015-11-08 11:05:29 ----D---- C:\Program Files\TapinRadio
2015-11-08 10:38:42 ----D---- C:\Program Files (x86)\iRadio
2015-11-07 08:47:35 ----D---- C:\Users\Chichi\AppData\Roaming\NVIDIA
2015-11-02 11:28:48 ----A---- C:\ftconfig.ini
2015-11-01 16:26:45 ----D---- C:\Program Files (x86)\Mozilla Firefox
2015-11-01 12:29:33 ----D---- C:\Users\Chichi\AppData\Roaming\Bitmeter2
2015-11-01 12:29:33 ----D---- C:\ProgramData\Bitmeter2
2015-11-01 12:29:33 ----D---- C:\Program Files (x86)\Codebox

======List of files/folders modified in the last 1 month======

2015-11-20 19:42:52 ----D---- C:\Windows\Temp
2015-11-20 19:42:12 ----D---- C:\Windows\system32\config
2015-11-20 19:42:10 ----D---- C:\Program Files (x86)\QIP 2012
2015-11-20 19:41:19 ----D---- C:\ProgramData\NVIDIA
2015-11-20 19:40:08 ----D---- C:\Windows\SysWOW64
2015-11-20 19:39:37 ----RD---- C:\Program Files
2015-11-20 19:39:37 ----D---- C:\Windows\Tasks
2015-11-20 18:18:54 ----D---- C:\Windows\System32
2015-11-20 18:18:54 ----D---- C:\Windows\inf
2015-11-20 18:18:54 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-11-20 18:18:02 ----D---- C:\Users\Chichi\AppData\Roaming\Seznam.cz
2015-11-20 18:12:56 ----D---- C:\Windows
2015-11-20 18:11:56 ----D---- C:\Windows\system32\Tasks
2015-11-20 18:11:53 ----RD---- C:\Program Files (x86)
2015-11-20 18:11:53 ----D---- C:\Windows\system32\drivers
2015-11-20 16:36:13 ----D---- C:\Windows\system32\drivers\etc
2015-11-20 16:02:33 ----D---- C:\Windows\Prefetch
2015-11-19 20:43:00 ----D---- C:\Program Files (x86)\AGEIA Technologies
2015-11-19 19:15:07 ----D---- C:\Windows\winsxs
2015-11-19 19:05:10 ----SHD---- C:\Windows\Installer
2015-11-19 19:05:10 ----HD---- C:\Config.Msi
2015-11-19 19:05:03 ----D---- C:\Program Files (x86)\Common Files
2015-11-19 19:04:48 ----SHD---- C:\System Volume Information
2015-11-18 21:05:14 ----HD---- C:\ProgramData
2015-11-15 15:26:22 ----D---- C:\Windows\system32\NDF
2015-11-14 22:42:47 ----D---- C:\Users\Chichi\AppData\Roaming\vlc
2015-11-10 18:36:24 ----D---- C:\Windows\system32\catroot2
2015-11-09 19:28:41 ----D---- C:\ProgramData\Origin
2015-11-09 17:25:00 ----D---- C:\Program Files\SUPERAntiSpyware
2015-11-08 12:36:18 ----D---- C:\Windows\system32\LogFiles
2015-11-08 12:14:38 ----SD---- C:\ProgramData\Microsoft
2015-11-07 17:54:56 ----D---- C:\Program Files (x86)\Origin
2015-11-05 17:11:25 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-02 19:08:35 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2015-07-31 65224]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2015-07-31 274808]
R0 ngvss;ngvss; C:\Windows\system32\drivers\ngvss.sys [2015-07-31 115152]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 speedfan;speedfan; C:\Windows\SysWOW64\speedfan.sys [2012-12-29 28664]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2015-07-31 93528]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2015-11-06 1059656]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2015-11-06 449992]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2014-12-01 283064]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R1 StreamingFSD;StreamingFSD; C:\Windows\system32\DRIVERS\StreamingFSD.sys [2014-02-04 751936]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2015-07-31 28656]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2015-07-31 90968]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2015-07-31 150672]
R2 VBoxAswDrv;VBoxAsw Support Driver; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2015-07-31 273824]
R3 CmHdAudAddService;C-Media Function Driver for High Definition Audio Service; C:\Windows\system32\DRIVERS\CMHDAudioV64.sys [2013-07-17 67584]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2014-11-06 197408]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 NTIOLib_1_0_C;NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys []
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2014-10-03 38216]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\drivers\usbscan.sys [2013-07-03 42496]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 xnacc;Služba ovladače pro řadič XBOX 360 pro systém Windows; C:\Windows\system32\DRIVERS\xnacc.sys [2009-07-14 679936]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2014-07-23 172344]
R2 AdAppMgrSvc;Autodesk Application Manager Service; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [2014-12-05 599944]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-10-28 82128]
R2 Autodesk Content Service;Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [2015-02-05 31160]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-07-31 146600]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-11-06 1795912]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2014-11-12 934032]
R2 SDScannerService;Spybot-S&D 2 Scanner Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-06-24 1738168]
R2 SDUpdateService;Spybot-S&D 2 Updating Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-06-27 2088408]
R2 SDWSCService;Spybot-S&D 2 Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-04-25 171928]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-11-12 409800]
R2 StreamingCore;Streaming Core Service; C:\Program Files\Numecent\Application Jukebox Player\StreamingCore.exe [2014-02-04 9238864]
R3 AvastVBoxSvc;AvastVBox COM Service; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2015-07-31 4047768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30 144200]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S3 ATLMonitorService;ATLMonitorService; C:\Windows\system\MonitorService.exe [2013-10-01 650752]
S3 ATLOISAService;ATLOISAService; C:\Windows\system\ATLOISAService.exe [2013-10-25 512000]
S3 FlexNet Licensing Service 64;FlexNet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe [2015-05-25 1369856]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30 144200]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.11.226\McCHSvc.exe []
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-11-01 149160]
S3 Origin Client Service;Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2015-11-07 2099208]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-12-08 178760]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2012-10-01 5132888]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

Smazáno. Znovu spusťte OTM a klikněte na >CleanUp!<. OTM po sobě uklidí. Nakonec restartujte PC. Nastala nějaká změna?

Vypadá to že už je to v pořádku. Dokonce se mi zdá, že je internet o něco rychlejší. Díky moc.

Nemáte zač!