Připojování PC k neznámé adrese

Zpráva

czerwis · #1 Příspěvek od **czerwis** » 13 kvě 2014 07:35

Zdravím,
prosím o kontrolu logu:

Logfile of random's system information tool 1.08 (written by random/random)
Run by Cerwis at 2014-05-13 08:31:25
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 77 GB (67%) free of 114 GB
Total RAM: 8153 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:32:09, on 13.5.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17041)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Cerwis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
O4 - HKLM\..\Run: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Service Host (Avira.OE.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZoneAlarm Privacy Service (ZAPrivacyService) - Check Point Software Technologies, Ltd. - C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe

--
End of file - 8288 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
winlogon.exe
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe" -service
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
"taskhost.exe"
"C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe"
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" -r
"C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
"C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
"C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe"
"C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe"
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe"
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\viakaraokesrv.exe
"C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe"
"C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe"
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="2980.0.555712176\592883242" --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,1,14,28,34 --gpu-vendor-id=0x10de --gpu-device-id=0x0640 --gpu-driver-vendor=NVIDIA --gpu-driver-version=9.18.13.3523 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe" avshadowcontrol0_00000910
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/Postperiod_RestoreNavsuggestControl_Stable/BrowserBlacklist/Enabled/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/EmbeddedSearch/Group1 pct:10a stable:r2/ExtensionInstallVerification/Bootstrap/GoogleNow/Default/OmniboxBundledExperimentV1/StableBookmarkValue10LaunchCandidateControl/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-1-Percent/group_17/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/default/" --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --enable-software-compositing --channel="2980.3.506913394\1239620392" /prefetch:673131151
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="2980.6.470577121\1464920310" --ppapi-flash-args --lang=cs --ignored=" --type=renderer " /prefetch:-632637702
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/Postperiod_RestoreNavsuggestControl_Stable/BrowserBlacklist/Enabled/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/EmbeddedSearch/Group1 pct:10a stable:r2/ExtensionInstallVerification/Bootstrap/FlashHardwareVideoDecode/Disabled/GoogleNow/Default/OmniboxBundledExperimentV1/StableBookmarkValue10LaunchCandidateControl/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-1-Percent/group_17/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/default/" --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --enable-software-compositing --channel="2980.7.1921908671\925584550" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/Postperiod_RestoreNavsuggestControl_Stable/BrowserBlacklist/Enabled/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/EmbeddedSearch/Group1 pct:10a stable:r2/ExtensionInstallVerification/Bootstrap/FlashHardwareVideoDecode/Disabled/GoogleNow/Default/OmniboxBundledExperimentV1/StableBookmarkValue10LaunchCandidateControl/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-1-Percent/group_17/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/default/" --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --enable-software-compositing --channel="2980.8.278833386\1490361845" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/Postperiod_RestoreNavsuggestControl_Stable/BrowserBlacklist/Enabled/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/EmbeddedSearch/Group1 pct:10a stable:r2/ExtensionInstallVerification/Bootstrap/FlashHardwareVideoDecode/Disabled/GoogleNow/Default/OmniboxBundledExperimentV1/StableBookmarkValue10LaunchCandidateControl/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-1-Percent/group_17/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/default/" --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --enable-software-compositing --channel="2980.10.67534306\687487155" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/Postperiod_RestoreNavsuggestControl_Stable/BrowserBlacklist/Enabled/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/EmbeddedSearch/Group1 pct:10a stable:r2/ExtensionInstallVerification/Bootstrap/FlashHardwareVideoDecode/Disabled/GoogleNow/Default/OmniboxBundledExperimentV1/StableBookmarkValue10LaunchCandidateControl/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-1-Percent/group_17/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/default/" --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --enable-software-compositing --channel="2980.11.1053874351\1865544621" /prefetch:673131151
"D:\Utils\Antiviry\RSITx64.exe"
C:\Windows\System32\svchost.exe -k WerSvcGroup

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2014-03-20 1797064]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"=C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2012-08-09 5263504]
"avgnt"=C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2014-02-25 689744]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"ZoneAlarm"=C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [2013-12-16 73832]
"Avira Systray"=C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [2014-05-05 182352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2014-05-13 08:31:25 ----D---- C:\rsit
2014-05-13 08:31:25 ----D---- C:\Program Files\trend micro
2014-05-12 11:22:38 ----SHD---- C:\Config.Msi
2014-05-09 19:21:32 ----D---- C:\Program Files\CCleaner
2014-05-03 12:32:06 ----D---- C:\Program Files (x86)\MyFree Codec
2014-05-03 12:31:29 ----A---- C:\Windows\system32\WinUSBCoInstaller.dll
2014-05-03 12:31:29 ----A---- C:\Windows\system32\WdfCoInstaller01007.dll
2014-05-03 12:31:29 ----A---- C:\Windows\system32\drivers\ssudmdm.sys
2014-05-03 12:31:29 ----A---- C:\Windows\system32\drivers\ssudbus.sys
2014-05-03 12:19:54 ----D---- C:\Program Files (x86)\MarkAny
2014-05-03 12:17:49 ----D---- C:\Users\Cerwis\AppData\Roaming\Samsung
2014-05-03 12:16:04 ----A---- C:\Windows\SYSWOW64\secman.dll
2014-05-03 12:16:03 ----A---- C:\Windows\SYSWOW64\Redemption.dll
2014-05-03 12:15:31 ----D---- C:\ProgramData\Samsung
2014-05-03 12:15:31 ----D---- C:\Program Files (x86)\Samsung
2014-05-02 15:43:39 ----D---- C:\Users\Cerwis\AppData\Roaming\Malwarebytes
2014-05-02 15:43:27 ----D---- C:\ProgramData\Malwarebytes
2014-05-02 15:43:26 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-05-02 15:43:26 ----A---- C:\Windows\system32\drivers\mbam.sys
2014-05-02 13:57:39 ----D---- C:\Program Files (x86)\DtsFilter
2014-05-02 13:55:30 ----D---- C:\ProgramData\GRETECH
2014-05-02 13:55:02 ----D---- C:\Users\Cerwis\AppData\Roaming\GRETECH
2014-05-02 13:54:57 ----D---- C:\Program Files (x86)\GRETECH
2014-05-02 13:32:31 ----D---- C:\Program Files (x86)\VideoLAN
2014-05-02 03:00:23 ----A---- C:\Windows\system32\mshtml.dll
2014-05-02 03:00:22 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-04-26 18:21:03 ----D---- C:\Users\Cerwis\AppData\Roaming\uTorrent
2014-04-26 08:06:26 ----D---- C:\Program Files (x86)\Mozilla Firefox
2014-04-26 08:06:22 ----D---- C:\Program Files (x86)\CheckPoint
2014-04-26 08:01:51 ----SD---- C:\Windows\system32\CompatTel
2014-04-26 08:01:43 ----A---- C:\Windows\system32\aepdu.dll
2014-04-26 08:01:43 ----A---- C:\Windows\system32\aeinv.dll
2014-04-19 10:04:18 ----D---- C:\Program Files (x86)\Microsoft Works
2014-04-19 10:04:12 ----D---- C:\Program Files (x86)\Microsoft Visual Studio
2014-04-19 10:03:59 ----D---- C:\Windows\PCHEALTH
2014-04-19 10:02:29 ----D---- C:\Program Files\Microsoft Office
2014-04-19 10:02:27 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 8
2014-04-19 10:02:15 ----D---- C:\ProgramData\Microsoft Help
2014-04-19 10:02:15 ----D---- C:\Program Files (x86)\Microsoft Office
2014-04-19 10:02:02 ----RHD---- C:\MSOCache
2014-04-19 10:01:19 ----D---- C:\Users\Cerwis\AppData\Roaming\WinRAR
2014-04-19 10:00:56 ----D---- C:\Program Files (x86)\WinRAR
2014-04-19 09:32:22 ----D---- C:\Users\Cerwis\AppData\Roaming\GHISLER
2014-04-19 09:32:22 ----D---- C:\Program Files\totalcmd
2014-04-19 09:32:22 ----A---- C:\Windows\UC.PIF
2014-04-19 09:32:22 ----A---- C:\Windows\RAR.PIF
2014-04-19 09:32:22 ----A---- C:\Windows\PKZIP.PIF
2014-04-19 09:32:22 ----A---- C:\Windows\PKUNZIP.PIF
2014-04-19 09:32:22 ----A---- C:\Windows\NOCLOSE.PIF
2014-04-19 09:32:22 ----A---- C:\Windows\LHA.PIF
2014-04-19 09:32:22 ----A---- C:\Windows\ARJ.PIF
2014-04-19 07:32:22 ----A---- C:\Windows\SYSWOW64\mstscax.dll
2014-04-19 07:32:22 ----A---- C:\Windows\system32\mstscax.dll
2014-04-18 10:47:25 ----A---- C:\Windows\SYSWOW64\ieui.dll
2014-04-18 10:47:25 ----A---- C:\Windows\system32\ieui.dll
2014-04-18 10:47:23 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2014-04-18 10:47:23 ----A---- C:\Windows\system32\vbscript.dll
2014-04-18 10:47:21 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-18 10:47:21 ----A---- C:\Windows\system32\iernonce.dll
2014-04-18 10:47:21 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-04-18 10:47:21 ----A---- C:\Windows\system32\ie4uinit.exe
2014-04-18 10:47:20 ----A---- C:\Windows\SYSWOW64\msrating.dll
2014-04-18 10:47:20 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2014-04-18 10:47:20 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2014-04-18 10:47:20 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2014-04-18 10:47:20 ----A---- C:\Windows\system32\msrating.dll
2014-04-18 10:47:20 ----A---- C:\Windows\system32\jsproxy.dll
2014-04-18 10:47:20 ----A---- C:\Windows\system32\jscript9diag.dll
2014-04-18 10:47:20 ----A---- C:\Windows\system32\dxtrans.dll
2014-04-18 10:47:20 ----A---- C:\Windows\system32\dxtmsft.dll
2014-04-18 10:47:19 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2014-04-18 10:47:19 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2014-04-18 10:47:19 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2014-04-18 10:47:19 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2014-04-18 10:47:19 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2014-04-18 10:47:19 ----A---- C:\Windows\system32\msfeeds.dll
2014-04-18 10:47:19 ----A---- C:\Windows\system32\ieUnatt.exe
2014-04-18 10:47:19 ----A---- C:\Windows\system32\iesetup.dll
2014-04-18 10:47:17 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2014-04-18 10:47:17 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2014-04-18 10:47:17 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2014-04-18 10:47:17 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-18 10:47:17 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-04-18 10:47:17 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-04-18 10:47:17 ----A---- C:\Windows\system32\ieapfltr.dll
2014-04-18 10:47:16 ----A---- C:\Windows\SYSWOW64\wininet.dll
2014-04-18 10:47:16 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2014-04-18 10:47:16 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2014-04-18 10:47:16 ----A---- C:\Windows\system32\wininet.dll
2014-04-18 10:47:16 ----A---- C:\Windows\system32\urlmon.dll
2014-04-18 10:47:16 ----A---- C:\Windows\system32\iertutil.dll
2014-04-18 10:47:15 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2014-04-18 10:47:15 ----A---- C:\Windows\system32\ieframe.dll
2014-04-18 10:47:14 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2014-04-18 10:47:14 ----A---- C:\Windows\system32\jscript9.dll
2014-04-18 09:07:04 ----A---- C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-04-18 09:07:03 ----A---- C:\Windows\SYSWOW64\wksprtPS.dll
2014-04-18 09:07:03 ----A---- C:\Windows\SYSWOW64\tsgqec.dll
2014-04-18 09:07:03 ----A---- C:\Windows\SYSWOW64\mstsc.exe
2014-04-18 09:07:03 ----A---- C:\Windows\SYSWOW64\MsRdpWebAccess.dll
2014-04-18 09:07:03 ----A---- C:\Windows\system32\wksprtPS.dll
2014-04-18 09:07:03 ----A---- C:\Windows\system32\wksprt.exe
2014-04-18 09:07:03 ----A---- C:\Windows\system32\TSWbPrxy.exe
2014-04-18 09:07:03 ----A---- C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-04-18 09:07:03 ----A---- C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-04-18 09:07:03 ----A---- C:\Windows\system32\tsgqec.dll
2014-04-18 09:07:03 ----A---- C:\Windows\system32\mstsc.exe
2014-04-18 09:07:03 ----A---- C:\Windows\system32\MsRdpWebAccess.dll
2014-04-18 09:07:03 ----A---- C:\Windows\system32\drivers\TsUsbFlt.sys
2014-04-18 09:07:02 ----A---- C:\Windows\SYSWOW64\rdvidcrl.dll
2014-04-18 09:07:02 ----A---- C:\Windows\system32\rdvidcrl.dll
2014-04-18 09:05:04 ----A---- C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-04-18 09:05:04 ----A---- C:\Windows\system32\drivers\TsUsbGD.sys
2014-04-18 09:05:04 ----A---- C:\Windows\system32\drivers\rdpvideominiport.sys
2014-04-18 09:05:03 ----A---- C:\Windows\SYSWOW64\rdpendp_winip.dll
2014-04-18 09:05:03 ----A---- C:\Windows\system32\rdpudd.dll
2014-04-18 09:05:03 ----A---- C:\Windows\system32\rdpendp_winip.dll
2014-04-18 09:05:03 ----A---- C:\Windows\system32\rdpcorets.dll
2014-04-18 09:03:23 ----D---- C:\ProgramData\NVIDIA
2014-04-18 09:03:17 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2014-04-18 09:03:13 ----A---- C:\Windows\SYSWOW64\nvStreaming.exe
2014-04-18 09:03:06 ----A---- C:\Windows\system32\nvvsvc.exe
2014-04-18 09:03:06 ----A---- C:\Windows\system32\nvsvcr.dll
2014-04-18 09:03:06 ----A---- C:\Windows\system32\nvsvc64.dll
2014-04-18 09:03:06 ----A---- C:\Windows\system32\nvshext.dll
2014-04-18 09:03:06 ----A---- C:\Windows\system32\nvmctray.dll
2014-04-18 09:03:06 ----A---- C:\Windows\system32\nvcpl.dll
2014-04-18 09:02:55 ----A---- C:\Windows\SYSWOW64\OpenCL.dll
2014-04-18 09:02:55 ----A---- C:\Windows\system32\OpenCL.dll
2014-04-18 09:02:48 ----D---- C:\ProgramData\NVIDIA Corporation
2014-04-18 09:02:45 ----D---- C:\Program Files\NVIDIA Corporation
2014-04-18 08:37:59 ----A---- C:\Windows\SYSWOW64\TSWorkspace.dll
2014-04-18 08:37:59 ----A---- C:\Windows\system32\TSWorkspace.dll
2014-04-18 08:37:43 ----A---- C:\Windows\SYSWOW64\qdvd.dll
2014-04-18 08:37:43 ----A---- C:\Windows\system32\qdvd.dll
2014-04-18 06:26:33 ----A---- C:\Windows\SYSWOW64\WMPhoto.dll
2014-04-18 06:26:33 ----A---- C:\Windows\SYSWOW64\explorer.exe
2014-04-18 06:26:33 ----A---- C:\Windows\explorer.exe
2014-04-18 06:26:32 ----A---- C:\Windows\system32\WMPhoto.dll
2014-04-18 06:26:31 ----A---- C:\Windows\SYSWOW64\d3d10warp.dll
2014-04-18 06:26:31 ----A---- C:\Windows\SYSWOW64\d2d1.dll
2014-04-18 06:26:31 ----A---- C:\Windows\system32\d3d10warp.dll
2014-04-18 06:26:31 ----A---- C:\Windows\system32\d2d1.dll
2014-04-18 06:23:10 ----A---- C:\Windows\SYSWOW64\fsutil.exe
2014-04-18 06:23:10 ----A---- C:\Windows\SYSWOW64\esent.dll
2014-04-18 06:23:10 ----A---- C:\Windows\system32\fsutil.exe
2014-04-18 06:23:10 ----A---- C:\Windows\system32\esent.dll
2014-04-18 06:23:10 ----A---- C:\Windows\system32\drivers\USBSTOR.SYS
2014-04-18 06:23:10 ----A---- C:\Windows\system32\drivers\nvstor.sys
2014-04-18 06:23:10 ----A---- C:\Windows\system32\drivers\nvraid.sys
2014-04-18 06:23:10 ----A---- C:\Windows\system32\drivers\iaStorV.sys
2014-04-18 06:23:10 ----A---- C:\Windows\system32\drivers\amdxata.sys
2014-04-18 06:23:10 ----A---- C:\Windows\system32\drivers\amdsata.sys
2014-04-18 06:23:08 ----A---- C:\Windows\SYSWOW64\WindowsCodecs.dll
2014-04-18 06:23:08 ----A---- C:\Windows\system32\WindowsCodecs.dll
2014-04-18 06:23:05 ----A---- C:\Windows\system32\spoolsv.exe
2014-04-18 06:23:05 ----A---- C:\Windows\splwow64.exe
2014-04-18 03:03:31 ----A---- C:\Windows\system32\IEUDINIT.EXE
2014-04-18 03:01:30 ----A---- C:\Windows\SYSWOW64\elshyph.dll
2014-04-18 03:01:28 ----A---- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe
2014-04-18 03:01:28 ----A---- C:\Windows\SYSWOW64\msls31.dll
2014-04-18 03:01:28 ----A---- C:\Windows\SYSWOW64\jsIntl.dll
2014-04-18 03:01:28 ----A---- C:\Windows\system32\elshyph.dll
2014-04-18 03:01:27 ----A---- C:\Windows\SYSWOW64\wextract.exe
2014-04-18 03:01:27 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2014-04-18 03:01:27 ----A---- C:\Windows\SYSWOW64\url.dll
2014-04-18 03:01:27 ----A---- C:\Windows\SYSWOW64\SetIEInstalledDate.exe
2014-04-18 03:01:27 ----A---- C:\Windows\SYSWOW64\pngfilt.dll
2014-04-18 03:01:27 ----A---- C:\Windows\SYSWOW64\occache.dll
2014-04-18 03:01:27 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2014-04-18 03:01:27 ----A---- C:\Windows\SYSWOW64\mshtmler.dll
2014-04-18 03:01:27 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2014-04-18 03:01:27 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2014-04-18 03:01:27 ----A---- C:\Windows\SYSWOW64\mshta.exe
2014-04-18 03:01:27 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe
2014-04-18 03:01:27 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll
2014-04-18 03:01:27 ----A---- C:\Windows\SYSWOW64\licmgr10.dll
2014-04-18 03:01:27 ----A---- C:\Windows\SYSWOW64\jscript.dll
2014-04-18 03:01:27 ----A---- C:\Windows\SYSWOW64\inseng.dll
2014-04-18 03:01:27 ----A---- C:\Windows\SYSWOW64\imgutil.dll
2014-04-18 03:01:27 ----A---- C:\Windows\SYSWOW64\iexpress.exe
2014-04-18 03:01:27 ----A---- C:\Windows\SYSWOW64\iesysprep.dll
2014-04-18 03:01:27 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2014-04-18 03:01:27 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2014-04-18 03:01:27 ----A---- C:\Windows\SYSWOW64\IEAdvpack.dll
2014-04-18 03:01:27 ----A---- C:\Windows\SYSWOW64\icardie.dll
2014-04-18 03:01:27 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2014-04-18 03:01:27 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2014-04-18 03:01:27 ----A---- C:\Windows\system32\msls31.dll
2014-04-18 03:01:27 ----A---- C:\Windows\system32\mshtmler.dll
2014-04-18 03:01:27 ----A---- C:\Windows\system32\msfeedssync.exe
2014-04-18 03:01:27 ----A---- C:\Windows\system32\msfeedsbs.dll
2014-04-18 03:01:27 ----A---- C:\Windows\system32\jsIntl.dll
2014-04-18 03:01:27 ----A---- C:\Windows\system32\iesysprep.dll
2014-04-18 03:01:27 ----A---- C:\Windows\system32\IEAdvpack.dll
2014-04-18 03:01:26 ----A---- C:\Windows\system32\wextract.exe
2014-04-18 03:01:26 ----A---- C:\Windows\system32\webcheck.dll
2014-04-18 03:01:26 ----A---- C:\Windows\system32\url.dll
2014-04-18 03:01:26 ----A---- C:\Windows\system32\pngfilt.dll
2014-04-18 03:01:26 ----A---- C:\Windows\system32\occache.dll
2014-04-18 03:01:26 ----A---- C:\Windows\system32\mshtmlmedia.dll
2014-04-18 03:01:26 ----A---- C:\Windows\system32\mshtmled.dll
2014-04-18 03:01:26 ----A---- C:\Windows\system32\MshtmlDac.dll
2014-04-18 03:01:26 ----A---- C:\Windows\system32\mshta.exe
2014-04-18 03:01:26 ----A---- C:\Windows\system32\licmgr10.dll
2014-04-18 03:01:26 ----A---- C:\Windows\system32\jscript.dll
2014-04-18 03:01:26 ----A---- C:\Windows\system32\inseng.dll
2014-04-18 03:01:26 ----A---- C:\Windows\system32\imgutil.dll
2014-04-18 03:01:26 ----A---- C:\Windows\system32\iexpress.exe
2014-04-18 03:01:26 ----A---- C:\Windows\system32\iepeers.dll
2014-04-18 03:01:26 ----A---- C:\Windows\system32\iedkcs32.dll
2014-04-18 03:01:26 ----A---- C:\Windows\system32\icardie.dll
2014-04-18 03:00:47 ----D---- C:\Windows\SYSWOW64\Wat
2014-04-18 03:00:47 ----D---- C:\Windows\system32\Wat
2014-04-17 17:46:16 ----A---- C:\Windows\system32\drivers\avnetflt.sys
2014-04-17 13:45:16 ----D---- C:\Users\Cerwis\AppData\Roaming\Adobe
2014-04-17 13:37:59 ----A---- C:\Windows\SYSWOW64\wmploc.DLL
2014-04-17 13:37:59 ----A---- C:\Windows\SYSWOW64\wmp.dll
2014-04-17 13:37:59 ----A---- C:\Windows\system32\wmploc.DLL
2014-04-17 13:37:58 ----A---- C:\Windows\system32\wmp.dll
2014-04-17 13:27:55 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2014-04-17 13:27:13 ----D---- C:\Windows\Migration
2014-04-17 12:47:48 ----AH---- C:\Windows\SYSWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2014-04-17 12:47:48 ----AH---- C:\Windows\SYSWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2014-04-17 12:47:48 ----AH---- C:\Windows\SYSWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-04-17 12:47:48 ----AH---- C:\Windows\SYSWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-04-17 12:47:48 ----AH---- C:\Windows\SYSWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-04-17 12:47:48 ----AH---- C:\Windows\SYSWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-04-17 12:47:48 ----AH---- C:\Windows\SYSWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-04-17 12:47:48 ----AH---- C:\Windows\SYSWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-04-17 12:47:48 ----AH---- C:\Windows\SYSWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-04-17 12:47:48 ----AH---- C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-04-17 12:47:48 ----AH---- C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-04-17 12:47:48 ----AH---- C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-04-17 12:47:48 ----AH---- C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-04-17 12:47:48 ----AH---- C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-04-17 12:47:48 ----AH---- C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-04-17 12:47:48 ----AH---- C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-04-17 12:47:48 ----AH---- C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-04-17 12:47:48 ----AH---- C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-04-17 12:47:48 ----A---- C:\Windows\SYSWOW64\XpsPrint.dll
2014-04-17 12:47:48 ----A---- C:\Windows\SYSWOW64\XpsGdiConverter.dll
2014-04-17 12:47:48 ----A---- C:\Windows\SYSWOW64\WindowsCodecsExt.dll
2014-04-17 12:47:48 ----A---- C:\Windows\SYSWOW64\UIAnimation.dll
2014-04-17 12:47:48 ----A---- C:\Windows\SYSWOW64\msmpeg2vdec.dll
2014-04-17 12:47:48 ----A---- C:\Windows\SYSWOW64\dxgi.dll
2014-04-17 12:47:48 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2014-04-17 12:47:48 ----A---- C:\Windows\SYSWOW64\d3d10level9.dll
2014-04-17 12:47:48 ----A---- C:\Windows\SYSWOW64\d3d10core.dll
2014-04-17 12:47:48 ----A---- C:\Windows\SYSWOW64\d3d10_1core.dll
2014-04-17 12:47:48 ----A---- C:\Windows\SYSWOW64\d3d10_1.dll
2014-04-17 12:47:48 ----A---- C:\Windows\SYSWOW64\d3d10.dll
2014-04-17 12:47:48 ----A---- C:\Windows\system32\XpsPrint.dll
2014-04-17 12:47:48 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2014-04-17 12:47:48 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2014-04-17 12:47:48 ----A---- C:\Windows\system32\UIAnimation.dll
2014-04-17 12:47:48 ----A---- C:\Windows\system32\msmpeg2vdec.dll
2014-04-17 12:47:48 ----A---- C:\Windows\system32\FntCache.dll
2014-04-17 12:47:48 ----A---- C:\Windows\system32\dxgi.dll
2014-04-17 12:47:48 ----A---- C:\Windows\system32\DWrite.dll
2014-04-17 12:47:48 ----A---- C:\Windows\system32\d3d10level9.dll
2014-04-17 12:47:48 ----A---- C:\Windows\system32\d3d10core.dll
2014-04-17 12:47:48 ----A---- C:\Windows\system32\d3d10_1core.dll
2014-04-17 12:47:48 ----A---- C:\Windows\system32\d3d10_1.dll
2014-04-17 12:47:48 ----A---- C:\Windows\system32\d3d10.dll
2014-04-17 12:40:25 ----A---- C:\Windows\system32\browserchoice.exe
2014-04-17 12:31:08 ----A---- C:\Windows\system32\WUDFx.dll
2014-04-17 12:31:08 ----A---- C:\Windows\system32\WUDFSvc.dll
2014-04-17 12:31:08 ----A---- C:\Windows\system32\WUDFPlatform.dll
2014-04-17 12:31:08 ----A---- C:\Windows\system32\WUDFHost.exe
2014-04-17 12:31:08 ----A---- C:\Windows\system32\WUDFCoinstaller.dll
2014-04-17 12:31:08 ----A---- C:\Windows\system32\drivers\WUDFRd.sys
2014-04-17 12:31:08 ----A---- C:\Windows\system32\drivers\WUDFPf.sys
2014-04-17 12:28:00 ----D---- C:\Windows\system32\MRT
2014-04-17 12:27:59 ----A---- C:\Windows\system32\MRT.exe
2014-04-17 12:27:21 ----A---- C:\Windows\SYSWOW64\wmi.dll
2014-04-17 12:27:21 ----A---- C:\Windows\system32\wmi.dll
2014-04-17 12:27:21 ----A---- C:\Windows\system32\drivers\fs_rec.sys
2014-04-17 12:04:19 ----A---- C:\Windows\SYSWOW64\secproc_ssp_isv.dll
2014-04-17 12:04:19 ----A---- C:\Windows\SYSWOW64\secproc_ssp.dll
2014-04-17 12:04:19 ----A---- C:\Windows\SYSWOW64\secproc_isv.dll
2014-04-17 12:04:19 ----A---- C:\Windows\SYSWOW64\secproc.dll
2014-04-17 12:04:19 ----A---- C:\Windows\SYSWOW64\RMActivate_ssp_isv.exe
2014-04-17 12:04:19 ----A---- C:\Windows\SYSWOW64\RMActivate_ssp.exe
2014-04-17 12:04:19 ----A---- C:\Windows\SYSWOW64\RMActivate_isv.exe
2014-04-17 12:04:19 ----A---- C:\Windows\SYSWOW64\RMActivate.exe
2014-04-17 12:04:19 ----A---- C:\Windows\SYSWOW64\msdrm.dll
2014-04-17 12:04:19 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2014-04-17 12:04:19 ----A---- C:\Windows\system32\secproc_ssp.dll
2014-04-17 12:04:19 ----A---- C:\Windows\system32\secproc_isv.dll
2014-04-17 12:04:19 ----A---- C:\Windows\system32\secproc.dll
2014-04-17 12:04:19 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2014-04-17 12:04:19 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2014-04-17 12:04:19 ----A---- C:\Windows\system32\RMActivate_isv.exe
2014-04-17 12:04:19 ----A---- C:\Windows\system32\RMActivate.exe
2014-04-17 12:04:19 ----A---- C:\Windows\system32\msdrm.dll
2014-04-17 12:03:51 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2014-04-17 12:03:51 ----A---- C:\Windows\system32\smss.exe
2014-04-17 12:03:51 ----A---- C:\Windows\system32\csrsrv.dll
2014-04-17 12:03:51 ----A---- C:\Windows\system32\apisetschema.dll
2014-04-17 12:03:43 ----A---- C:\Windows\system32\Wpc.dll
2014-04-17 12:03:43 ----A---- C:\Windows\system32\gameux.dll
2014-04-17 12:03:42 ----A---- C:\Windows\SYSWOW64\Wpc.dll
2014-04-17 12:03:42 ----A---- C:\Windows\SYSWOW64\gameux.dll
2014-04-17 12:03:10 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2014-04-17 12:03:10 ----A---- C:\Windows\system32\wintrust.dll
2014-04-17 12:03:07 ----A---- C:\Windows\SYSWOW64\certutil.exe
2014-04-17 12:03:07 ----A---- C:\Windows\SYSWOW64\certenc.dll
2014-04-17 12:03:07 ----A---- C:\Windows\system32\certutil.exe
2014-04-17 12:03:07 ----A---- C:\Windows\system32\certenc.dll
2014-04-17 12:03:03 ----A---- C:\Windows\system32\consent.exe
2014-04-17 12:03:03 ----A---- C:\Windows\system32\appinfo.dll
2014-04-17 12:02:58 ----A---- C:\Windows\SYSWOW64\d3d11.dll
2014-04-17 12:02:58 ----A---- C:\Windows\system32\d3d11.dll
2014-04-17 12:02:57 ----A---- C:\Windows\SYSWOW64\imagehlp.dll
2014-04-17 12:02:57 ----A---- C:\Windows\system32\imagehlp.dll
2014-04-17 12:02:57 ----A---- C:\Windows\system32\drivers\usb8023.sys
2014-04-17 12:02:55 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
2014-04-17 12:02:55 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2014-04-17 12:02:55 ----A---- C:\Windows\system32\Wdfres.dll
2014-04-17 12:02:55 ----A---- C:\Windows\system32\msxml3r.dll
2014-04-17 12:02:55 ----A---- C:\Windows\system32\msxml3.dll
2014-04-17 12:02:55 ----A---- C:\Windows\system32\drivers\WdfLdr.sys
2014-04-17 12:02:55 ----A---- C:\Windows\system32\drivers\Wdf01000.sys
2014-04-17 12:02:33 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll
2014-04-17 12:02:33 ----A---- C:\Windows\SYSWOW64\cryptnet.dll
2014-04-17 12:02:33 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2014-04-17 12:02:33 ----A---- C:\Windows\system32\cryptsvc.dll
2014-04-17 12:02:33 ----A---- C:\Windows\system32\cryptnet.dll
2014-04-17 12:02:33 ----A---- C:\Windows\system32\crypt32.dll
2014-04-17 12:02:12 ----A---- C:\Windows\system32\rpcrt4.dll
2014-04-17 12:02:11 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2014-04-17 12:02:11 ----A---- C:\Windows\SYSWOW64\mswsock.dll
2014-04-17 12:02:11 ----A---- C:\Windows\SYSWOW64\lpk.dll
2014-04-17 12:02:11 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2014-04-17 12:02:11 ----A---- C:\Windows\SYSWOW64\dciman32.dll
2014-04-17 12:02:11 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2014-04-17 12:02:11 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2014-04-17 12:02:11 ----A---- C:\Windows\system32\win32k.sys
2014-04-17 12:02:11 ----A---- C:\Windows\system32\mswsock.dll
2014-04-17 12:02:11 ----A---- C:\Windows\system32\lpk.dll
2014-04-17 12:02:11 ----A---- C:\Windows\system32\fontsub.dll
2014-04-17 12:02:11 ----A---- C:\Windows\system32\dciman32.dll
2014-04-17 12:02:11 ----A---- C:\Windows\system32\atmlib.dll
2014-04-17 12:02:11 ----A---- C:\Windows\system32\atmfd.dll
2014-04-17 12:02:09 ----A---- C:\Windows\system32\drivers\rdpwd.sys
2014-04-17 12:02:08 ----A---- C:\Windows\SYSWOW64\tzres.dll
2014-04-17 12:02:08 ----A---- C:\Windows\system32\tzres.dll
2014-04-17 12:02:07 ----A---- C:\Windows\system32\drivers\portcls.sys
2014-04-17 12:02:07 ----A---- C:\Windows\system32\drivers\drmk.sys
2014-04-17 12:02:06 ----A---- C:\Windows\SYSWOW64\msieftp.dll
2014-04-17 12:02:06 ----A---- C:\Windows\SYSWOW64\comctl32.dll
2014-04-17 12:02:06 ----A---- C:\Windows\system32\msieftp.dll
2014-04-17 12:02:06 ----A---- C:\Windows\system32\comctl32.dll
2014-04-17 12:02:05 ----A---- C:\Windows\SYSWOW64\ntshrui.dll
2014-04-17 12:02:05 ----A---- C:\Windows\system32\ntshrui.dll
2014-04-17 12:01:55 ----A---- C:\Windows\system32\rdrmemptylst.exe
2014-04-17 12:01:55 ----A---- C:\Windows\system32\rdpwsx.dll
2014-04-17 12:01:55 ----A---- C:\Windows\system32\rdpcorekmts.dll
2014-04-17 12:01:23 ----A---- C:\Windows\SYSWOW64\ncsi.dll
2014-04-17 12:01:23 ----A---- C:\Windows\system32\netcorehc.dll
2014-04-17 12:01:23 ----A---- C:\Windows\system32\ncsi.dll
2014-04-17 12:01:23 ----A---- C:\Windows\system32\iphlpsvc.dll
2014-04-17 12:01:22 ----A---- C:\Windows\SYSWOW64\nlaapi.dll
2014-04-17 12:01:22 ----A---- C:\Windows\SYSWOW64\netevent.dll
2014-04-17 12:01:22 ----A---- C:\Windows\SYSWOW64\netcorehc.dll
2014-04-17 12:01:22 ----A---- C:\Windows\system32\nlasvc.dll
2014-04-17 12:01:22 ----A---- C:\Windows\system32\nlaapi.dll
2014-04-17 12:01:22 ----A---- C:\Windows\system32\netevent.dll
2014-04-17 12:01:22 ----A---- C:\Windows\system32\drivers\tcpipreg.sys
2014-04-17 12:01:21 ----A---- C:\Windows\SYSWOW64\schannel.dll
2014-04-17 12:01:21 ----A---- C:\Windows\system32\schannel.dll
2014-04-17 12:01:21 ----A---- C:\Windows\system32\drivers\cng.sys
2014-04-17 12:01:20 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2014-04-17 12:01:20 ----A---- C:\Windows\SYSWOW64\secur32.dll
2014-04-17 12:01:20 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2014-04-17 12:01:20 ----A---- C:\Windows\system32\sspisrv.dll
2014-04-17 12:01:20 ----A---- C:\Windows\system32\sspicli.dll
2014-04-17 12:01:20 ----A---- C:\Windows\system32\secur32.dll
2014-04-17 12:01:20 ----A---- C:\Windows\system32\ncrypt.dll
2014-04-17 12:01:20 ----A---- C:\Windows\system32\lsass.exe
2014-04-17 12:01:20 ----A---- C:\Windows\system32\lsasrv.dll
2014-04-17 12:01:20 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2014-04-17 12:01:20 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2014-04-17 12:01:18 ----A---- C:\Windows\SYSWOW64\msxml6.dll
2014-04-17 12:01:18 ----A---- C:\Windows\system32\msxml6.dll
2014-04-17 12:01:14 ----A---- C:\Windows\SYSWOW64\SmartcardCredentialProvider.dll
2014-04-17 12:01:14 ----A---- C:\Windows\SYSWOW64\credui.dll
2014-04-17 12:01:14 ----A---- C:\Windows\SYSWOW64\authui.dll
2014-04-17 12:01:14 ----A---- C:\Windows\system32\SmartcardCredentialProvider.dll
2014-04-17 12:01:14 ----A---- C:\Windows\system32\credui.dll
2014-04-17 12:01:14 ----A---- C:\Windows\system32\authui.dll
2014-04-17 12:01:12 ----A---- C:\Windows\SYSWOW64\dhcpcsvc6.dll
2014-04-17 12:01:12 ----A---- C:\Windows\SYSWOW64\dhcpcore6.dll
2014-04-17 12:01:12 ----A---- C:\Windows\system32\dhcpcsvc6.dll
2014-04-17 12:01:12 ----A---- C:\Windows\system32\dhcpcore6.dll
2014-04-17 12:01:07 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2014-04-17 12:01:07 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2014-04-17 12:01:07 ----A---- C:\Windows\system32\tdh.dll
2014-04-17 12:01:07 ----A---- C:\Windows\system32\ntoskrnl.exe
2014-04-17 12:01:07 ----A---- C:\Windows\system32\ntdll.dll
2014-04-17 12:01:07 ----A---- C:\Windows\system32\advapi32.dll
2014-04-17 12:01:06 ----A---- C:\Windows\SYSWOW64\tdh.dll
2014-04-17 12:01:06 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2014-04-17 12:01:06 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2014-04-17 12:01:03 ----A---- C:\Windows\SYSWOW64\usp10.dll
2014-04-17 12:01:03 ----A---- C:\Windows\SYSWOW64\netapi32.dll
2014-04-17 12:01:03 ----A---- C:\Windows\SYSWOW64\browcli.dll
2014-04-17 12:01:03 ----A---- C:\Windows\system32\usp10.dll
2014-04-17 12:01:03 ----A---- C:\Windows\system32\netapi32.dll
2014-04-17 12:01:03 ----A---- C:\Windows\system32\drivers\usbehci.sys
2014-04-17 12:01:03 ----A---- C:\Windows\system32\browser.dll
2014-04-17 12:01:03 ----A---- C:\Windows\system32\browcli.dll
2014-04-17 12:01:02 ----A---- C:\Windows\system32\tquery.dll
2014-04-17 12:01:02 ----A---- C:\Windows\system32\drivers\usbport.sys
2014-04-17 12:01:02 ----A---- C:\Windows\system32\drivers\usbohci.sys
2014-04-17 12:01:02 ----A---- C:\Windows\system32\drivers\usbhub.sys
2014-04-17 12:01:02 ----A---- C:\Windows\system32\drivers\usbd.sys
2014-04-17 12:01:02 ----A---- C:\Windows\system32\drivers\usbccgp.sys
2014-04-17 12:01:02 ----A---- C:\Windows\system32\drivers\tcpip.sys
2014-04-17 12:01:02 ----A---- C:\Windows\system32\drivers\netio.sys
2014-04-17 12:01:02 ----A---- C:\Windows\system32\drivers\hidparse.sys
2014-04-17 12:01:02 ----A---- C:\Windows\system32\drivers\hidclass.sys
2014-04-17 12:01:01 ----A---- C:\Windows\SYSWOW64\tquery.dll
2014-04-17 12:01:01 ----A---- C:\Windows\SYSWOW64\SearchProtocolHost.exe
2014-04-17 12:01:01 ----A---- C:\Windows\SYSWOW64\SearchIndexer.exe
2014-04-17 12:01:01 ----A---- C:\Windows\SYSWOW64\SearchFilterHost.exe
2014-04-17 12:01:01 ----A---- C:\Windows\SYSWOW64\mssvp.dll
2014-04-17 12:01:01 ----A---- C:\Windows\SYSWOW64\mssrch.dll
2014-04-17 12:01:01 ----A---- C:\Windows\SYSWOW64\mssphtb.dll
2014-04-17 12:01:01 ----A---- C:\Windows\SYSWOW64\mssph.dll
2014-04-17 12:01:01 ----A---- C:\Windows\SYSWOW64\msscntrs.dll
2014-04-17 12:01:01 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2014-04-17 12:01:01 ----A---- C:\Windows\system32\SearchIndexer.exe
2014-04-17 12:01:01 ----A---- C:\Windows\system32\SearchFilterHost.exe
2014-04-17 12:01:01 ----A---- C:\Windows\system32\mssvp.dll
2014-04-17 12:01:01 ----A---- C:\Windows\system32\mssrch.dll
2014-04-17 12:01:01 ----A---- C:\Windows\system32\mssphtb.dll
2014-04-17 12:01:01 ----A---- C:\Windows\system32\mssph.dll
2014-04-17 12:01:01 ----A---- C:\Windows\system32\msscntrs.dll
2014-04-17 12:00:49 ----A---- C:\Windows\SYSWOW64\quartz.dll
2014-04-17 12:00:49 ----A---- C:\Windows\system32\quartz.dll
2014-04-17 12:00:27 ----A---- C:\Windows\system32\drivers\RNDISMP.sys
2014-04-17 12:00:27 ----A---- C:\Windows\system32\drivers\ndis.sys
2014-04-17 11:59:52 ----A---- C:\Windows\system32\shell32.dll
2014-04-17 11:59:51 ----A---- C:\Windows\SYSWOW64\shell32.dll
2014-04-17 11:59:51 ----A---- C:\Windows\SYSWOW64\shdocvw.dll
2014-04-17 11:59:51 ----A---- C:\Windows\system32\shdocvw.dll
2014-04-17 11:59:33 ----A---- C:\Windows\system32\drivers\FWPKCLNT.SYS
2014-04-17 11:59:32 ----A---- C:\Windows\SYSWOW64\cdosys.dll
2014-04-17 11:59:32 ----A---- C:\Windows\system32\cdosys.dll
2014-04-17 11:59:31 ----A---- C:\Windows\SYSWOW64\poqexec.exe
2014-04-17 11:59:31 ----A---- C:\Windows\system32\poqexec.exe
2014-04-17 11:59:30 ----A---- C:\Windows\SYSWOW64\WMVDECOD.DLL
2014-04-17 11:59:30 ----A---- C:\Windows\SYSWOW64\win32spl.dll
2014-04-17 11:59:30 ----A---- C:\Windows\SYSWOW64\mfc42u.dll
2014-04-17 11:59:30 ----A---- C:\Windows\SYSWOW64\mfc42.dll
2014-04-17 11:59:30 ----A---- C:\Windows\system32\WMVDECOD.DLL
2014-04-17 11:59:30 ----A---- C:\Windows\system32\win32spl.dll
2014-04-17 11:59:30 ----A---- C:\Windows\system32\mfc42u.dll
2014-04-17 11:59:30 ----A---- C:\Windows\system32\mfc42.dll
2014-04-17 11:59:29 ----A---- C:\Windows\SYSWOW64\iologmsg.dll
2014-04-17 11:59:29 ----A---- C:\Windows\system32\iologmsg.dll
2014-04-17 11:59:29 ----A---- C:\Windows\system32\drivers\storport.sys
2014-04-17 11:59:29 ----A---- C:\Windows\system32\drivers\msiscsi.sys
2014-04-17 11:59:29 ----A---- C:\Windows\system32\drivers\Diskdump.sys
2014-04-17 11:59:27 ----A---- C:\Windows\system32\OxpsConverter.exe
2014-04-17 11:59:26 ----A---- C:\Windows\SYSWOW64\webio.dll
2014-04-17 11:59:26 ----A---- C:\Windows\SYSWOW64\odbctrac.dll
2014-04-17 11:59:26 ----A---- C:\Windows\SYSWOW64\odbcjt32.dll
2014-04-17 11:59:26 ----A---- C:\Windows\SYSWOW64\odbccu32.dll
2014-04-17 11:59:26 ----A---- C:\Windows\SYSWOW64\odbccr32.dll
2014-04-17 11:59:26 ----A---- C:\Windows\SYSWOW64\odbccp32.dll
2014-04-17 11:59:26 ----A---- C:\Windows\system32\webio.dll
2014-04-17 11:59:26 ----A---- C:\Windows\system32\odbctrac.dll
2014-04-17 11:59:26 ----A---- C:\Windows\system32\odbccu32.dll
2014-04-17 11:59:26 ----A---- C:\Windows\system32\odbccr32.dll
2014-04-17 11:59:26 ----A---- C:\Windows\system32\odbccp32.dll
2014-04-17 11:59:25 ----A---- C:\Windows\SYSWOW64\WebClnt.dll
2014-04-17 11:59:25 ----A---- C:\Windows\SYSWOW64\davclnt.dll
2014-04-17 11:59:25 ----A---- C:\Windows\system32\WebClnt.dll
2014-04-17 11:59:25 ----A---- C:\Windows\system32\drivers\mrxdav.sys
2014-04-17 11:59:25 ----A---- C:\Windows\system32\davclnt.dll
2014-04-17 11:59:24 ----A---- C:\Windows\SYSWOW64\dnscacheugc.exe
2014-04-17 11:59:24 ----A---- C:\Windows\SYSWOW64\dnsapi.dll
2014-04-17 11:59:24 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2014-04-17 11:59:24 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2014-04-17 11:59:24 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2014-04-17 11:59:24 ----A---- C:\Windows\system32\drivers\afd.sys
2014-04-17 11:59:24 ----A---- C:\Windows\system32\dnsrslvr.dll
2014-04-17 11:59:24 ----A---- C:\Windows\system32\dnscacheugc.exe
2014-04-17 11:59:24 ----A---- C:\Windows\system32\dnsapi.dll
2014-04-17 11:59:23 ----A---- C:\Windows\SYSWOW64\wer.dll
2014-04-17 11:59:23 ----A---- C:\Windows\SYSWOW64\sbe.dll
2014-04-17 11:59:23 ----A---- C:\Windows\SYSWOW64\CPFilters.dll
2014-04-17 11:59:23 ----A---- C:\Windows\system32\wer.dll
2014-04-17 11:59:23 ----A---- C:\Windows\system32\sbe.dll
2014-04-17 11:59:23 ----A---- C:\Windows\system32\CPFilters.dll
2014-04-17 11:59:22 ----A---- C:\Windows\system32\profsvc.dll
2014-04-17 11:59:22 ----A---- C:\Windows\system32\drivers\usbcir.sys
2014-04-17 11:59:22 ----A---- C:\Windows\system32\drivers\tssecsrv.sys
2014-04-17 11:59:21 ----A---- C:\Windows\SYSWOW64\psisdecd.dll
2014-04-17 11:59:21 ----A---- C:\Windows\system32\psisdecd.dll
2014-04-17 11:59:21 ----A---- C:\Windows\system32\drivers\ataport.sys
2014-04-17 11:59:20 ----A---- C:\Windows\SYSWOW64\xmllite.dll
2014-04-17 11:59:20 ----A---- C:\Windows\SYSWOW64\dpnet.dll
2014-04-17 11:59:20 ----A---- C:\Windows\system32\xmllite.dll
2014-04-17 11:59:20 ----A---- C:\Windows\system32\wwansvc.dll
2014-04-17 11:59:20 ----A---- C:\Windows\system32\wwanprotdim.dll
2014-04-17 11:59:20 ----A---- C:\Windows\system32\dpnet.dll
2014-04-17 11:59:18 ----A---- C:\Windows\SYSWOW64\cryptdlg.dll
2014-04-17 11:59:18 ----A---- C:\Windows\system32\cryptdlg.dll
2014-04-17 11:59:17 ----A---- C:\Windows\system32\srcore.dll
2014-04-17 11:59:16 ----A---- C:\Windows\SYSWOW64\srclient.dll
2014-04-17 11:59:16 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2014-04-17 11:59:16 ----A---- C:\Windows\system32\gdi32.dll
2014-04-17 11:59:16 ----A---- C:\Windows\system32\drivers\srv2.sys
2014-04-17 11:59:16 ----A---- C:\Windows\system32\drivers\srv.sys
2014-04-17 11:59:16 ----A---- C:\Windows\system32\drivers\fvevol.sys
2014-04-17 11:59:15 ----A---- C:\Windows\system32\drivers\srvnet.sys
2014-04-17 11:59:08 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2014-04-17 11:59:08 ----A---- C:\Windows\system32\kerberos.dll
2014-04-17 11:59:06 ----A---- C:\Windows\SYSWOW64\synceng.dll
2014-04-17 11:59:06 ----A---- C:\Windows\system32\synceng.dll
2014-04-17 11:59:06 ----A---- C:\Windows\system32\localspl.dll
2014-04-17 11:58:57 ----A---- C:\Windows\SYSWOW64\msi.dll
2014-04-17 11:58:57 ----A---- C:\Windows\system32\msi.dll
2014-04-17 11:58:49 ----A---- C:\Windows\SYSWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-04-17 11:58:49 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2014-04-17 11:58:49 ----A---- C:\Windows\SYSWOW64\oleacc.dll
2014-04-17 11:58:49 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-04-17 11:58:49 ----A---- C:\Windows\system32\oleaut32.dll
2014-04-17 11:58:49 ----A---- C:\Windows\system32\oleacc.dll
2014-04-17 11:58:48 ----A---- C:\Windows\system32\FXSCOVER.exe
2014-04-17 11:58:09 ----A---- C:\Windows\system32\drivers\partmgr.sys
2014-04-17 11:58:08 ----A---- C:\Windows\SYSWOW64\prevhost.exe
2014-04-17 11:58:08 ----A---- C:\Windows\system32\prevhost.exe
2014-04-17 11:58:06 ----A---- C:\Windows\system32\taskhost.exe
2014-04-17 11:58:00 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2014-04-17 11:58:00 ----A---- C:\Windows\system32\wow64win.dll
2014-04-17 11:58:00 ----A---- C:\Windows\system32\wow64.dll
2014-04-17 11:58:00 ----A---- C:\Windows\system32\winsrv.dll
2014-04-17 11:58:00 ----A---- C:\Windows\system32\KernelBase.dll
2014-04-17 11:58:00 ----A---- C:\Windows\system32\kernel32.dll
2014-04-17 11:57:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2014-04-17 11:57:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2014-04-17 11:57:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2014-04-17 11:57:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2014-04-17 11:57:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2014-04-17 11:57:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2014-04-17 11:57:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2014-04-17 11:57:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-04-17 11:57:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2014-04-17 11:57:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2014-04-17 11:57:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2014-04-17 11:57:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2014-04-17 11:57:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2014-04-17 11:57:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2014-04-17 11:57:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2014-04-17 11:57:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2014-04-17 11:57:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2014-04-17 11:57:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2014-04-17 11:57:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2014-04-17 11:57:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2014-04-17 11:57:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2014-04-17 11:57:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2014-04-17 11:57:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2014-04-17 11:57:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2014-04-17 11:57:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2014-04-17 11:57:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2014-04-17 11:57:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2014-04-17 11:57:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2014-04-17 11:57:59 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2014-04-17 11:57:59 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2014-04-17 11:57:59 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2014-04-17 11:57:59 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2014-04-17 11:57:59 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2014-04-17 11:57:59 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2014-04-17 11:57:59 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2014-04-17 11:57:59 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-04-17 11:57:59 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2014-04-17 11:57:59 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2014-04-17 11:57:59 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2014-04-17 11:57:59 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2014-04-17 11:57:59 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2014-04-17 11:57:59 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2014-04-17 11:57:59 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2014-04-17 11:57:59 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2014-04-17 11:57:59 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2014-04-17 11:57:59 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2014-04-17 11:57:59 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2014-04-17 11:57:59 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2014-04-17 11:57:59 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2014-04-17 11:57:59 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2014-04-17 11:57:59 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2014-04-17 11:57:59 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2014-04-17 11:57:59 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2014-04-17 11:57:59 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2014-04-17 11:57:59 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2014-04-17 11:57:59 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2014-04-17 11:57:59 ----A---- C:\Windows\SYSWOW64\wow32.dll
2014-04-17 11:57:59 ----A---- C:\Windows\SYSWOW64\user.exe
2014-04-17 11:57:59 ----A---- C:\Windows\SYSWOW64\setup16.exe
2014-04-17 11:57:59 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2014-04-17 11:57:59 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2014-04-17 11:57:59 ----A---- C:\Windows\SYSWOW64\instnm.exe
2014-04-17 11:57:59 ----A---- C:\Windows\system32\wow64cpu.dll
2014-04-17 11:57:59 ----A---- C:\Windows\system32\ntvdm64.dll
2014-04-17 11:57:59 ----A---- C:\Windows\system32\conhost.exe
2014-04-17 11:57:31 ----A---- C:\Windows\system32\drivers\ntfs.sys
2014-04-17 11:57:23 ----A---- C:\Windows\system32\scavengeui.dll
2014-04-17 11:57:21 ----A---- C:\Windows\system32\winresume.exe
2014-04-17 11:57:21 ----A---- C:\Windows\system32\winload.exe
2014-04-17 11:57:21 ----A---- C:\Windows\system32\kdusb.dll
2014-04-17 11:57:21 ----A---- C:\Windows\system32\kd1394.dll
2014-04-17 11:57:20 ----A---- C:\Windows\system32\kdcom.dll
2014-04-17 11:57:18 ----A---- C:\Windows\SYSWOW64\EncDec.dll
2014-04-17 11:57:18 ----A---- C:\Windows\system32\EncDec.dll
2014-04-17 11:57:17 ----A---- C:\Windows\SYSWOW64\drvinst.exe
2014-04-17 11:57:17 ----A---- C:\Windows\SYSWOW64\devrtl.dll
2014-04-17 11:57:17 ----A---- C:\Windows\SYSWOW64\devobj.dll
2014-04-17 11:57:17 ----A---- C:\Windows\SYSWOW64\cfgmgr32.dll
2014-04-17 11:57:17 ----A---- C:\Windows\system32\umpnpmgr.dll
2014-04-17 11:57:16 ----A---- C:\Windows\SYSWOW64\wscript.exe
2014-04-17 11:57:16 ----A---- C:\Windows\SYSWOW64\scrrun.dll
2014-04-17 11:57:16 ----A---- C:\Windows\SYSWOW64\inetcomm.dll
2014-04-17 11:57:16 ----A---- C:\Windows\SYSWOW64\cscript.exe
2014-04-17 11:57:16 ----A---- C:\Windows\system32\wscript.exe
2014-04-17 11:57:16 ----A---- C:\Windows\system32\scrrun.dll
2014-04-17 11:57:16 ----A---- C:\Windows\system32\inetcomm.dll
2014-04-17 11:57:16 ----A---- C:\Windows\system32\cscript.exe
2014-04-17 11:57:15 ----A---- C:\Windows\SYSWOW64\qedit.dll
2014-04-17 11:57:15 ----A---- C:\Windows\system32\qedit.dll
2014-04-17 11:56:46 ----A---- C:\Windows\system32\drivers\bowser.sys
2014-04-17 11:55:45 ----A---- C:\Windows\system32\drivers\dxgmms1.sys
2014-04-17 11:55:45 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2014-04-17 11:55:45 ----A---- C:\Windows\system32\cdd.dll
2014-04-17 11:55:42 ----A---- C:\Windows\SYSWOW64\packager.dll
2014-04-17 11:55:42 ----A---- C:\Windows\system32\packager.dll
2014-04-17 11:55:41 ----D---- C:\Windows\Panther
2014-04-17 11:55:41 ----A---- C:\Windows\SYSWOW64\nshwfp.dll
2014-04-17 11:55:41 ----A---- C:\Windows\SYSWOW64\msvcrt.dll
2014-04-17 11:55:41 ----A---- C:\Windows\SYSWOW64\FWPUCLNT.DLL
2014-04-17 11:55:41 ----A---- C:\Windows\system32\nshwfp.dll
2014-04-17 11:55:41 ----A---- C:\Windows\system32\msvcrt.dll
2014-04-17 11:55:41 ----A---- C:\Windows\system32\IKEEXT.DLL
2014-04-17 11:55:41 ----A---- C:\Windows\system32\FWPUCLNT.DLL
2014-04-17 11:47:50 ----D---- C:\ProgramData\CheckPoint
2014-04-17 11:46:34 ----D---- C:\Users\Cerwis\AppData\Roaming\Avira
2014-04-17 11:45:32 ----A---- C:\Windows\system32\drivers\avkmgr.sys
2014-04-17 11:45:32 ----A---- C:\Windows\system32\drivers\avipbb.sys
2014-04-17 11:45:32 ----A---- C:\Windows\system32\drivers\avgntflt.sys
2014-04-17 11:34:18 ----D---- C:\ProgramData\Avira
2014-04-17 11:34:18 ----D---- C:\Program Files (x86)\Avira
2014-04-17 11:32:51 ----D---- C:\Program Files (x86)\Microsoft.NET
2014-04-17 11:27:21 ----D---- C:\ProgramData\Package Cache
2014-04-17 11:24:51 ----D---- C:\Program Files (x86)\Google
2014-04-17 11:18:15 ----A---- C:\Windows\system32\drivers\EtronXHCI.sys
2014-04-17 11:18:15 ----A---- C:\Windows\system32\drivers\EtronHub3.sys
2014-04-17 11:18:14 ----D---- C:\Program Files (x86)\Etron Technology
2014-04-17 11:17:01 ----A---- C:\Windows\system32\drivers\amd_xata.sys
2014-04-17 11:17:01 ----A---- C:\Windows\system32\drivers\amd_sata.sys
2014-04-17 11:16:09 ----A---- C:\Windows\SYSWOW64\rdpcore.dll
2014-04-17 11:16:09 ----A---- C:\Windows\system32\rdpcore.dll
2014-04-17 11:16:09 ----A---- C:\Windows\system32\drivers\tdtcp.sys
2014-04-17 11:12:07 ----A---- C:\Windows\system32\VtSrdAPO.dll
2014-04-17 11:12:07 ----A---- C:\Windows\system32\VIASysFx.dll
2014-04-17 11:12:07 ----A---- C:\Windows\system32\VIAPropPageExt.dll
2014-04-17 11:12:07 ----A---- C:\Windows\system32\ViaMicArrayPropPageExt.dll
2014-04-17 11:12:07 ----A---- C:\Windows\system32\ViaMicArrayAPO.dll
2014-04-17 11:12:07 ----A---- C:\Windows\system32\ViakaraokeSrv.exe
2014-04-17 11:12:07 ----A---- C:\Windows\system32\ViaKaraokePropPageExt.dll
2014-04-17 11:12:07 ----A---- C:\Windows\system32\ViaKaraokeApo.dll
2014-04-17 11:12:07 ----A---- C:\Windows\system32\nQPropPageExt.dll
2014-04-17 11:12:07 ----A---- C:\Windows\system32\nQAPO.dll
2014-04-17 11:12:07 ----A---- C:\Windows\system32\Dts2PropPageExt.dll
2014-04-17 11:12:07 ----A---- C:\Windows\system32\Dts2APO.dll
2014-04-17 11:12:07 ----A---- C:\Windows\system32\drivers\viahduaa.sys
2014-04-17 11:11:08 ----A---- C:\Windows\system32\wups2.dll
2014-04-17 11:11:08 ----A---- C:\Windows\system32\wucltux.dll
2014-04-17 11:11:08 ----A---- C:\Windows\system32\wuaueng.dll
2014-04-17 11:11:08 ----A---- C:\Windows\system32\wuauclt.exe
2014-04-17 11:11:07 ----A---- C:\Windows\system32\wups.dll
2014-04-17 11:11:07 ----A---- C:\Windows\system32\wudriver.dll
2014-04-17 11:11:07 ----A---- C:\Windows\system32\wuapi.dll
2014-04-17 11:11:06 ----A---- C:\Windows\system32\wuwebv.dll
2014-04-17 11:11:06 ----A---- C:\Windows\system32\wuapp.exe
2014-04-17 11:09:57 ----A---- C:\Windows\system32\drivers\Rt64win7.sys
2014-04-17 11:09:56 ----A---- C:\Windows\system32\RTNUninst64.dll
2014-04-17 11:09:56 ----A---- C:\Windows\system32\RtNicProp64.dll
2014-04-17 11:09:52 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2014-04-17 11:09:52 ----D---- C:\Program Files (x86)\Realtek
2014-04-17 11:09:11 ----N---- C:\Windows\difxapi.dll
2014-04-17 11:09:10 ----D---- C:\Program Files (x86)\VIA
2014-04-17 11:09:01 ----SHD---- C:\Windows\Installer
2014-04-17 11:07:43 ----A---- C:\Windows\GSetup.ini
2014-04-17 11:05:31 ----D---- C:\Users\Cerwis\AppData\Roaming\Identities
2014-04-17 11:05:28 ----SD---- C:\Users\Cerwis\AppData\Roaming\Microsoft
2014-04-17 11:05:28 ----D---- C:\Users\Cerwis\AppData\Roaming\Media Center Programs
2014-04-17 11:05:25 ----SHD---- C:\Recovery
2014-04-17 11:05:25 ----SHD---- C:\ProgramData\Šablony
2014-04-17 11:05:25 ----SHD---- C:\ProgramData\Plocha
2014-04-17 11:05:25 ----SHD---- C:\ProgramData\Oblíbené položky
2014-04-17 11:05:25 ----SHD---- C:\ProgramData\Nabídka Start
2014-04-17 11:05:25 ----SHD---- C:\ProgramData\Dokumenty
2014-04-17 11:05:25 ----SHD---- C:\ProgramData\Data aplikací
2014-04-17 11:05:24 ----D---- C:\Windows\SoftwareDistribution
2014-04-17 10:56:37 ----D---- C:\Windows\Prefetch
2014-04-17 10:56:28 ----SHD---- C:\System Volume Information
2014-04-17 10:56:28 ----ASH---- C:\pagefile.sys
2014-04-17 10:56:28 ----ASH---- C:\hiberfil.sys

======List of files/folders modified in the last 1 months======

2014-05-13 08:31:35 ----D---- C:\Windows\Temp
2014-05-13 08:31:25 ----RD---- C:\Program Files
2014-05-13 08:22:01 ----D---- C:\Windows\system32\config
2014-05-13 08:12:17 ----D---- C:\Windows\System32
2014-05-13 08:12:17 ----D---- C:\Windows\inf
2014-05-13 08:12:17 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-05-12 11:22:43 ----D---- C:\Windows\SysWOW64
2014-05-11 08:47:42 ----D---- C:\Windows
2014-05-10 19:46:00 ----RD---- C:\Program Files (x86)
2014-05-09 19:24:24 ----D---- C:\Windows\Logs
2014-05-09 19:24:24 ----D---- C:\Windows\debug
2014-05-09 19:21:41 ----D---- C:\Windows\system32\Tasks
2014-05-08 21:14:20 ----D---- C:\Windows\system32\catroot2
2014-05-04 10:47:40 ----D---- C:\Windows\system32\DriverStore
2014-05-04 10:47:40 ----D---- C:\Windows\system32\catroot
2014-05-04 10:14:00 ----D---- C:\Windows\Microsoft.NET
2014-05-04 09:00:52 ----D---- C:\Windows\system32\drivers
2014-05-03 12:15:31 ----HD---- C:\ProgramData
2014-05-02 03:16:19 ----D---- C:\Windows\winsxs
2014-04-27 19:02:49 ----D---- C:\Windows\system32\LogFiles
2014-04-25 16:07:48 ----D---- C:\Windows\system32\drivers\UMDF
2014-04-21 09:40:15 ----SD---- C:\ProgramData\Microsoft
2014-04-20 16:13:24 ----D---- C:\Windows\rescache
2014-04-19 10:04:50 ----RSD---- C:\Windows\assembly
2014-04-19 10:04:16 ----D---- C:\Program Files (x86)\MSBuild
2014-04-19 10:04:12 ----D---- C:\Windows\ShellNew
2014-04-19 10:04:12 ----D---- C:\Program Files (x86)\Common Files
2014-04-19 10:04:01 ----RSD---- C:\Windows\Fonts
2014-04-19 10:03:41 ----D---- C:\Program Files\Common Files\Microsoft Shared
2014-04-19 10:02:21 ----A---- C:\Windows\win.ini
2014-04-19 07:49:01 ----D---- C:\Windows\SYSWOW64\cs-CZ
2014-04-19 07:49:01 ----D---- C:\Windows\system32\cs-CZ
2014-04-18 10:48:53 ----D---- C:\Windows\SYSWOW64\en-US
2014-04-18 10:48:53 ----D---- C:\Program Files\Internet Explorer
2014-04-18 10:48:52 ----D---- C:\Windows\system32\en-US
2014-04-18 10:48:52 ----D---- C:\Windows\PolicyDefinitions
2014-04-18 10:48:52 ----D---- C:\Program Files (x86)\Internet Explorer
2014-04-18 10:34:20 ----D---- C:\Windows\SYSWOW64\wbem
2014-04-18 10:34:19 ----D---- C:\Windows\system32\wbem
2014-04-18 10:34:19 ----D---- C:\Windows\system32\drivers\en-US
2014-04-18 09:03:05 ----D---- C:\Windows\Help
2014-04-18 03:18:47 ----D---- C:\Windows\SYSWOW64\migration
2014-04-18 03:18:47 ----D---- C:\Windows\system32\migration
2014-04-18 03:00:37 ----D---- C:\Windows\system32\wdi
2014-04-17 13:41:47 ----D---- C:\Program Files\Windows Media Player
2014-04-17 13:41:47 ----D---- C:\Program Files (x86)\Windows Media Player
2014-04-17 13:41:46 ----D---- C:\Program Files\Common Files\System
2014-04-17 13:41:45 ----D---- C:\Windows\ehome
2014-04-17 13:41:45 ----D---- C:\Windows\AppPatch
2014-04-17 13:41:43 ----D---- C:\Windows\system32\drivers\cs-CZ
2014-04-17 13:41:43 ----D---- C:\Program Files\Windows Defender
2014-04-17 13:41:43 ----D---- C:\Program Files (x86)\Windows Defender
2014-04-17 13:41:40 ----D---- C:\Windows\SYSWOW64\zh-TW
2014-04-17 13:41:40 ----D---- C:\Windows\SYSWOW64\zh-HK
2014-04-17 13:41:40 ----D---- C:\Windows\SYSWOW64\zh-CN
2014-04-17 13:41:40 ----D---- C:\Windows\SYSWOW64\tr-TR
2014-04-17 13:41:40 ----D---- C:\Windows\SYSWOW64\sv-SE
2014-04-17 13:41:40 ----D---- C:\Windows\SYSWOW64\ru-RU
2014-04-17 13:41:40 ----D---- C:\Windows\SYSWOW64\pt-PT
2014-04-17 13:41:40 ----D---- C:\Windows\SYSWOW64\pt-BR
2014-04-17 13:41:40 ----D---- C:\Windows\SYSWOW64\pl-PL
2014-04-17 13:41:40 ----D---- C:\Windows\SYSWOW64\nl-NL
2014-04-17 13:41:40 ----D---- C:\Windows\SYSWOW64\nb-NO
2014-04-17 13:41:40 ----D---- C:\Windows\SYSWOW64\ko-KR
2014-04-17 13:41:40 ----D---- C:\Windows\SYSWOW64\ja-JP
2014-04-17 13:41:40 ----D---- C:\Windows\SYSWOW64\it-IT
2014-04-17 13:41:40 ----D---- C:\Windows\SYSWOW64\hu-HU
2014-04-17 13:41:40 ----D---- C:\Windows\SYSWOW64\fr-FR
2014-04-17 13:41:40 ----D---- C:\Windows\SYSWOW64\fi-FI
2014-04-17 13:41:40 ----D---- C:\Windows\SYSWOW64\es-ES
2014-04-17 13:41:40 ----D---- C:\Windows\SYSWOW64\el-GR
2014-04-17 13:41:40 ----D---- C:\Windows\SYSWOW64\de-DE
2014-04-17 13:41:40 ----D---- C:\Windows\SYSWOW64\da-DK
2014-04-17 13:41:40 ----D---- C:\Windows\system32\zh-TW
2014-04-17 13:41:40 ----D---- C:\Windows\system32\zh-HK
2014-04-17 13:41:40 ----D---- C:\Windows\system32\zh-CN
2014-04-17 13:41:40 ----D---- C:\Windows\system32\tr-TR
2014-04-17 13:41:40 ----D---- C:\Windows\system32\sv-SE
2014-04-17 13:41:40 ----D---- C:\Windows\system32\pt-PT
2014-04-17 13:41:40 ----D---- C:\Windows\system32\pt-BR
2014-04-17 13:41:40 ----D---- C:\Windows\system32\pl-PL
2014-04-17 13:41:40 ----D---- C:\Windows\system32\nl-NL
2014-04-17 13:41:40 ----D---- C:\Windows\system32\ko-KR
2014-04-17 13:41:40 ----D---- C:\Windows\system32\it-IT
2014-04-17 13:41:40 ----D---- C:\Windows\system32\hu-HU
2014-04-17 13:41:40 ----D---- C:\Windows\system32\fr-FR
2014-04-17 13:41:40 ----D---- C:\Windows\system32\fi-FI
2014-04-17 13:41:40 ----D---- C:\Windows\system32\es-ES
2014-04-17 13:41:40 ----D---- C:\Windows\system32\el-GR
2014-04-17 13:41:40 ----D---- C:\Windows\system32\de-DE
2014-04-17 13:41:39 ----D---- C:\Windows\system32\ru-RU
2014-04-17 13:41:39 ----D---- C:\Windows\system32\nb-NO
2014-04-17 13:41:39 ----D---- C:\Windows\system32\ja-JP
2014-04-17 13:41:39 ----D---- C:\Windows\system32\da-DK
2014-04-17 13:41:32 ----D---- C:\Windows\system32\Boot
2014-04-17 13:41:30 ----D---- C:\Program Files\Windows Journal
2014-04-17 11:24:52 ----D---- C:\Windows\Tasks
2014-04-17 11:09:05 ----D---- C:\Windows\system32\restore
2014-04-17 11:08:41 ----D---- C:\Windows\system32\CodeIntegrity
2014-04-17 11:07:31 ----D---- C:\Windows\system32\NDF
2014-04-17 11:05:30 ----SHD---- C:\$Recycle.Bin
2014-04-17 11:05:28 ----RD---- C:\Users
2014-04-17 11:05:25 ----D---- C:\Program Files\Windows NT
2014-04-17 10:57:45 ----D---- C:\Windows\system32\sysprep

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amd_sata;amd_sata; C:\Windows\system32\DRIVERS\amd_sata.sys [2012-04-11 82560]
R0 amd_xata;amd_xata; C:\Windows\system32\DRIVERS\amd_xata.sys [2012-04-11 42624]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2014-02-25 131576]
R1 avkmgr;avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [2014-02-25 28600]
R1 Vsdatant;Zone Alarm Firewall Driver; C:\Windows\system32\DRIVERS\vsdatant.sys [2013-10-23 454168]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2014-02-25 108440]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver; C:\Windows\System32\Drivers\EtronHub3.sys [2012-08-07 65152]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver; C:\Windows\System32\Drivers\EtronXHCI.sys [2012-08-07 88832]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2013-04-04 25928]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 565352]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2012-08-03 2206352]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2014-04-11 110336]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys []
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2014-04-11 206080]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 WinUsb;SAMSUNG Android USB Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirService;Avira Real-Time Protection; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2014-02-25 440400]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2014-02-25 440400]
R2 Avira.OE.ServiceHost;Avira Service Host; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [2014-05-05 124496]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2014-03-04 922968]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-03-04 411936]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service; C:\Windows\system32\viakaraokesrv.exe [2012-08-03 27792]
R2 vsmon;TrueVector Internet Monitor; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2013-12-16 2445816]
R2 ZAPrivacyService;ZoneAlarm Privacy Service; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [2013-10-15 50704]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-17 116648]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-17 116648]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-03-06 111616]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2014-04-18 1255736]
S4 AntiVirWebService;Avira Web Protection; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [2014-02-25 1017424]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

Děkuji za pomoc

#2 Příspěvek od **motji** » 13 kvě 2014 07:54

Zdravím

Spusťte combofix podle tohoto návodu
http://www.bleepingcomputer.com/combofi ... t-combofix

czerwis · #3 Příspěvek od **czerwis** » 13 kvě 2014 10:35

ComboFix 14-05-10.01 - Cerwis 13.05.2014 11:17:43.1.6 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.8153.6635 [GMT 2:00]
Spuštěný z: c:\users\Cerwis\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
FW: ZoneAlarm Free Firewall Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Cerwis\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-04-13 do 2014-05-13 )))))))))))))))))))))))))))))))
.
.
2014-05-13 09:20 . 2014-05-13 09:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-13 06:31 . 2014-05-13 06:32 -------- d-----w- C:\rsit
2014-05-13 06:31 . 2014-05-13 06:32 -------- d-----w- c:\program files\trend micro
2014-05-09 17:21 . 2014-05-09 17:21 -------- d-----w- c:\program files\CCleaner
2014-05-03 10:32 . 2014-05-09 17:22 -------- d-----w- c:\program files (x86)\MyFree Codec
2014-05-03 10:31 . 2014-04-11 08:39 708168 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll
2014-05-03 10:31 . 2014-04-11 08:39 206080 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2014-05-03 10:31 . 2014-04-11 08:39 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2014-05-03 10:31 . 2014-04-11 08:39 110336 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2014-05-03 10:19 . 2014-05-03 10:19 -------- d-----w- c:\program files (x86)\MarkAny
2014-05-03 10:16 . 2014-01-23 16:23 144664 ----a-w- c:\windows\SysWow64\secman.dll
2014-05-03 10:16 . 2014-01-23 16:23 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
2014-05-03 10:15 . 2014-05-04 08:23 -------- d-----w- c:\programdata\Samsung
2014-05-03 10:15 . 2014-05-04 08:14 -------- d-----w- c:\program files (x86)\Samsung
2014-05-02 13:43 . 2014-05-02 13:43 -------- d-----w- c:\programdata\Malwarebytes
2014-05-02 13:43 . 2014-05-02 13:43 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2014-05-02 13:43 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-02 11:57 . 2014-05-02 11:57 -------- d-----w- c:\program files (x86)\DtsFilter
2014-05-02 11:55 . 2014-05-02 11:55 -------- d-----w- c:\programdata\GRETECH
2014-05-02 11:54 . 2014-05-02 11:54 -------- d-----w- c:\program files (x86)\GRETECH
2014-05-02 11:32 . 2014-05-02 11:37 -------- d-----w- c:\program files (x86)\VideoLAN
2014-05-02 01:00 . 2014-04-29 14:01 23547904 ----a-w- c:\windows\system32\mshtml.dll
2014-05-02 01:00 . 2014-04-29 13:40 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-02 01:00 . 2014-04-29 12:34 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-04-26 06:06 . 2014-04-26 06:09 -------- d-----w- c:\program files (x86)\CheckPoint
2014-04-26 06:01 . 2014-04-26 06:01 -------- d-s---w- c:\windows\system32\CompatTel
2014-04-26 06:01 . 2014-04-14 02:24 465408 ----a-w- c:\windows\system32\aepdu.dll
2014-04-26 06:01 . 2014-04-14 02:19 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-04-19 08:04 . 2014-04-19 08:04 -------- d-----w- c:\program files (x86)\Microsoft Works
2014-04-19 08:03 . 2014-04-19 08:03 -------- d-----w- c:\windows\PCHEALTH
2014-04-19 08:02 . 2014-04-19 08:02 -------- d-----w- c:\program files\Microsoft Office
2014-04-19 08:02 . 2014-04-19 08:02 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2014-04-19 08:02 . 2014-04-19 08:04 -------- d-----w- c:\programdata\Microsoft Help
2014-04-19 08:02 . 2014-04-19 08:02 -------- d-----r- C:\MSOCache
2014-04-19 07:32 . 2014-05-04 11:39 -------- d-----w- c:\program files\totalcmd
2014-04-19 07:32 . 2009-09-24 05:50 545 ----a-w- c:\windows\UC.PIF
2014-04-19 07:32 . 2009-09-24 05:50 545 ----a-w- c:\windows\RAR.PIF
2014-04-19 07:32 . 2009-09-24 05:50 545 ----a-w- c:\windows\NOCLOSE.PIF
2014-04-19 07:32 . 2009-09-24 05:50 545 ----a-w- c:\windows\LHA.PIF
2014-04-19 07:32 . 2009-09-24 05:50 545 ----a-w- c:\windows\ARJ.PIF
2014-04-19 05:32 . 2014-01-09 02:22 5694464 ----a-w- c:\windows\SysWow64\mstscax.dll
2014-04-19 05:32 . 2014-01-03 22:44 6574592 ----a-w- c:\windows\system32\mstscax.dll
2014-04-18 07:07 . 2013-10-02 04:38 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2014-04-18 07:05 . 2012-08-23 14:10 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2014-04-18 07:05 . 2012-08-23 14:08 30208 ----a-w- c:\windows\system32\drivers\TsUsbGD.sys
2014-04-18 07:05 . 2012-08-23 13:24 15360 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2014-04-18 07:05 . 2012-08-23 14:13 243200 ----a-w- c:\windows\system32\rdpudd.dll
2014-04-18 07:05 . 2012-08-23 11:12 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll
2014-04-18 07:05 . 2012-08-23 10:51 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll
2014-04-18 07:05 . 2012-08-23 09:51 3174912 ----a-w- c:\windows\system32\rdpcorets.dll
2014-04-18 06:37 . 2013-09-25 02:23 1030144 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-04-18 06:37 . 2013-09-25 01:57 792576 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2014-04-18 06:37 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2014-04-18 06:37 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-04-18 04:26 . 2013-11-23 18:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2014-04-18 04:26 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer.exe
2014-04-18 04:26 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\SysWow64\explorer.exe
2014-04-18 04:26 . 2013-11-23 17:47 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2014-04-18 04:26 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-04-18 04:26 . 2013-12-24 22:48 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-04-18 04:26 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2014-04-18 04:26 . 2013-11-22 22:48 3928064 ----a-w- c:\windows\system32\d2d1.dll
2014-04-18 01:03 . 2013-10-14 16:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2014-04-18 01:00 . 2014-04-18 01:00 -------- d-----w- c:\windows\SysWow64\Wat
2014-04-18 01:00 . 2014-04-18 01:00 -------- d-----w- c:\windows\system32\Wat
2014-04-17 15:46 . 2014-04-17 15:46 84720 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-04-17 11:38 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2014-04-17 11:38 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2014-04-17 11:37 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2014-04-17 11:37 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2014-04-17 11:37 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2014-04-17 11:27 . 2014-04-17 11:27 -------- d-----w- c:\windows\Migration
2014-04-17 11:00 . 2012-07-26 07:40 2560 ----a-w- c:\windows\system32\drivers\cs-CZ\wdf01000.sys.mui
2014-04-17 10:40 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2014-04-17 10:31 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2014-04-17 10:31 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2014-04-17 10:31 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2014-04-17 10:31 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2014-04-17 10:31 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2014-04-17 10:31 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2014-04-17 10:31 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2014-04-17 10:28 . 2014-04-17 10:28 -------- d-----w- c:\windows\system32\MRT
2014-04-17 10:27 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2014-04-17 10:27 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2014-04-17 10:27 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2014-04-17 10:03 . 2013-08-02 02:12 43520 ----a-w- c:\windows\system32\csrsrv.dll
2014-04-17 10:02 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2014-04-17 10:01 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2014-04-17 10:00 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2014-04-17 10:00 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2014-04-17 10:00 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2014-04-17 10:00 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2014-04-17 10:00 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2014-04-17 10:00 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2014-04-17 09:58 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2014-04-17 09:57 . 2014-03-04 09:44 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2014-04-17 09:56 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2014-04-17 09:47 . 2014-04-17 09:47 -------- d-----w- c:\programdata\CheckPoint
2014-04-17 09:45 . 2014-02-25 09:41 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2014-04-17 09:45 . 2014-02-25 09:41 131576 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-04-17 09:45 . 2014-02-25 09:41 108440 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-04-17 09:34 . 2014-05-12 09:22 -------- d-----w- c:\program files (x86)\Avira
2014-04-17 09:34 . 2014-04-17 09:45 -------- d-----w- c:\programdata\Avira
2014-04-17 09:32 . 2014-04-19 08:03 -------- d-----w- c:\program files (x86)\Microsoft.NET
2014-04-17 09:27 . 2014-05-12 09:23 -------- d-----w- c:\programdata\Package Cache
2014-04-17 09:24 . 2014-04-17 09:28 -------- d-----w- c:\program files (x86)\Google
2014-04-17 09:18 . 2012-08-07 07:09 88832 ----a-w- c:\windows\system32\drivers\EtronXHCI.sys
2014-04-17 09:18 . 2012-08-07 07:09 65152 ----a-w- c:\windows\system32\drivers\EtronHub3.sys
2014-04-17 09:18 . 2014-04-17 09:18 -------- d-----w- c:\program files (x86)\Etron Technology
2014-04-17 09:17 . 2012-04-11 01:40 82560 ----a-w- c:\windows\system32\drivers\amd_sata.sys
2014-04-17 09:17 . 2012-04-11 01:40 42624 ----a-w- c:\windows\system32\drivers\amd_xata.sys
2014-04-17 09:16 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2014-04-17 09:16 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2014-04-17 09:16 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2014-04-17 09:11 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2014-04-17 09:11 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2014-04-17 09:11 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2014-04-17 09:11 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2014-04-17 09:11 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2014-04-17 09:11 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2014-04-17 09:11 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2014-04-17 09:11 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2014-04-17 09:11 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2014-04-17 09:09 . 2011-08-23 13:57 565352 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2014-04-17 09:09 . 2011-08-23 13:57 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-18 01:01 . 2014-04-18 01:01 208384 ----a-w- c:\windows\SysWow64\webcheck.dll
2014-04-18 01:01 . 2014-04-18 01:01 243200 ----a-w- c:\windows\system32\webcheck.dll
2014-03-20 21:03 . 2014-03-20 21:03 15783992 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2014-03-20 21:03 . 2009-07-13 21:59 18302384 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-03-20 21:03 . 2014-03-20 21:03 9690424 ----a-w- c:\windows\SysWow64\nvopencl.dll
2014-03-20 21:03 . 2014-03-20 21:03 11589272 ----a-w- c:\windows\system32\nvopencl.dll
2014-03-20 21:02 . 2014-03-20 21:02 31474976 ----a-w- c:\windows\system32\nvoglv64.dll
2014-03-20 21:02 . 2014-03-20 21:02 23716640 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2014-03-20 21:02 . 2014-03-20 21:02 12708128 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2014-03-20 21:02 . 2014-03-20 21:02 892704 ----a-w- c:\windows\system32\NvIFR64.dll
2014-03-20 21:02 . 2014-03-20 21:02 863064 ----a-w- c:\windows\SysWow64\NvIFR.dll
2014-03-20 21:02 . 2014-03-20 21:02 877856 ----a-w- c:\windows\system32\NvFBC64.dll
2014-03-20 21:02 . 2014-03-20 21:02 846168 ----a-w- c:\windows\SysWow64\NvFBC.dll
2014-03-20 21:02 . 2014-03-20 21:02 1885472 ----a-w- c:\windows\system32\nvdispco6433523.dll
2014-03-20 21:02 . 2014-03-20 21:02 1516488 ----a-w- c:\windows\system32\nvdispgenco6433523.dll
2014-03-20 21:02 . 2014-03-20 21:02 3143456 ----a-w- c:\windows\system32\nvcuvid.dll
2014-03-20 21:02 . 2014-03-20 21:02 17755424 ----a-w- c:\windows\system32\nvd3dumx.dll
2014-03-20 21:02 . 2009-06-10 20:37 14709720 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-03-20 21:02 . 2014-03-20 21:02 9728064 ----a-w- c:\windows\SysWow64\nvcuda.dll
2014-03-20 21:02 . 2014-03-20 21:02 2958792 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2014-03-20 21:02 . 2014-03-20 21:02 2783008 ----a-w- c:\windows\system32\nvcuvenc.dll
2014-03-20 21:02 . 2014-03-20 21:02 2411976 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2014-03-20 21:02 . 2014-03-20 21:02 11636176 ----a-w- c:\windows\system32\nvcuda.dll
2014-03-20 21:02 . 2014-03-20 21:02 17561544 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2014-03-20 21:02 . 2014-03-20 21:02 3093280 ----a-w- c:\windows\system32\nvapi64.dll
2014-03-20 21:02 . 2014-03-20 21:02 25255256 ----a-w- c:\windows\system32\nvcompiler.dll
2014-03-20 21:02 . 2014-03-20 21:02 2715264 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-03-04 09:17 . 2014-04-17 09:57 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-08-09 5263504]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-02-25 689744]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2013-12-16 73832]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-05-05 182352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S2 ZAPrivacyService;ZoneAlarm Privacy Service;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-27 16:39 1078088 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-04-17 09:24]
.
2014-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-04-17 09:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-03-20 1797064]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
.
**************************************************************************
.
Celkový čas: 2014-05-13 11:24:43 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-05-13 09:24
.
Před spuštěním: Volných bajtů: 80 815 566 848
Po spuštění: Volných bajtů: 80 407 859 200
.
- - End Of File - - 83B033C97930E3FB460A01D4F9185D64
A36C5E4F47E84449FF07ED3517B43A31

#4 Příspěvek od **motji** » 13 kvě 2014 12:56

Nic nevidím

, na jakou adresu se to připojuje?

czerwis · #5 Příspěvek od **czerwis** » 13 kvě 2014 17:35

ZoneAlarm mi několikrát denně hlásí, že se rundll32.exe znaží připojit na 23.62.237.89

#6 Příspěvek od **motji** » 13 kvě 2014 18:51

Dělá to akamai, ale nemůžu přijít na to, kde je

. Poprosím ještě o druhý log z toho prvního programu.

czerwis · #7 Příspěvek od **czerwis** » 13 kvě 2014 21:30

info.txt logfile of random's system information tool 1.08 2014-05-13 08:32:10

======Uninstall list======

Aktualizace NVIDIA 10.4.0-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.{682F1BCC-2D25-4D2E-A4DC-A99F1C933C82}\NVI2.DLL",UninstallPackage Display.Update
Avira Free Antivirus-->C:\Program Files (x86)\Avira\AntiVir Desktop\setup.exe /REMOVE
Avira-->"C:\ProgramData\Package Cache\{70a79d1f-686d-4d5c-962b-07aa1294eae0}\Avira.OE.Setup.Bundle.En-us.exe" /uninstall
Avira-->MsiExec.exe /I{5C16076B-DB38-4E0E-9F36-9276010E4F51}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
DTS+AC3 ÇĘĹÍ-->"C:\Program Files (x86)\DtsFilter\uninstall.exe"
Etron USB3.0 Host Controller-->"C:\Program Files (x86)\InstallShield Installation Information\{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}\setup.exe" -runfromtemp -l0x0409 -removeonly
Etron USB3.0 Host Controller-->MsiExec.exe /I{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}
GOM Player-->"C:\Program Files (x86)\GRETECH\GomPlayer\Uninstall.exe"
Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\setup.exe" --uninstall --multi-install --chrome --system-level
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Malwarebytes Anti-Malware verze 1.75.0.1300-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 4.5.1 (CSY)-->MsiExec.exe /X{50813B8C-FCBB-3C61-8039-EAAA93029066}
Microsoft .NET Framework 4.5.1 (čeština)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.50938\CSY\\Setup.exe /repair /x86 /x64 /lcid 1029
Microsoft .NET Framework 4.5.1-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.50938\\Setup.exe /repair /x86 /x64
Microsoft .NET Framework 4.5.1-->MsiExec.exe /X{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}
Microsoft Office Access MUI (Czech) 2007-->MsiExec.exe /X{90120000-0015-0405-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Czech) 2007-->MsiExec.exe /X{90120000-0016-0405-0000-0000000FF1CE}
Microsoft Office Groove MUI (Czech) 2007-->MsiExec.exe /X{90120000-00BA-0405-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Czech) 2007-->MsiExec.exe /X{90120000-0044-0405-0000-0000000FF1CE}
Microsoft Office Office 64-bit Components 2007-->MsiExec.exe /X{90120000-002A-0000-1000-0000000FF1CE}
Microsoft Office OneNote MUI (Czech) 2007-->MsiExec.exe /X{90120000-00A1-0405-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Czech) 2007-->MsiExec.exe /X{90120000-001A-0405-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Czech) 2007-->MsiExec.exe /X{90120000-0018-0405-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2007-->MsiExec.exe /X{90120000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2007-->MsiExec.exe /X{90120000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Czech) 2007-->MsiExec.exe /X{90120000-002C-0405-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Czech) 2007-->MsiExec.exe /X{90120000-0019-0405-0000-0000000FF1CE}
Microsoft Office Shared 64-bit MUI (Czech) 2007-->MsiExec.exe /X{90120000-002A-0405-1000-0000000FF1CE}
Microsoft Office Shared MUI (Czech) 2007-->MsiExec.exe /X{90120000-006E-0405-0000-0000000FF1CE}
Microsoft Office Word MUI (Czech) 2007-->MsiExec.exe /X{90120000-001B-0405-0000-0000000FF1CE}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729-->MsiExec.exe /X{14297226-E0A0-3781-8911-E9D529552663}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
NVIDIA Ovladač 3D Vision 335.23-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.{682F1BCC-2D25-4D2E-A4DC-A99F1C933C82}\NVI2.DLL",UninstallPackage Display.3DVision
NVIDIA Ovladače grafiky 335.23-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.{682F1BCC-2D25-4D2E-A4DC-A99F1C933C82}\NVI2.DLL",UninstallPackage Display.Driver
NVIDIA Stereoscopic 3D Driver-->"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInst.exe" /uninstall /ask
Realtek Ethernet Controller Driver-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\Setup.Exe -runfromtemp -removeonly
Samsung Kies3-->"C:\Program Files (x86)\InstallShield Installation Information\{88547073-C566-4895-9005-EBE98EA3F7C7}\setup.exe" -runfromtemp -l0x0409 -removeonly
Samsung Kies3-->MsiExec.exe /I{88547073-C566-4895-9005-EBE98EA3F7C7}
SAMSUNG USB Driver for Mobile Phones-->C:\Program Files (x86)\Samsung\USB Drivers\Uninstall.exe
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.50938\setup.exe /uninstallpatch {BD0F9F7E-62B2-3971-9E2E-B87B832CE89D}
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.50938\setup.exe /uninstallpatch {513BC47F-0560-33C2-A029-C5387642233A}
Total Commander (Remove or Repair)-->C:\Program Files\totalcmd\tcuninst.exe
VIA Platforma Ovladače zařízení-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
WinRAR-->C:\Program Files (x86)\WinRAR\uninstall.exe
ZoneAlarm Firewall-->MsiExec.exe /I{39E72FE7-C0B5-45AE-B259-8F5DEEA595C9}
ZoneAlarm Free Firewall-->"C:\Program Files (x86)\CheckPoint\Install\Install.exe" /s uninstall
ZoneAlarm Security-->MsiExec.exe /I{413A683A-88AA-4270-9270-69DF005DE472}

======System event log======

Computer Name: Cerwis-PC
Event Code: 7036
Message: Stav služby Hostitel diagnostického systému byl změněn na: Zastaveno
Record Number: 7683
Source Name: Service Control Manager
Time Written: 20140509172730.604583-000
Event Type: Informace
User:

Computer Name: Cerwis-PC
Event Code: 7036
Message: Stav služby Stínová kopie svazku byl změněn na: Zastaveno
Record Number: 7682
Source Name: Service Control Manager
Time Written: 20140509172615.038052-000
Event Type: Informace
User:

Computer Name: Cerwis-PC
Event Code: 7036
Message: Stav služby MBAMService byl změněn na: Spuštěno
Record Number: 7681
Source Name: Service Control Manager
Time Written: 20140509172505.961131-000
Event Type: Informace
User:

Computer Name: Cerwis-PC
Event Code: 104
Message: Byl vymazán soubor protokolu Windows PowerShell.
Record Number: 7680
Source Name: Microsoft-Windows-Eventlog
Time Written: 20140509172425.260660-000
Event Type: Informace
User: Cerwis-PC\Cerwis

Computer Name: Cerwis-PC
Event Code: 104
Message: Byl vymazán soubor protokolu System.
Record Number: 7679
Source Name: Microsoft-Windows-Eventlog
Time Written: 20140509172425.260660-000
Event Type: Informace
User: Cerwis-PC\Cerwis

=====Application event log=====

Computer Name: Cerwis-PC
Event Code: 0
Message:
Record Number: 1863
Source Name: gupdate
Time Written: 20140509233859.000000-000
Event Type: Informace
User:

Computer Name: Cerwis-PC
Event Code: 8224
Message: Služba VSS bude ukončena z důvodu vypršení časového limitu nečinnosti.
Record Number: 1862
Source Name: VSS
Time Written: 20140509220301.000000-000
Event Type: Informace
User:

Computer Name: Cerwis-PC
Event Code: 1001
Message: Chybný blok 57714519, typ 21
Název události: PDUWICA
Reakce: Není k dispozici
ID souboru CAB: 0

Podpis problému:
P1: 3
P2: 2
P3: 6.1.1.0
P4: 1029
P5: 59
P6:
P7:
P8:
P9:
P10:

Připojené soubory:

Tyto soubory mohou být k dispozici zde:

Symbol analýzy:
Opětovné hledání řešení: 0
ID hlášení: 909758c1-d7c0-11e3-b6e5-94de8075042c
Stav hlášení: 0
Record Number: 1861
Source Name: Windows Error Reporting
Time Written: 20140509212649.000000-000
Event Type: Informace
User:

Computer Name: Cerwis-PC
Event Code: 0
Message:
Record Number: 1860
Source Name: gupdate
Time Written: 20140509183840.000000-000
Event Type: Informace
User:

Computer Name: Cerwis-PC
Event Code: 8224
Message: Služba VSS bude ukončena z důvodu vypršení časového limitu nečinnosti.
Record Number: 1859
Source Name: VSS
Time Written: 20140509172614.000000-000
Event Type: Informace
User:

=====Security event log=====

Computer Name: Cerwis-PC
Event Code: 4672
Message: Novému přihlášení byla přiřazena zvláštní oprávnění.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7

Oprávnění: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 4033
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20140509220000.674447-000
Event Type: Úspěšný audit
User:

Computer Name: Cerwis-PC
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: CERWIS-PC$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Typ přihlášení: 5

Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x224
Název procesu: C:\Windows\System32\services.exe

Informace o síti:
Název pracovní stanice:
Adresa zdrojové sítě -
Zdrojový port: -

Podrobné informace o ověření:
Proces přihlášení: Advapi
Balíček ověření: Negotiate
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 4032
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20140509220000.674447-000
Event Type: Úspěšný audit
User:

Computer Name: Cerwis-PC
Event Code: 4672
Message: Novému přihlášení byla přiřazena zvláštní oprávnění.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7

Oprávnění: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 4031
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20140509220000.502847-000
Event Type: Úspěšný audit
User:

Computer Name: Cerwis-PC
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: CERWIS-PC$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Typ přihlášení: 5

Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x224
Název procesu: C:\Windows\System32\services.exe

Informace o síti:
Název pracovní stanice:
Adresa zdrojové sítě -
Zdrojový port: -

Podrobné informace o ověření:
Proces přihlášení: Advapi
Balíček ověření: Negotiate
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 4030
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20140509220000.502847-000
Event Type: Úspěšný audit
User:

Computer Name: Cerwis-PC
Event Code: 1102
Message: Protokol auditu byl vymazán.
Předmět:
ID zabezpečení: S-1-5-21-260688929-2024938292-1615958577-1000
Název účtu: Cerwis
Název domény: Cerwis-PC
ID přihlášení: 0x17499
Record Number: 4029
Source Name: Microsoft-Windows-Eventlog
Time Written: 20140509172425.260660-000
Event Type: Úspěšný audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=6
"PROCESSOR_LEVEL"=21
"PROCESSOR_IDENTIFIER"=AMD64 Family 21 Model 2 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0200
"windows_tracing_logfile"=C:\BVTBin\Tests\installpackage\csilogfile.log
"windows_tracing_flags"=3

-----------------EOF-----------------

#8 Příspěvek od **motji** » 14 kvě 2014 10:45

Akamai nevidím. Musím nad tím popřemýšlet. Zkuste vysledovat, jeslti se nepřipojuje, když je spuštěný určitý program, tipla bych hra nebo něco podobného.

czerwis · #9 Příspěvek od **czerwis** » 14 kvě 2014 18:51

Po výměně HDD na SSD mám asi 14 dní novou instal. sedmiček + pár základních prg...žádné hry, žádné neoficial. instalačky... připojuje se to naprosto náhodně

#10 Příspěvek od **motji** » 15 kvě 2014 05:36

A v ZA to necháte blokovat?

czerwis · #11 Příspěvek od **czerwis** » 15 kvě 2014 07:50

Pokaždé tlačítko "Deny"...nicméně v seznamu prg v ZA jsem Akamai nenašel, abych ho zablokoval natrvalo

#12 Příspěvek od **motji** » 15 kvě 2014 14:18

Ted nejsem u svého pc, ale pak zkusíme ještě jeden prográmek.
a V ZA asi nevidíte co se tam připojuje, že?

czerwis · #13 Příspěvek od **czerwis** » 15 kvě 2014 16:51

nee, jenom to dll...
o.k.
při nejhorším reinstal

#14 Příspěvek od **motji** » 15 kvě 2014 19:42

a jaké dll to je?

#15 Příspěvek od **motji** » 16 kvě 2014 17:14

Zkuste tento program na sledování který program se snaží připojit, teda asi spíš soubor

http://www.stahuj.centrum.cz/internet_a ... e/tcpview/

VIRY.CZ

Připojování PC k neznámé adrese

Připojování PC k neznámé adrese

Re: Připojování PC k neznámé adrese

Re: Připojování PC k neznámé adrese

Re: Připojování PC k neznámé adrese

Re: Připojování PC k neznámé adrese

Re: Připojování PC k neznámé adrese

Re: Připojování PC k neznámé adrese

Re: Připojování PC k neznámé adrese

Re: Připojování PC k neznámé adrese

Re: Připojování PC k neznámé adrese

Re: Připojování PC k neznámé adrese

Re: Připojování PC k neznámé adrese

Re: Připojování PC k neznámé adrese

Re: Připojování PC k neznámé adrese

Re: Připojování PC k neznámé adrese