Zpomalený internet

Zpráva

bulljoker · #1 Příspěvek od **bulljoker** » 14 srp 2014 11:52

Zdravím,
poslední asi dva týdny mám zpomalený internet,normálně jsem měl download tak 6-10mbit ale najednou to spadlo na 1,5mbit.. neschopní lidi z internethome mi řeknou že nevijou co stím je a tím to pro ně hasne,nedávno mi měnili anténu protože mi internet vypadával a teď tohle.. nevím jestli mám něco v pc nebo je to třeba modemem, každopádně bych poprosil o prozkoumání logu
jinak aktializaci síťovky,restart modemu a tak podobně jsem zkoušel ofc
tohle dělám prvně tak doufám že nic nechybí

Logfile of random's system information tool 1.10 (written by random/random)
Run by Fida at 2014-08-14 12:45:22
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 43 GB (14%) free of 305 GB
Total RAM: 8071 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:45:29, on 14.8.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Fida.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Users\Fida\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [BitTorrent Sync] "C:\Program Files (x86)\BitTorrent Sync\BTSync.exe" /MINIMIZED
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Overwolf Updater Service (OverwolfUpdaterService) - Overwolf Ltd - C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe
O23 - Service: PandoraService (PanService) - Pandora.TV - C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10049 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe"
"C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe"
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\PANDORA.TV\PanService\KMPProcess.exe" KMPProcess
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" nss 30797c46-6c6d-4a4b-966b-9a0c53e101e8 0
\??\C:\Windows\system32\conhost.exe "-1835201416-959403321364579927-587797597195598936-828373961-1270420240-348067981
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe" /starttray
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
"taskhost.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" serviceapp
\??\C:\Windows\system32\conhost.exe "653952199-1973573897-14613264741634831660-679868259-1534126179-1436734930973444703
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe" -startup
"C:\Windows\system32\wuauclt.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="528.0.126311634\1919397358" --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,16,43 --gpu-vendor-id=0x10de --gpu-device-id=0x0fc6 --gpu-driver-vendor=NVIDIA --gpu-driver-version=9.18.13.3788 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group14 pct:1e stable:r1 prefetch_results:1 reuse_instant_search_base_page:1 espv:213 query_extraction:1 display_search_button:2/ExtensionInstallVerification/Enforce/GoogleNow/Enable/GwsPrerenderNavSuggest/Default/OmniboxBundledExperimentV1/StandardR4/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-1-Percent/group_90/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --extension-process --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --channel="528.2.733588698\1803818845" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group14 pct:1e stable:r1 prefetch_results:1 reuse_instant_search_base_page:1 espv:213 query_extraction:1 display_search_button:2/ExtensionInstallVerification/Enforce/GoogleNow/Enable/GwsPrerenderNavSuggest/Default/OmniboxBundledExperimentV1/StandardR4/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-1-Percent/group_90/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --channel="528.5.1620697717\796376484" /prefetch:673131151
"C:\Program Files (x86)\Steam\Steam.exe"
"C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService
C:\Windows\system32\AUDIODG.EXE 0x5c8
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group14 pct:1e stable:r1 prefetch_results:1 reuse_instant_search_base_page:1 espv:213 query_extraction:1 display_search_button:2/ExtensionInstallVerification/Enforce/FlashHardwareVideoDecode/HwVideo/GoogleNow/Enable/GwsPrerenderNavSuggest/Default/OmniboxBundledExperimentV1/StandardR4/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-1-Percent/group_90/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --channel="528.116.1119023129\1822628249" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="528.117.1101968868\189815987" --ppapi-flash-args=enable_hw_video_decode=1 --lang=cs --ignored=" --type=renderer " /prefetch:-632637702
"C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe" /InstallOrRun "ESO_Beta"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group14 pct:1e stable:r1 prefetch_results:1 reuse_instant_search_base_page:1 espv:213 query_extraction:1 display_search_button:2/ExtensionInstallVerification/Enforce/FlashHardwareVideoDecode/HwVideo/GoogleNow/Enable/GwsPrerenderNavSuggest/Default/OmniboxBundledExperimentV1/StandardR4/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-1-Percent/group_90/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --channel="528.130.557090930\564689716" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group14 pct:1e stable:r1 prefetch_results:1 reuse_instant_search_base_page:1 espv:213 query_extraction:1 display_search_button:2/ExtensionInstallVerification/Enforce/FlashHardwareVideoDecode/HwVideo/GoogleNow/Enable/GwsPrerenderNavSuggest/Default/OmniboxBundledExperimentV1/StandardR4/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-1-Percent/group_90/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --channel="528.134.1944643773\1048253131" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group14 pct:1e stable:r1 prefetch_results:1 reuse_instant_search_base_page:1 espv:213 query_extraction:1 display_search_button:2/ExtensionInstallVerification/Enforce/FlashHardwareVideoDecode/HwVideo/GoogleNow/Enable/GwsPrerenderNavSuggest/Default/OmniboxBundledExperimentV1/StandardR4/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-1-Percent/group_90/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --channel="528.136.131080317\978600386" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group14 pct:1e stable:r1 prefetch_results:1 reuse_instant_search_base_page:1 espv:213 query_extraction:1 display_search_button:2/ExtensionInstallVerification/Enforce/FlashHardwareVideoDecode/HwVideo/GoogleNow/Enable/GwsPrerenderNavSuggest/Default/OmniboxBundledExperimentV1/StandardR4/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-1-Percent/group_90/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --channel="528.137.1702633737\192970334" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group14 pct:1e stable:r1 prefetch_results:1 reuse_instant_search_base_page:1 espv:213 query_extraction:1 display_search_button:2/ExtensionInstallVerification/Enforce/FlashHardwareVideoDecode/HwVideo/GoogleNow/Enable/GwsPrerenderNavSuggest/Default/OmniboxBundledExperimentV1/StandardR4/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-1-Percent/group_90/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --channel="528.139.895215671\675052733" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group14 pct:1e stable:r1 prefetch_results:1 reuse_instant_search_base_page:1 espv:213 query_extraction:1 display_search_button:2/ExtensionInstallVerification/Enforce/FlashHardwareVideoDecode/HwVideo/GoogleNow/Enable/GwsPrerenderNavSuggest/Default/OmniboxBundledExperimentV1/StandardR4/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-1-Percent/group_90/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --channel="528.140.1344470923\869575379" /prefetch:673131151
taskeng.exe {3E50D694-1AA0-4020-8931-41E085604848}
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe19_ Global\UsGthrCtrlFltPipeMssGthrPipe19 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 520 524 532 65536 528
"c:\program files\windows defender\MpCmdRun.exe" SpyNetService -RestrictPrivileges -AccessKey D72B8CF6-1350-8152-D0C9-DE5EF5FC624B -Reinvoke
"C:\Users\Fida\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{016ACB69-F547-0DF5-63B6-653F9FD5B031}]
YoutubeAdblocker - C:\Program Files (x86)\YoutubeAdblocker\Yw.x64.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-12-18 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-12-18 171944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2013-03-22 165872]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2013-03-22 407536]
"Persistence"=C:\Windows\system32\igfxpers.exe [2013-03-22 441840]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-02-26 13423688]
"IAStorIcon"=C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe [2013-01-31 36352]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2014-07-25 2403104]
"ShadowPlay"=C:\Windows\system32\nvspcap64.dll [2014-07-25 1283136]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AdobeBridge"= []
"BitTorrent"=C:\Users\Fida\AppData\Roaming\BitTorrent\BitTorrent.exe [2014-04-28 1240664]
"BitTorrent Sync"=C:\Program Files (x86)\BitTorrent Sync\BTSync.exe /MINIMIZED []
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-10-28 3675352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04 446392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager]
C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [2012-03-09 1073312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Users\Fida\AppData\Roaming\BitTorrent\BitTorrent.exe [2014-04-28 1240664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-10-28 3675352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EADM]
C:\Program Files (x86)\Origin\Origin.exe [2014-08-13 3600728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvBackend]
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2014-07-25 2403104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nvtmru]
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Overwolf]
C:\Program Files (x86)\Overwolf\Overwolf.exe [2013-10-23 35256]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidCall]
C:\Program Files (x86)\RaidCall\raidcall.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShadowPlay]
C:\Windows\system32\nvspcap64.dll [2014-07-25 1283136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-07-24 21650016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files (x86)\Steam\Steam.exe [2014-07-16 1753280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
C:\Users\Fida\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamePark klient 2.lnk]
C:\PROGRA~1\GAMEPA~1\gpcl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Fida^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip]
C:\Users\Fida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [2013-03-12 134616]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2013-03-06 291128]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2013-03-19 434176]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-08-14 12:45:22 ----D---- C:\rsit
2014-08-14 12:45:22 ----D---- C:\Program Files\trend micro
2014-08-14 03:01:06 ----A---- C:\Windows\SYSWOW64\infocardapi.dll
2014-08-14 03:01:06 ----A---- C:\Windows\system32\infocardapi.dll
2014-08-14 03:01:04 ----A---- C:\Windows\SYSWOW64\icardres.dll
2014-08-14 03:01:04 ----A---- C:\Windows\SYSWOW64\icardagt.exe
2014-08-14 03:01:04 ----A---- C:\Windows\system32\icardres.dll
2014-08-14 03:01:04 ----A---- C:\Windows\system32\icardagt.exe
2014-08-14 03:00:54 ----A---- C:\Windows\SYSWOW64\TsWpfWrp.exe
2014-08-14 03:00:54 ----A---- C:\Windows\system32\TsWpfWrp.exe
2014-08-13 10:02:43 ----A---- C:\Windows\system32\aepdu.dll
2014-08-13 10:02:42 ----A---- C:\Windows\system32\aeinv.dll
2014-08-13 10:01:47 ----A---- C:\Windows\SYSWOW64\KBDYAK.DLL
2014-08-13 10:01:47 ----A---- C:\Windows\SYSWOW64\KBDTAT.DLL
2014-08-13 10:01:47 ----A---- C:\Windows\SYSWOW64\KBDRU1.DLL
2014-08-13 10:01:47 ----A---- C:\Windows\SYSWOW64\KBDRU.DLL
2014-08-13 10:01:47 ----A---- C:\Windows\SYSWOW64\KBDBASH.DLL
2014-08-13 10:01:47 ----A---- C:\Windows\system32\KBDYAK.DLL
2014-08-13 10:01:47 ----A---- C:\Windows\system32\KBDTAT.DLL
2014-08-13 10:01:47 ----A---- C:\Windows\system32\KBDRU1.DLL
2014-08-13 10:01:47 ----A---- C:\Windows\system32\KBDRU.DLL
2014-08-13 10:01:47 ----A---- C:\Windows\system32\KBDBASH.DLL
2014-08-13 09:58:22 ----A---- C:\Windows\SYSWOW64\tzres.dll
2014-08-13 09:58:22 ----A---- C:\Windows\system32\tzres.dll
2014-08-13 09:57:56 ----A---- C:\Windows\system32\msi.dll
2014-08-13 09:57:55 ----A---- C:\Windows\SYSWOW64\msihnd.dll
2014-08-13 09:57:55 ----A---- C:\Windows\SYSWOW64\msi.dll
2014-08-13 09:57:55 ----A---- C:\Windows\SYSWOW64\authui.dll
2014-08-13 09:57:55 ----A---- C:\Windows\system32\msihnd.dll
2014-08-13 09:57:55 ----A---- C:\Windows\system32\consent.exe
2014-08-13 09:57:55 ----A---- C:\Windows\system32\authui.dll
2014-08-13 09:57:25 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2014-08-13 09:56:58 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2014-08-13 09:56:58 ----A---- C:\Windows\system32\win32k.sys
2014-08-13 09:56:58 ----A---- C:\Windows\system32\gdi32.dll
2014-08-13 09:56:30 ----A---- C:\Windows\SYSWOW64\shell32.dll
2014-08-13 09:56:30 ----A---- C:\Windows\system32\shell32.dll
2014-08-13 09:56:02 ----A---- C:\Windows\system32\rpcrt4.dll
2014-08-13 09:56:01 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2014-08-09 02:00:14 ----D---- C:\Users\Fida\AppData\Roaming\.mono
2014-08-01 09:58:36 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2014-08-01 09:58:36 ----A---- C:\Windows\system32\vbscript.dll
2014-08-01 09:52:39 ----A---- C:\Windows\system32\wups2.dll
2014-08-01 09:52:39 ----A---- C:\Windows\system32\wucltux.dll
2014-08-01 09:52:39 ----A---- C:\Windows\system32\wuaueng.dll
2014-08-01 09:52:39 ----A---- C:\Windows\system32\wuauclt.exe
2014-08-01 09:52:32 ----A---- C:\Windows\SYSWOW64\wups.dll
2014-08-01 09:52:32 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2014-08-01 09:52:32 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2014-08-01 09:52:32 ----A---- C:\Windows\system32\wups.dll
2014-08-01 09:52:32 ----A---- C:\Windows\system32\wudriver.dll
2014-08-01 09:52:32 ----A---- C:\Windows\system32\wuapi.dll
2014-08-01 09:52:20 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2014-08-01 09:52:20 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2014-08-01 09:52:20 ----A---- C:\Windows\system32\wuwebv.dll
2014-08-01 09:52:20 ----A---- C:\Windows\system32\wuapp.exe
2014-07-22 16:55:41 ----A---- C:\Windows\SYSWOW64\pbsvc_bc2.exe

======List of files/folders modified in the last 1 month======

2014-08-14 12:45:29 ----D---- C:\Windows\Prefetch
2014-08-14 12:45:27 ----D---- C:\Windows\Temp
2014-08-14 12:45:22 ----RD---- C:\Program Files
2014-08-14 10:13:55 ----D---- C:\Program Files (x86)\Steam
2014-08-14 07:40:20 ----D---- C:\Users\Fida\AppData\Roaming\BitTorrent
2014-08-14 04:17:59 ----SHD---- C:\System Volume Information
2014-08-14 04:13:41 ----D---- C:\Windows\system32\config
2014-08-14 04:01:58 ----D---- C:\Windows\rescache
2014-08-14 03:35:21 ----D---- C:\Windows\Microsoft.NET
2014-08-14 03:34:51 ----RSD---- C:\Windows\assembly
2014-08-14 03:25:31 ----D---- C:\Windows\winsxs
2014-08-14 03:24:51 ----D---- C:\ProgramData\NVIDIA
2014-08-14 03:23:02 ----D---- C:\Windows\ehome
2014-08-14 03:23:01 ----RSD---- C:\Windows\Fonts
2014-08-14 03:23:01 ----D---- C:\Windows\SysWOW64
2014-08-14 03:23:01 ----D---- C:\Windows\System32
2014-08-14 03:23:00 ----D---- C:\Windows\SYSWOW64\cs-CZ
2014-08-14 03:23:00 ----D---- C:\Windows\system32\cs-CZ
2014-08-14 03:22:59 ----D---- C:\Windows\system32\drivers
2014-08-14 03:20:28 ----D---- C:\Users\Fida\AppData\Roaming\Skype
2014-08-14 03:06:43 ----D---- C:\Windows\system32\catroot2
2014-08-14 03:06:42 ----D---- C:\Windows\system32\catroot
2014-08-14 03:00:36 ----SD---- C:\Windows\system32\CompatTel
2014-08-13 16:50:31 ----SHD---- C:\Windows\Installer
2014-08-13 16:50:31 ----D---- C:\ProgramData\Skype
2014-08-13 16:50:30 ----D---- C:\Program Files (x86)\Common Files
2014-08-13 13:31:13 ----D---- C:\Users\Fida\AppData\Roaming\Awesomium
2014-08-13 13:24:34 ----D---- C:\Users\Fida\AppData\Roaming\TS3Client
2014-08-13 13:04:38 ----A---- C:\Windows\SYSWOW64\PnkBstrB.exe
2014-08-13 12:36:44 ----D---- C:\ProgramData\Origin
2014-08-13 12:01:00 ----A---- C:\Windows\system32\PnkBstrA.exe
2014-08-13 11:54:02 ----D---- C:\Program Files (x86)\Origin
2014-08-12 18:04:28 ----D---- C:\Program Files\TeamSpeak 3 Client
2014-08-12 12:01:21 ----D---- C:\Windows\system32\Tasks
2014-08-12 12:01:21 ----D---- C:\Program Files (x86)\Opera
2014-08-10 21:27:29 ----D---- C:\Program Files (x86)\Battle.net
2014-08-10 16:47:17 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-08-10 16:47:16 ----D---- C:\Windows\inf
2014-08-09 14:18:01 ----SD---- C:\Users\Fida\AppData\Roaming\Microsoft
2014-08-08 02:54:48 ----D---- C:\Windows\Logs
2014-08-08 02:54:29 ----D---- C:\Windows
2014-08-08 02:31:50 ----D---- C:\Users\Fida\AppData\Roaming\DAEMON Tools Lite
2014-08-08 02:31:40 ----D---- C:\Windows\Panther
2014-08-05 16:22:42 ----D---- C:\Instalačky etc
2014-08-03 22:25:49 ----D---- C:\Program Files (x86)\World of Warcraft
2014-08-01 09:54:26 ----HD---- C:\Windows\system32\GroupPolicyUsers
2014-07-31 17:31:14 ----D---- C:\Program Files\Internet Explorer
2014-07-31 17:31:14 ----D---- C:\Program Files (x86)\Internet Explorer
2014-07-31 11:19:56 ----D---- C:\Windows\SYSWOW64\migration
2014-07-31 11:19:56 ----D---- C:\Windows\SYSWOW64\en-US
2014-07-31 11:19:56 ----D---- C:\Windows\system32\migration
2014-07-31 11:19:56 ----D---- C:\Windows\system32\en-US
2014-07-31 11:19:56 ----D---- C:\Windows\PolicyDefinitions
2014-07-30 17:25:58 ----D---- C:\Users\Fida\AppData\Roaming\BSplayer
2014-07-27 01:27:14 ----SHD---- C:\$Recycle.Bin
2014-07-27 01:27:09 ----RD---- C:\Users
2014-07-27 01:23:48 ----HD---- C:\Windows\system32\GroupPolicy
2014-07-25 23:06:38 ----D---- C:\Program Files (x86)\Origin Games
2014-07-25 15:50:29 ----A---- C:\Windows\SYSWOW64\nvspcap.dll
2014-07-25 15:50:29 ----A---- C:\Windows\SYSWOW64\nvspbridge.dll
2014-07-25 15:50:11 ----A---- C:\Windows\system32\nvspcap64.dll
2014-07-25 15:50:11 ----A---- C:\Windows\system32\nvspbridge64.dll
2014-07-22 22:34:19 ----A---- C:\Windows\SYSWOW64\PnkBstrA.exe
2014-07-17 21:36:28 ----D---- C:\Windows\system32\NDF

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStorA;iaStorA; C:\Windows\system32\DRIVERS\iaStorA.sys [2013-01-31 652784]
R0 iaStorF;iaStorF; C:\Windows\system32\DRIVERS\iaStorF.sys [2013-01-31 28656]
R0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2012-12-21 20616]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 AppleCharger;AppleCharger; C:\Windows\system32\DRIVERS\AppleCharger.sys [2013-02-19 21584]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-11-21 283064]
R2 RtNdPt60;Realtek NDIS Protocol Driver; C:\Windows\system32\DRIVERS\RtNdPt60.sys [2011-06-15 32544]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2013-03-19 4534784]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2013-02-26 3333576]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2013-03-19 442368]
R3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hub.sys [2012-12-21 366216]
R3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2012-12-21 786056]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2014-05-12 25816]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [2014-08-14 122584]
R3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [2014-05-12 63704]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2013-03-12 64624]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2013-11-28 197408]
R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-07-25 20256]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2014-03-31 40392]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2012-10-25 769168]
S1 UsbCharger;UsbCharger; C:\Windows\system32\DRIVERS\UsbCharger.sys [2013-05-06 21584]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.20); C:\Windows\system32\DRIVERS\RtTeam620.sys [2012-07-03 58512]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2); C:\Windows\system32\DRIVERS\RtVlan620.sys [2012-09-01 32400]
S3 tapSF0901;Spotflux Virtual Network Device Driver; C:\Windows\system32\DRIVERS\tapSF0901.sys [2014-01-20 39104]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-01-31 15344]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-02-13 731648]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2013-03-12 169432]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2013-03-12 366552]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-05-12 860472]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-05-12 1809720]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-07-25 1720608]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-07-25 18956064]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2014-05-20 927520]
R2 PanService;PandoraService; C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe [2013-07-08 1922600]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2014-08-13 76152]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-05-20 413128]
R3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2014-07-16 542912]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-08 116648]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09 262320]
S3 AppleChargerSrv;AppleChargerSrv; C:\Windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S3 BEService;BattlEye Service; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2014-06-30 345984]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2013-03-22 279024]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-08 116648]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-02-13 820184]
S3 NBService;NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 OverwolfUpdaterService;Overwolf Updater Service; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2013-10-23 18360]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-11-11 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

#2 Příspěvek od **Rudy** » 14 srp 2014 17:08

Zdravím!
Spusťte nejprve tuto utilitu:

Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

bulljoker · #3 Příspěvek od **bulljoker** » 14 srp 2014 18:25

# AdwCleaner v3.305 - Report created 14/08/2014 at 19:21:47
# Updated 14/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Fida - FIDA-PC
# Running from : C:\Users\Fida\Desktop\adwcleaner_3.305.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\Program Files (x86)\WinZip Registry Optimizer
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\Fida\AppData\Local\torch
Folder Deleted : C:\Users\Guest\AppData\Local\torch
File Deleted : C:\Windows\System32\GroupPolicy\User\Registry.pol
File Deleted : C:\Windows\System32\roboot64.exe

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\RegisteredApplicationsEx
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Conduit

***** [ Browsers ] *****

-\\ Internet Explorer v0.0.0.0

-\\ Google Chrome v36.0.1985.143

[ File : C:\Users\Fida\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://www.search.ask.com/web?p2=%5EBBK%5EOSJ0 ... earchTerms}
Deleted [Extension] : pljcgbedjplidkdjahbaalanadmjfgop

*************************

AdwCleaner[R0].txt - [2056 octets] - [14/08/2014 19:17:46]
AdwCleaner[R1].txt - [2116 octets] - [14/08/2014 19:18:58]
AdwCleaner[R2].txt - [1886 octets] - [14/08/2014 19:20:21]
AdwCleaner[R3].txt - [2234 octets] - [14/08/2014 19:20:44]
AdwCleaner[S0].txt - [2076 octets] - [14/08/2014 19:21:47]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2136 octets] ##########

#4 Příspěvek od **Rudy** » 14 srp 2014 18:49

Dejte nový log RSIT.

bulljoker · #5 Příspěvek od **bulljoker** » 14 srp 2014 19:26

Logfile of random's system information tool 1.10 (written by random/random)
Run by Fida at 2014-08-14 20:26:15
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 42 GB (14%) free of 305 GB
Total RAM: 8071 MB (79% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:26:18, on 14.8.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\trend micro\Fida.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Users\Fida\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [BitTorrent Sync] "C:\Program Files (x86)\BitTorrent Sync\BTSync.exe" /MINIMIZED
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Overwolf Updater Service (OverwolfUpdaterService) - Overwolf Ltd - C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe
O23 - Service: PandoraService (PanService) - Pandora.TV - C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9203 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE 0x2c8
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe" /starttray
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe"
"C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe"
C:\Windows\system32\PnkBstrA.exe
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" nss 30797c46-6c6d-4a4b-966b-9a0c53e101e8 0
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" serviceapp
\??\C:\Windows\system32\conhost.exe "853140042775834411228504494-1544501659-15557263111687957121-1706715175-34681967
\??\C:\Windows\system32\conhost.exe "1752813563-1813797739-15510321541511038284835841490-62447015214932184601661879072
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\PANDORA.TV\PanService\KMPProcess.exe" KMPProcess
"C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe" -startup
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Windows\system32\wuauclt.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe5_ Global\UsGthrCtrlFltPipeMssGthrPipe5 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Users\Fida\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{016ACB69-F547-0DF5-63B6-653F9FD5B031}]
YoutubeAdblocker - C:\Program Files (x86)\YoutubeAdblocker\Yw.x64.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-12-18 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-12-18 171944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2013-03-22 165872]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2013-03-22 407536]
"Persistence"=C:\Windows\system32\igfxpers.exe [2013-03-22 441840]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-02-26 13423688]
"IAStorIcon"=C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe [2013-01-31 36352]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2014-07-25 2403104]
"ShadowPlay"=C:\Windows\system32\nvspcap64.dll [2014-07-25 1283136]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AdobeBridge"= []
"BitTorrent"=C:\Users\Fida\AppData\Roaming\BitTorrent\BitTorrent.exe [2014-04-28 1240664]
"BitTorrent Sync"=C:\Program Files (x86)\BitTorrent Sync\BTSync.exe /MINIMIZED []
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-10-28 3675352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04 446392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager]
C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [2012-03-09 1073312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Users\Fida\AppData\Roaming\BitTorrent\BitTorrent.exe [2014-04-28 1240664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-10-28 3675352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EADM]
C:\Program Files (x86)\Origin\Origin.exe [2014-08-13 3600728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvBackend]
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2014-07-25 2403104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nvtmru]
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Overwolf]
C:\Program Files (x86)\Overwolf\Overwolf.exe [2013-10-23 35256]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidCall]
C:\Program Files (x86)\RaidCall\raidcall.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShadowPlay]
C:\Windows\system32\nvspcap64.dll [2014-07-25 1283136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-07-24 21650016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files (x86)\Steam\Steam.exe [2014-07-16 1753280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
C:\Users\Fida\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamePark klient 2.lnk]
C:\PROGRA~1\GAMEPA~1\gpcl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Fida^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip]
C:\Users\Fida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [2013-03-12 134616]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2013-03-06 291128]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2013-03-19 434176]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-08-14 19:18:11 ----A---- C:\Windows\SYSWOW64\sqlite3.dll
2014-08-14 19:17:44 ----D---- C:\AdwCleaner
2014-08-14 12:45:22 ----D---- C:\rsit
2014-08-14 12:45:22 ----D---- C:\Program Files\trend micro
2014-08-14 03:01:06 ----A---- C:\Windows\SYSWOW64\infocardapi.dll
2014-08-14 03:01:06 ----A---- C:\Windows\system32\infocardapi.dll
2014-08-14 03:01:04 ----A---- C:\Windows\SYSWOW64\icardres.dll
2014-08-14 03:01:04 ----A---- C:\Windows\SYSWOW64\icardagt.exe
2014-08-14 03:01:04 ----A---- C:\Windows\system32\icardres.dll
2014-08-14 03:01:04 ----A---- C:\Windows\system32\icardagt.exe
2014-08-14 03:00:54 ----A---- C:\Windows\SYSWOW64\TsWpfWrp.exe
2014-08-14 03:00:54 ----A---- C:\Windows\system32\TsWpfWrp.exe
2014-08-13 10:02:43 ----A---- C:\Windows\system32\aepdu.dll
2014-08-13 10:02:42 ----A---- C:\Windows\system32\aeinv.dll
2014-08-13 10:01:47 ----A---- C:\Windows\SYSWOW64\KBDYAK.DLL
2014-08-13 10:01:47 ----A---- C:\Windows\SYSWOW64\KBDTAT.DLL
2014-08-13 10:01:47 ----A---- C:\Windows\SYSWOW64\KBDRU1.DLL
2014-08-13 10:01:47 ----A---- C:\Windows\SYSWOW64\KBDRU.DLL
2014-08-13 10:01:47 ----A---- C:\Windows\SYSWOW64\KBDBASH.DLL
2014-08-13 10:01:47 ----A---- C:\Windows\system32\KBDYAK.DLL
2014-08-13 10:01:47 ----A---- C:\Windows\system32\KBDTAT.DLL
2014-08-13 10:01:47 ----A---- C:\Windows\system32\KBDRU1.DLL
2014-08-13 10:01:47 ----A---- C:\Windows\system32\KBDRU.DLL
2014-08-13 10:01:47 ----A---- C:\Windows\system32\KBDBASH.DLL
2014-08-13 09:58:22 ----A---- C:\Windows\SYSWOW64\tzres.dll
2014-08-13 09:58:22 ----A---- C:\Windows\system32\tzres.dll
2014-08-13 09:57:56 ----A---- C:\Windows\system32\msi.dll
2014-08-13 09:57:55 ----A---- C:\Windows\SYSWOW64\msihnd.dll
2014-08-13 09:57:55 ----A---- C:\Windows\SYSWOW64\msi.dll
2014-08-13 09:57:55 ----A---- C:\Windows\SYSWOW64\authui.dll
2014-08-13 09:57:55 ----A---- C:\Windows\system32\msihnd.dll
2014-08-13 09:57:55 ----A---- C:\Windows\system32\consent.exe
2014-08-13 09:57:55 ----A---- C:\Windows\system32\authui.dll
2014-08-13 09:57:25 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2014-08-13 09:56:58 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2014-08-13 09:56:58 ----A---- C:\Windows\system32\win32k.sys
2014-08-13 09:56:58 ----A---- C:\Windows\system32\gdi32.dll
2014-08-13 09:56:30 ----A---- C:\Windows\SYSWOW64\shell32.dll
2014-08-13 09:56:30 ----A---- C:\Windows\system32\shell32.dll
2014-08-13 09:56:02 ----A---- C:\Windows\system32\rpcrt4.dll
2014-08-13 09:56:01 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2014-08-09 02:00:14 ----D---- C:\Users\Fida\AppData\Roaming\.mono
2014-08-01 09:58:36 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2014-08-01 09:58:36 ----A---- C:\Windows\system32\vbscript.dll
2014-08-01 09:52:39 ----A---- C:\Windows\system32\wups2.dll
2014-08-01 09:52:39 ----A---- C:\Windows\system32\wucltux.dll
2014-08-01 09:52:39 ----A---- C:\Windows\system32\wuaueng.dll
2014-08-01 09:52:39 ----A---- C:\Windows\system32\wuauclt.exe
2014-08-01 09:52:32 ----A---- C:\Windows\SYSWOW64\wups.dll
2014-08-01 09:52:32 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2014-08-01 09:52:32 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2014-08-01 09:52:32 ----A---- C:\Windows\system32\wups.dll
2014-08-01 09:52:32 ----A---- C:\Windows\system32\wudriver.dll
2014-08-01 09:52:32 ----A---- C:\Windows\system32\wuapi.dll
2014-08-01 09:52:20 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2014-08-01 09:52:20 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2014-08-01 09:52:20 ----A---- C:\Windows\system32\wuwebv.dll
2014-08-01 09:52:20 ----A---- C:\Windows\system32\wuapp.exe
2014-07-22 16:55:41 ----A---- C:\Windows\SYSWOW64\pbsvc_bc2.exe

======List of files/folders modified in the last 1 month======

2014-08-14 20:26:18 ----D---- C:\Windows\Temp
2014-08-14 20:26:09 ----D---- C:\Program Files (x86)\Steam
2014-08-14 19:37:17 ----D---- C:\Windows\Prefetch
2014-08-14 19:37:11 ----D---- C:\Program Files (x86)\Battle.net
2014-08-14 19:36:33 ----D---- C:\Windows\system32\config
2014-08-14 19:25:03 ----D---- C:\Users\Fida\AppData\Roaming\BitTorrent
2014-08-14 19:22:54 ----D---- C:\ProgramData\NVIDIA
2014-08-14 19:22:45 ----D---- C:\Windows
2014-08-14 19:21:48 ----D---- C:\Windows\System32
2014-08-14 19:21:47 ----HD---- C:\ProgramData
2014-08-14 19:18:11 ----D---- C:\Windows\SysWOW64
2014-08-14 14:47:47 ----D---- C:\Users\Fida\AppData\Roaming\TS3Client
2014-08-14 12:56:26 ----D---- C:\Users\Fida\AppData\Roaming\Awesomium
2014-08-14 12:45:22 ----RD---- C:\Program Files
2014-08-14 04:17:59 ----SHD---- C:\System Volume Information
2014-08-14 04:01:58 ----D---- C:\Windows\rescache
2014-08-14 03:35:21 ----D---- C:\Windows\Microsoft.NET
2014-08-14 03:34:51 ----RSD---- C:\Windows\assembly
2014-08-14 03:25:31 ----D---- C:\Windows\winsxs
2014-08-14 03:23:02 ----D---- C:\Windows\ehome
2014-08-14 03:23:01 ----RSD---- C:\Windows\Fonts
2014-08-14 03:23:00 ----D---- C:\Windows\SYSWOW64\cs-CZ
2014-08-14 03:23:00 ----D---- C:\Windows\system32\cs-CZ
2014-08-14 03:22:59 ----D---- C:\Windows\system32\drivers
2014-08-14 03:20:28 ----D---- C:\Users\Fida\AppData\Roaming\Skype
2014-08-14 03:06:43 ----D---- C:\Windows\system32\catroot2
2014-08-14 03:06:42 ----D---- C:\Windows\system32\catroot
2014-08-14 03:00:36 ----SD---- C:\Windows\system32\CompatTel
2014-08-13 16:50:31 ----SHD---- C:\Windows\Installer
2014-08-13 16:50:31 ----D---- C:\ProgramData\Skype
2014-08-13 16:50:30 ----D---- C:\Program Files (x86)\Common Files
2014-08-13 13:04:38 ----A---- C:\Windows\SYSWOW64\PnkBstrB.exe
2014-08-13 12:36:44 ----D---- C:\ProgramData\Origin
2014-08-13 12:01:00 ----A---- C:\Windows\system32\PnkBstrA.exe
2014-08-13 11:54:02 ----D---- C:\Program Files (x86)\Origin
2014-08-12 18:04:28 ----D---- C:\Program Files\TeamSpeak 3 Client
2014-08-12 12:01:21 ----D---- C:\Windows\system32\Tasks
2014-08-12 12:01:21 ----D---- C:\Program Files (x86)\Opera
2014-08-10 16:47:17 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-08-10 16:47:16 ----D---- C:\Windows\inf
2014-08-09 14:18:01 ----SD---- C:\Users\Fida\AppData\Roaming\Microsoft
2014-08-08 02:54:48 ----D---- C:\Windows\Logs
2014-08-08 02:31:50 ----D---- C:\Users\Fida\AppData\Roaming\DAEMON Tools Lite
2014-08-08 02:31:40 ----D---- C:\Windows\Panther
2014-08-05 16:22:42 ----D---- C:\Instalačky etc
2014-08-03 22:25:49 ----D---- C:\Program Files (x86)\World of Warcraft
2014-08-01 09:54:26 ----HD---- C:\Windows\system32\GroupPolicyUsers
2014-07-31 17:31:14 ----D---- C:\Program Files\Internet Explorer
2014-07-31 17:31:14 ----D---- C:\Program Files (x86)\Internet Explorer
2014-07-31 11:19:56 ----D---- C:\Windows\SYSWOW64\migration
2014-07-31 11:19:56 ----D---- C:\Windows\SYSWOW64\en-US
2014-07-31 11:19:56 ----D---- C:\Windows\system32\migration
2014-07-31 11:19:56 ----D---- C:\Windows\system32\en-US
2014-07-31 11:19:56 ----D---- C:\Windows\PolicyDefinitions
2014-07-30 17:25:58 ----D---- C:\Users\Fida\AppData\Roaming\BSplayer
2014-07-27 01:27:14 ----SHD---- C:\$Recycle.Bin
2014-07-27 01:27:09 ----RD---- C:\Users
2014-07-27 01:23:48 ----HD---- C:\Windows\system32\GroupPolicy
2014-07-25 23:06:38 ----D---- C:\Program Files (x86)\Origin Games
2014-07-25 15:50:29 ----A---- C:\Windows\SYSWOW64\nvspcap.dll
2014-07-25 15:50:29 ----A---- C:\Windows\SYSWOW64\nvspbridge.dll
2014-07-25 15:50:11 ----A---- C:\Windows\system32\nvspcap64.dll
2014-07-25 15:50:11 ----A---- C:\Windows\system32\nvspbridge64.dll
2014-07-22 22:34:19 ----A---- C:\Windows\SYSWOW64\PnkBstrA.exe
2014-07-17 21:36:28 ----D---- C:\Windows\system32\NDF

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStorA;iaStorA; C:\Windows\system32\DRIVERS\iaStorA.sys [2013-01-31 652784]
R0 iaStorF;iaStorF; C:\Windows\system32\DRIVERS\iaStorF.sys [2013-01-31 28656]
R0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2012-12-21 20616]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 AppleCharger;AppleCharger; C:\Windows\system32\DRIVERS\AppleCharger.sys [2013-02-19 21584]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-11-21 283064]
R2 RtNdPt60;Realtek NDIS Protocol Driver; C:\Windows\system32\DRIVERS\RtNdPt60.sys [2011-06-15 32544]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2013-03-19 4534784]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2013-02-26 3333576]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2013-03-19 442368]
R3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hub.sys [2012-12-21 366216]
R3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2012-12-21 786056]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2014-05-12 25816]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [2014-08-14 122584]
R3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [2014-05-12 63704]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2013-03-12 64624]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2013-11-28 197408]
R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-07-25 20256]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2014-03-31 40392]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2012-10-25 769168]
S1 UsbCharger;UsbCharger; C:\Windows\system32\DRIVERS\UsbCharger.sys [2013-05-06 21584]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.20); C:\Windows\system32\DRIVERS\RtTeam620.sys [2012-07-03 58512]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2); C:\Windows\system32\DRIVERS\RtVlan620.sys [2012-09-01 32400]
S3 tapSF0901;Spotflux Virtual Network Device Driver; C:\Windows\system32\DRIVERS\tapSF0901.sys [2014-01-20 39104]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-01-31 15344]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-02-13 731648]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2013-03-12 169432]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2013-03-12 366552]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-05-12 860472]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-05-12 1809720]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-07-25 1720608]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-07-25 18956064]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2014-05-20 927520]
R2 PanService;PandoraService; C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe [2013-07-08 1922600]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2014-08-13 76152]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-05-20 413128]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-08 116648]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09 262320]
S3 AppleChargerSrv;AppleChargerSrv; C:\Windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S3 BEService;BattlEye Service; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2014-06-30 345984]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2013-03-22 279024]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-08 116648]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-02-13 820184]
S3 NBService;NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 OverwolfUpdaterService;Overwolf Updater Service; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2013-10-23 18360]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2014-07-16 542912]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-11-11 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

#6 Příspěvek od **Rudy** » 14 srp 2014 20:33

Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:

:files
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

:reg
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

:commands
[Purity]
[Emptytemp]
[Emptyflash]

a klikněte na >MoveIt!<. Po skenu restartujte PC a dejte nový log RSIT.

bulljoker · #7 Příspěvek od **bulljoker** » 14 srp 2014 21:05

Logfile of random's system information tool 1.10 (written by random/random)
Run by Fida at 2014-08-14 22:04:38
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 43 GB (14%) free of 305 GB
Total RAM: 8071 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:04:43, on 14.8.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
C:\Users\Fida\AppData\Roaming\BitTorrent\BitTorrent.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Fida.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Users\Fida\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [BitTorrent Sync] "C:\Program Files (x86)\BitTorrent Sync\BTSync.exe" /MINIMIZED
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Overwolf Updater Service (OverwolfUpdaterService) - Overwolf Ltd - C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe
O23 - Service: PandoraService (PanService) - Pandora.TV - C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9722 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE 0x2e0
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
taskeng.exe {9824785A-EB16-4BBE-ACF0-5A47FB864F2F}
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe"
"C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe"
C:\Windows\system32\PnkBstrA.exe
"C:\Program Files (x86)\Skype\Updater\Updater.exe"
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe" /starttray
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" nss 30797c46-6c6d-4a4b-966b-9a0c53e101e8 0
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" serviceapp
\??\C:\Windows\system32\conhost.exe "-730690474-5975674841522347073-113131050878407004-52298010214270880141499330746
\??\C:\Windows\system32\conhost.exe "-1560118384-12416945991790241529-164751220210531697891721177151-489412128491178936
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"taskhost.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\PANDORA.TV\PanService\KMPProcess.exe" KMPProcess
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\notepad.exe" C:\_OTM\MovedFiles\08142014_220018.log
"C:\Windows\System32\igfxpers.exe"
C:\Windows\System32\svchost.exe -k WerSvcGroup
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
"C:\Users\Fida\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZED
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
C:\Windows\sysWOW64\wbem\wmiprvse.exe -Embedding
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="4696.0.1456084212\961156665" --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,16,43 --gpu-vendor-id=0x10de --gpu-device-id=0x0fc6 --gpu-driver-vendor=NVIDIA --gpu-driver-version=9.18.13.3788 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group14 pct:1e stable:r1 prefetch_results:1 reuse_instant_search_base_page:1 espv:213 query_extraction:1 display_search_button:2/ExtensionInstallVerification/Enforce/GoogleNow/Enable/GwsPrerenderNavSuggest/Default/OmniboxBundledExperimentV1/StandardR4/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/default/UMA-Uniformity-Trial-1-Percent/group_90/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --extension-process --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --channel="4696.2.315820493\1103124610" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group14 pct:1e stable:r1 prefetch_results:1 reuse_instant_search_base_page:1 espv:213 query_extraction:1 display_search_button:2/ExtensionInstallVerification/Enforce/GoogleNow/Enable/GwsPrerenderNavSuggest/Default/OmniboxBundledExperimentV1/StandardR4/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/default/UMA-Uniformity-Trial-1-Percent/group_90/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --channel="4696.5.1360098947\107911389" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group14 pct:1e stable:r1 prefetch_results:1 reuse_instant_search_base_page:1 espv:213 query_extraction:1 display_search_button:2/ExtensionInstallVerification/Enforce/GoogleNow/Enable/GwsPrerenderNavSuggest/Default/OmniboxBundledExperimentV1/StandardR4/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/default/UMA-Uniformity-Trial-1-Percent/group_90/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --channel="4696.6.1172139103\1103085684" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group14 pct:1e stable:r1 prefetch_results:1 reuse_instant_search_base_page:1 espv:213 query_extraction:1 display_search_button:2/ExtensionInstallVerification/Enforce/GoogleNow/Enable/GwsPrerenderNavSuggest/Default/OmniboxBundledExperimentV1/StandardR4/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/default/UMA-Uniformity-Trial-1-Percent/group_90/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --channel="4696.7.950260690\700481934" /prefetch:673131151
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
"C:\Users\Fida\Desktop\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{016ACB69-F547-0DF5-63B6-653F9FD5B031}]
YoutubeAdblocker - C:\Program Files (x86)\YoutubeAdblocker\Yw.x64.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-12-18 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-12-18 171944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2013-03-22 165872]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2013-03-22 407536]
"Persistence"=C:\Windows\system32\igfxpers.exe [2013-03-22 441840]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-02-26 13423688]
"IAStorIcon"=C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe [2013-01-31 36352]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2014-07-25 2403104]
"ShadowPlay"=C:\Windows\system32\nvspcap64.dll [2014-07-25 1283136]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AdobeBridge"= []
"BitTorrent"=C:\Users\Fida\AppData\Roaming\BitTorrent\BitTorrent.exe [2014-04-28 1240664]
"BitTorrent Sync"=C:\Program Files (x86)\BitTorrent Sync\BTSync.exe /MINIMIZED []
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-10-28 3675352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04 446392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager]
C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [2012-03-09 1073312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Users\Fida\AppData\Roaming\BitTorrent\BitTorrent.exe [2014-04-28 1240664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-10-28 3675352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EADM]
C:\Program Files (x86)\Origin\Origin.exe [2014-08-13 3600728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvBackend]
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2014-07-25 2403104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nvtmru]
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Overwolf]
C:\Program Files (x86)\Overwolf\Overwolf.exe [2013-10-23 35256]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidCall]
C:\Program Files (x86)\RaidCall\raidcall.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShadowPlay]
C:\Windows\system32\nvspcap64.dll [2014-07-25 1283136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-07-24 21650016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files (x86)\Steam\Steam.exe [2014-08-14 1937600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
C:\Users\Fida\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamePark klient 2.lnk]
C:\PROGRA~1\GAMEPA~1\gpcl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Fida^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip]
C:\Users\Fida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [2013-03-12 134616]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2013-03-06 291128]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2013-03-19 434176]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-08-14 22:00:18 ----D---- C:\_OTM
2014-08-14 19:18:11 ----A---- C:\Windows\SYSWOW64\sqlite3.dll
2014-08-14 19:17:44 ----D---- C:\AdwCleaner
2014-08-14 12:45:22 ----D---- C:\rsit
2014-08-14 12:45:22 ----D---- C:\Program Files\trend micro
2014-08-14 03:01:06 ----A---- C:\Windows\SYSWOW64\infocardapi.dll
2014-08-14 03:01:06 ----A---- C:\Windows\system32\infocardapi.dll
2014-08-14 03:01:04 ----A---- C:\Windows\SYSWOW64\icardres.dll
2014-08-14 03:01:04 ----A---- C:\Windows\SYSWOW64\icardagt.exe
2014-08-14 03:01:04 ----A---- C:\Windows\system32\icardres.dll
2014-08-14 03:01:04 ----A---- C:\Windows\system32\icardagt.exe
2014-08-14 03:00:54 ----A---- C:\Windows\SYSWOW64\TsWpfWrp.exe
2014-08-14 03:00:54 ----A---- C:\Windows\system32\TsWpfWrp.exe
2014-08-13 10:02:43 ----A---- C:\Windows\system32\aepdu.dll
2014-08-13 10:02:42 ----A---- C:\Windows\system32\aeinv.dll
2014-08-13 10:01:47 ----A---- C:\Windows\SYSWOW64\KBDYAK.DLL
2014-08-13 10:01:47 ----A---- C:\Windows\SYSWOW64\KBDTAT.DLL
2014-08-13 10:01:47 ----A---- C:\Windows\SYSWOW64\KBDRU1.DLL
2014-08-13 10:01:47 ----A---- C:\Windows\SYSWOW64\KBDRU.DLL
2014-08-13 10:01:47 ----A---- C:\Windows\SYSWOW64\KBDBASH.DLL
2014-08-13 10:01:47 ----A---- C:\Windows\system32\KBDYAK.DLL
2014-08-13 10:01:47 ----A---- C:\Windows\system32\KBDTAT.DLL
2014-08-13 10:01:47 ----A---- C:\Windows\system32\KBDRU1.DLL
2014-08-13 10:01:47 ----A---- C:\Windows\system32\KBDRU.DLL
2014-08-13 10:01:47 ----A---- C:\Windows\system32\KBDBASH.DLL
2014-08-13 09:58:22 ----A---- C:\Windows\SYSWOW64\tzres.dll
2014-08-13 09:58:22 ----A---- C:\Windows\system32\tzres.dll
2014-08-13 09:57:56 ----A---- C:\Windows\system32\msi.dll
2014-08-13 09:57:55 ----A---- C:\Windows\SYSWOW64\msihnd.dll
2014-08-13 09:57:55 ----A---- C:\Windows\SYSWOW64\msi.dll
2014-08-13 09:57:55 ----A---- C:\Windows\SYSWOW64\authui.dll
2014-08-13 09:57:55 ----A---- C:\Windows\system32\msihnd.dll
2014-08-13 09:57:55 ----A---- C:\Windows\system32\consent.exe
2014-08-13 09:57:55 ----A---- C:\Windows\system32\authui.dll
2014-08-13 09:57:25 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2014-08-13 09:56:58 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2014-08-13 09:56:58 ----A---- C:\Windows\system32\win32k.sys
2014-08-13 09:56:58 ----A---- C:\Windows\system32\gdi32.dll
2014-08-13 09:56:30 ----A---- C:\Windows\SYSWOW64\shell32.dll
2014-08-13 09:56:30 ----A---- C:\Windows\system32\shell32.dll
2014-08-13 09:56:02 ----A---- C:\Windows\system32\rpcrt4.dll
2014-08-13 09:56:01 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2014-08-09 02:00:14 ----D---- C:\Users\Fida\AppData\Roaming\.mono
2014-08-01 09:58:36 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2014-08-01 09:58:36 ----A---- C:\Windows\system32\vbscript.dll
2014-08-01 09:52:39 ----A---- C:\Windows\system32\wups2.dll
2014-08-01 09:52:39 ----A---- C:\Windows\system32\wucltux.dll
2014-08-01 09:52:39 ----A---- C:\Windows\system32\wuaueng.dll
2014-08-01 09:52:39 ----A---- C:\Windows\system32\wuauclt.exe
2014-08-01 09:52:32 ----A---- C:\Windows\SYSWOW64\wups.dll
2014-08-01 09:52:32 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2014-08-01 09:52:32 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2014-08-01 09:52:32 ----A---- C:\Windows\system32\wups.dll
2014-08-01 09:52:32 ----A---- C:\Windows\system32\wudriver.dll
2014-08-01 09:52:32 ----A---- C:\Windows\system32\wuapi.dll
2014-08-01 09:52:20 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2014-08-01 09:52:20 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2014-08-01 09:52:20 ----A---- C:\Windows\system32\wuwebv.dll
2014-08-01 09:52:20 ----A---- C:\Windows\system32\wuapp.exe
2014-07-22 16:55:41 ----A---- C:\Windows\SYSWOW64\pbsvc_bc2.exe

======List of files/folders modified in the last 1 month======

2014-08-14 22:04:41 ----D---- C:\Users\Fida\AppData\Roaming\BitTorrent
2014-08-14 22:03:55 ----D---- C:\Windows\Prefetch
2014-08-14 22:03:39 ----D---- C:\Windows\Temp
2014-08-14 22:02:57 ----D---- C:\ProgramData\NVIDIA
2014-08-14 22:00:47 ----D---- C:\Windows
2014-08-14 22:00:18 ----D---- C:\Windows\Tasks
2014-08-14 21:59:51 ----D---- C:\Program Files (x86)\Steam
2014-08-14 19:37:11 ----D---- C:\Program Files (x86)\Battle.net
2014-08-14 19:36:33 ----D---- C:\Windows\system32\config
2014-08-14 19:21:48 ----D---- C:\Windows\System32
2014-08-14 19:21:47 ----HD---- C:\ProgramData
2014-08-14 19:18:11 ----D---- C:\Windows\SysWOW64
2014-08-14 14:47:47 ----D---- C:\Users\Fida\AppData\Roaming\TS3Client
2014-08-14 12:56:26 ----D---- C:\Users\Fida\AppData\Roaming\Awesomium
2014-08-14 12:45:22 ----RD---- C:\Program Files
2014-08-14 04:17:59 ----SHD---- C:\System Volume Information
2014-08-14 04:01:58 ----D---- C:\Windows\rescache
2014-08-14 03:35:21 ----D---- C:\Windows\Microsoft.NET
2014-08-14 03:34:51 ----RSD---- C:\Windows\assembly
2014-08-14 03:25:31 ----D---- C:\Windows\winsxs
2014-08-14 03:23:02 ----D---- C:\Windows\ehome
2014-08-14 03:23:01 ----RSD---- C:\Windows\Fonts
2014-08-14 03:23:00 ----D---- C:\Windows\SYSWOW64\cs-CZ
2014-08-14 03:23:00 ----D---- C:\Windows\system32\cs-CZ
2014-08-14 03:22:59 ----D---- C:\Windows\system32\drivers
2014-08-14 03:20:28 ----D---- C:\Users\Fida\AppData\Roaming\Skype
2014-08-14 03:06:43 ----D---- C:\Windows\system32\catroot2
2014-08-14 03:06:42 ----D---- C:\Windows\system32\catroot
2014-08-14 03:00:36 ----SD---- C:\Windows\system32\CompatTel
2014-08-13 16:50:31 ----SHD---- C:\Windows\Installer
2014-08-13 16:50:31 ----D---- C:\ProgramData\Skype
2014-08-13 16:50:30 ----D---- C:\Program Files (x86)\Common Files
2014-08-13 13:04:38 ----A---- C:\Windows\SYSWOW64\PnkBstrB.exe
2014-08-13 12:36:44 ----D---- C:\ProgramData\Origin
2014-08-13 12:01:00 ----A---- C:\Windows\system32\PnkBstrA.exe
2014-08-13 11:54:02 ----D---- C:\Program Files (x86)\Origin
2014-08-12 18:04:28 ----D---- C:\Program Files\TeamSpeak 3 Client
2014-08-12 12:01:21 ----D---- C:\Windows\system32\Tasks
2014-08-12 12:01:21 ----D---- C:\Program Files (x86)\Opera
2014-08-10 16:47:17 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-08-10 16:47:16 ----D---- C:\Windows\inf
2014-08-09 14:18:01 ----SD---- C:\Users\Fida\AppData\Roaming\Microsoft
2014-08-08 02:54:48 ----D---- C:\Windows\Logs
2014-08-08 02:31:50 ----D---- C:\Users\Fida\AppData\Roaming\DAEMON Tools Lite
2014-08-08 02:31:40 ----D---- C:\Windows\Panther
2014-08-05 16:22:42 ----D---- C:\Instalačky etc
2014-08-03 22:25:49 ----D---- C:\Program Files (x86)\World of Warcraft
2014-08-01 09:54:26 ----HD---- C:\Windows\system32\GroupPolicyUsers
2014-07-31 17:31:14 ----D---- C:\Program Files\Internet Explorer
2014-07-31 17:31:14 ----D---- C:\Program Files (x86)\Internet Explorer
2014-07-31 11:19:56 ----D---- C:\Windows\SYSWOW64\migration
2014-07-31 11:19:56 ----D---- C:\Windows\SYSWOW64\en-US
2014-07-31 11:19:56 ----D---- C:\Windows\system32\migration
2014-07-31 11:19:56 ----D---- C:\Windows\system32\en-US
2014-07-31 11:19:56 ----D---- C:\Windows\PolicyDefinitions
2014-07-30 17:25:58 ----D---- C:\Users\Fida\AppData\Roaming\BSplayer
2014-07-27 01:27:14 ----SHD---- C:\$Recycle.Bin
2014-07-27 01:27:09 ----RD---- C:\Users
2014-07-27 01:23:48 ----HD---- C:\Windows\system32\GroupPolicy
2014-07-25 23:06:38 ----D---- C:\Program Files (x86)\Origin Games
2014-07-25 15:50:29 ----A---- C:\Windows\SYSWOW64\nvspcap.dll
2014-07-25 15:50:29 ----A---- C:\Windows\SYSWOW64\nvspbridge.dll
2014-07-25 15:50:11 ----A---- C:\Windows\system32\nvspcap64.dll
2014-07-25 15:50:11 ----A---- C:\Windows\system32\nvspbridge64.dll
2014-07-22 22:34:19 ----A---- C:\Windows\SYSWOW64\PnkBstrA.exe
2014-07-17 21:36:28 ----D---- C:\Windows\system32\NDF

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStorA;iaStorA; C:\Windows\system32\DRIVERS\iaStorA.sys [2013-01-31 652784]
R0 iaStorF;iaStorF; C:\Windows\system32\DRIVERS\iaStorF.sys [2013-01-31 28656]
R0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2012-12-21 20616]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 AppleCharger;AppleCharger; C:\Windows\system32\DRIVERS\AppleCharger.sys [2013-02-19 21584]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-11-21 283064]
R2 RtNdPt60;Realtek NDIS Protocol Driver; C:\Windows\system32\DRIVERS\RtNdPt60.sys [2011-06-15 32544]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2013-03-19 4534784]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2013-02-26 3333576]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2013-03-19 442368]
R3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hub.sys [2012-12-21 366216]
R3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2012-12-21 786056]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2014-05-12 25816]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [2014-08-14 122584]
R3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [2014-05-12 63704]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2013-03-12 64624]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2013-11-28 197408]
R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-07-25 20256]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2014-03-31 40392]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2012-10-25 769168]
S1 UsbCharger;UsbCharger; C:\Windows\system32\DRIVERS\UsbCharger.sys [2013-05-06 21584]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.20); C:\Windows\system32\DRIVERS\RtTeam620.sys [2012-07-03 58512]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2); C:\Windows\system32\DRIVERS\RtVlan620.sys [2012-09-01 32400]
S3 tapSF0901;Spotflux Virtual Network Device Driver; C:\Windows\system32\DRIVERS\tapSF0901.sys [2014-01-20 39104]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-02-13 731648]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-05-12 860472]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-05-12 1809720]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-07-25 1720608]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-07-25 18956064]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2014-05-20 927520]
R2 PanService;PandoraService; C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe [2013-07-08 1922600]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2014-08-13 76152]
R2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-05-20 413128]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-08 116648]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-01-31 15344]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2013-03-12 169432]
S2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2013-03-12 366552]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09 262320]
S3 AppleChargerSrv;AppleChargerSrv; C:\Windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S3 BEService;BattlEye Service; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2014-06-30 345984]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2013-03-22 279024]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-08 116648]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-02-13 820184]
S3 NBService;NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 OverwolfUpdaterService;Overwolf Updater Service; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2013-10-23 18360]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2014-08-14 833728]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-11-11 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

#8 Příspěvek od **Rudy** » 14 srp 2014 21:26

Dvouklikem na soubor C:\Program Files\trend micro\Fida.exe spusťte HijackThis. Klikněte na "Do a system scan only" a v otevřeném okně vlevo ve čtverečcích zaškrtněte:

O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com

Klikněte na >FixChecked<. Pak znovu spusťte OTM a klikněte na >CleanUp!<. OTM po sobě uklidí. Nakonec restartujte PC.

bulljoker · #9 Příspěvek od **bulljoker** » 14 srp 2014 21:44

tak hotovo,ale internet zůstal bohužel stejně pomalej,takže to asi bude tím modemem nebo nevím

#10 Příspěvek od **Rudy** » 15 srp 2014 15:49

Zkusíme ještě ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.

bulljoker · #11 Příspěvek od **bulljoker** » 15 srp 2014 17:26

furt stejný,tady je log

ComboFix 14-08-15.01 - Fida 15.08.2014 18:18:22.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.8071.6107 [GMT 2:00]
Spuštěný z: c:\users\Fida\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\daamjmcoamjhiidlhpgdlcnnodkedimp
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\daamjmcoamjhiidlhpgdlcnnodkedimp\1.0\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\daamjmcoamjhiidlhpgdlcnnodkedimp\1.0\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\daamjmcoamjhiidlhpgdlcnnodkedimp\1.0\GbgW.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\daamjmcoamjhiidlhpgdlcnnodkedimp\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\daamjmcoamjhiidlhpgdlcnnodkedimp\1.0\manifest.json
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hcgokbaiolpdakelaljgnojjekeogkma
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hcgokbaiolpdakelaljgnojjekeogkma\2.7\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hcgokbaiolpdakelaljgnojjekeogkma\2.7\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hcgokbaiolpdakelaljgnojjekeogkma\2.7\l542hTQai9OB.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hcgokbaiolpdakelaljgnojjekeogkma\2.7\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hcgokbaiolpdakelaljgnojjekeogkma\2.7\manifest.json
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan\105\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan\105\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan\105\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan\105\manifest.json
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan\105\s0K7yuIZ5.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nhcloglpfhidhebcljjfejlmjbahoglj
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nhcloglpfhidhebcljjfejlmjbahoglj\1.1\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nhcloglpfhidhebcljjfejlmjbahoglj\1.1\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nhcloglpfhidhebcljjfejlmjbahoglj\1.1\eG2Dwbpp5.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nhcloglpfhidhebcljjfejlmjbahoglj\1.1\icon48.png
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nhcloglpfhidhebcljjfejlmjbahoglj\1.1\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nhcloglpfhidhebcljjfejlmjbahoglj\1.1\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\daamjmcoamjhiidlhpgdlcnnodkedimp
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\daamjmcoamjhiidlhpgdlcnnodkedimp\1.0\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\daamjmcoamjhiidlhpgdlcnnodkedimp\1.0\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\daamjmcoamjhiidlhpgdlcnnodkedimp\1.0\GbgW.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\daamjmcoamjhiidlhpgdlcnnodkedimp\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\daamjmcoamjhiidlhpgdlcnnodkedimp\1.0\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hcgokbaiolpdakelaljgnojjekeogkma
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hcgokbaiolpdakelaljgnojjekeogkma\2.7\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hcgokbaiolpdakelaljgnojjekeogkma\2.7\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hcgokbaiolpdakelaljgnojjekeogkma\2.7\l542hTQai9OB.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hcgokbaiolpdakelaljgnojjekeogkma\2.7\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hcgokbaiolpdakelaljgnojjekeogkma\2.7\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan\105\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan\105\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan\105\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan\105\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan\105\s0K7yuIZ5.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nhcloglpfhidhebcljjfejlmjbahoglj
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nhcloglpfhidhebcljjfejlmjbahoglj\1.1\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nhcloglpfhidhebcljjfejlmjbahoglj\1.1\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nhcloglpfhidhebcljjfejlmjbahoglj\1.1\eG2Dwbpp5.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nhcloglpfhidhebcljjfejlmjbahoglj\1.1\icon48.png
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nhcloglpfhidhebcljjfejlmjbahoglj\1.1\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nhcloglpfhidhebcljjfejlmjbahoglj\1.1\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\daamjmcoamjhiidlhpgdlcnnodkedimp
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\daamjmcoamjhiidlhpgdlcnnodkedimp\1.0\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\daamjmcoamjhiidlhpgdlcnnodkedimp\1.0\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\daamjmcoamjhiidlhpgdlcnnodkedimp\1.0\GbgW.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\daamjmcoamjhiidlhpgdlcnnodkedimp\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\daamjmcoamjhiidlhpgdlcnnodkedimp\1.0\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcgokbaiolpdakelaljgnojjekeogkma
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcgokbaiolpdakelaljgnojjekeogkma\2.7\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcgokbaiolpdakelaljgnojjekeogkma\2.7\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcgokbaiolpdakelaljgnojjekeogkma\2.7\l542hTQai9OB.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcgokbaiolpdakelaljgnojjekeogkma\2.7\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcgokbaiolpdakelaljgnojjekeogkma\2.7\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan\105\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan\105\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan\105\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan\105\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan\105\s0K7yuIZ5.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhcloglpfhidhebcljjfejlmjbahoglj
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhcloglpfhidhebcljjfejlmjbahoglj\1.1\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhcloglpfhidhebcljjfejlmjbahoglj\1.1\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhcloglpfhidhebcljjfejlmjbahoglj\1.1\eG2Dwbpp5.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhcloglpfhidhebcljjfejlmjbahoglj\1.1\icon48.png
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhcloglpfhidhebcljjfejlmjbahoglj\1.1\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhcloglpfhidhebcljjfejlmjbahoglj\1.1\manifest.json
c:\users\Fida\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\daamjmcoamjhiidlhpgdlcnnodkedimp
c:\users\Fida\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\daamjmcoamjhiidlhpgdlcnnodkedimp\1.0\background.html
c:\users\Fida\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\daamjmcoamjhiidlhpgdlcnnodkedimp\1.0\content.js
c:\users\Fida\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\daamjmcoamjhiidlhpgdlcnnodkedimp\1.0\GbgW.js
c:\users\Fida\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\daamjmcoamjhiidlhpgdlcnnodkedimp\1.0\lsdb.js
c:\users\Fida\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\daamjmcoamjhiidlhpgdlcnnodkedimp\1.0\manifest.json
c:\users\Fida\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hcgokbaiolpdakelaljgnojjekeogkma
c:\users\Fida\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hcgokbaiolpdakelaljgnojjekeogkma\2.7\background.html
c:\users\Fida\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hcgokbaiolpdakelaljgnojjekeogkma\2.7\content.js
c:\users\Fida\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hcgokbaiolpdakelaljgnojjekeogkma\2.7\l542hTQai9OB.js
c:\users\Fida\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hcgokbaiolpdakelaljgnojjekeogkma\2.7\lsdb.js
c:\users\Fida\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hcgokbaiolpdakelaljgnojjekeogkma\2.7\manifest.json
c:\users\Fida\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan
c:\users\Fida\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan\105\background.html
c:\users\Fida\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan\105\content.js
c:\users\Fida\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan\105\lsdb.js
c:\users\Fida\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan\105\manifest.json
c:\users\Fida\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan\105\s0K7yuIZ5.js
c:\users\Fida\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nhcloglpfhidhebcljjfejlmjbahoglj
c:\users\Fida\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nhcloglpfhidhebcljjfejlmjbahoglj\1.1\background.html
c:\users\Fida\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nhcloglpfhidhebcljjfejlmjbahoglj\1.1\content.js
c:\users\Fida\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nhcloglpfhidhebcljjfejlmjbahoglj\1.1\eG2Dwbpp5.js
c:\users\Fida\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nhcloglpfhidhebcljjfejlmjbahoglj\1.1\icon48.png
c:\users\Fida\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nhcloglpfhidhebcljjfejlmjbahoglj\1.1\lsdb.js
c:\users\Fida\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nhcloglpfhidhebcljjfejlmjbahoglj\1.1\manifest.json
c:\users\Fida\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\daamjmcoamjhiidlhpgdlcnnodkedimp
c:\users\Fida\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\daamjmcoamjhiidlhpgdlcnnodkedimp\1.0\background.html
c:\users\Fida\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\daamjmcoamjhiidlhpgdlcnnodkedimp\1.0\content.js
c:\users\Fida\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\daamjmcoamjhiidlhpgdlcnnodkedimp\1.0\GbgW.js
c:\users\Fida\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\daamjmcoamjhiidlhpgdlcnnodkedimp\1.0\lsdb.js
c:\users\Fida\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\daamjmcoamjhiidlhpgdlcnnodkedimp\1.0\manifest.json
c:\users\Fida\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hcgokbaiolpdakelaljgnojjekeogkma
c:\users\Fida\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hcgokbaiolpdakelaljgnojjekeogkma\2.7\background.html
c:\users\Fida\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hcgokbaiolpdakelaljgnojjekeogkma\2.7\content.js
c:\users\Fida\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hcgokbaiolpdakelaljgnojjekeogkma\2.7\l542hTQai9OB.js
c:\users\Fida\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hcgokbaiolpdakelaljgnojjekeogkma\2.7\lsdb.js
c:\users\Fida\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hcgokbaiolpdakelaljgnojjekeogkma\2.7\manifest.json
c:\users\Fida\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan
c:\users\Fida\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan\105\background.html
c:\users\Fida\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan\105\content.js
c:\users\Fida\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan\105\lsdb.js
c:\users\Fida\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan\105\manifest.json
c:\users\Fida\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan\105\s0K7yuIZ5.js
c:\users\Fida\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nhcloglpfhidhebcljjfejlmjbahoglj
c:\users\Fida\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nhcloglpfhidhebcljjfejlmjbahoglj\1.1\background.html
c:\users\Fida\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nhcloglpfhidhebcljjfejlmjbahoglj\1.1\content.js
c:\users\Fida\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nhcloglpfhidhebcljjfejlmjbahoglj\1.1\eG2Dwbpp5.js
c:\users\Fida\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nhcloglpfhidhebcljjfejlmjbahoglj\1.1\icon48.png
c:\users\Fida\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nhcloglpfhidhebcljjfejlmjbahoglj\1.1\lsdb.js
c:\users\Fida\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nhcloglpfhidhebcljjfejlmjbahoglj\1.1\manifest.json
c:\users\Fida\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhcloglpfhidhebcljjfejlmjbahoglj
c:\users\Fida\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhcloglpfhidhebcljjfejlmjbahoglj\1.1\background.html
c:\users\Fida\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhcloglpfhidhebcljjfejlmjbahoglj\1.1\content.js
c:\users\Fida\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhcloglpfhidhebcljjfejlmjbahoglj\1.1\eG2Dwbpp5.js
c:\users\Fida\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhcloglpfhidhebcljjfejlmjbahoglj\1.1\icon48.png
c:\users\Fida\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhcloglpfhidhebcljjfejlmjbahoglj\1.1\lsdb.js
c:\users\Fida\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhcloglpfhidhebcljjfejlmjbahoglj\1.1\manifest.json
c:\users\Fida\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gejeddndjobhdncobgponeihoacnegch_0.localstorage-journal
c:\users\Fida\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gejeddndjobhdncobgponeihoacnegch_0.localstorage
c:\users\Fida\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\daamjmcoamjhiidlhpgdlcnnodkedimp
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\daamjmcoamjhiidlhpgdlcnnodkedimp\1.0\background.html
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\daamjmcoamjhiidlhpgdlcnnodkedimp\1.0\content.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\daamjmcoamjhiidlhpgdlcnnodkedimp\1.0\GbgW.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\daamjmcoamjhiidlhpgdlcnnodkedimp\1.0\lsdb.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\daamjmcoamjhiidlhpgdlcnnodkedimp\1.0\manifest.json
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hcgokbaiolpdakelaljgnojjekeogkma
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hcgokbaiolpdakelaljgnojjekeogkma\2.7\background.html
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hcgokbaiolpdakelaljgnojjekeogkma\2.7\content.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hcgokbaiolpdakelaljgnojjekeogkma\2.7\l542hTQai9OB.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hcgokbaiolpdakelaljgnojjekeogkma\2.7\lsdb.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hcgokbaiolpdakelaljgnojjekeogkma\2.7\manifest.json
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan\105\background.html
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan\105\content.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan\105\lsdb.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan\105\manifest.json
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan\105\s0K7yuIZ5.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nhcloglpfhidhebcljjfejlmjbahoglj
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nhcloglpfhidhebcljjfejlmjbahoglj\1.1\background.html
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nhcloglpfhidhebcljjfejlmjbahoglj\1.1\content.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nhcloglpfhidhebcljjfejlmjbahoglj\1.1\eG2Dwbpp5.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nhcloglpfhidhebcljjfejlmjbahoglj\1.1\icon48.png
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nhcloglpfhidhebcljjfejlmjbahoglj\1.1\lsdb.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nhcloglpfhidhebcljjfejlmjbahoglj\1.1\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\daamjmcoamjhiidlhpgdlcnnodkedimp
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\daamjmcoamjhiidlhpgdlcnnodkedimp\1.0\background.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\daamjmcoamjhiidlhpgdlcnnodkedimp\1.0\content.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\daamjmcoamjhiidlhpgdlcnnodkedimp\1.0\GbgW.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\daamjmcoamjhiidlhpgdlcnnodkedimp\1.0\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\daamjmcoamjhiidlhpgdlcnnodkedimp\1.0\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hcgokbaiolpdakelaljgnojjekeogkma
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hcgokbaiolpdakelaljgnojjekeogkma\2.7\background.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hcgokbaiolpdakelaljgnojjekeogkma\2.7\content.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hcgokbaiolpdakelaljgnojjekeogkma\2.7\l542hTQai9OB.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hcgokbaiolpdakelaljgnojjekeogkma\2.7\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hcgokbaiolpdakelaljgnojjekeogkma\2.7\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan\105\background.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan\105\content.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan\105\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan\105\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan\105\s0K7yuIZ5.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nhcloglpfhidhebcljjfejlmjbahoglj
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nhcloglpfhidhebcljjfejlmjbahoglj\1.1\background.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nhcloglpfhidhebcljjfejlmjbahoglj\1.1\content.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nhcloglpfhidhebcljjfejlmjbahoglj\1.1\eG2Dwbpp5.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nhcloglpfhidhebcljjfejlmjbahoglj\1.1\icon48.png
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nhcloglpfhidhebcljjfejlmjbahoglj\1.1\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nhcloglpfhidhebcljjfejlmjbahoglj\1.1\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\daamjmcoamjhiidlhpgdlcnnodkedimp
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\daamjmcoamjhiidlhpgdlcnnodkedimp\1.0\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\daamjmcoamjhiidlhpgdlcnnodkedimp\1.0\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\daamjmcoamjhiidlhpgdlcnnodkedimp\1.0\GbgW.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\daamjmcoamjhiidlhpgdlcnnodkedimp\1.0\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\daamjmcoamjhiidlhpgdlcnnodkedimp\1.0\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcgokbaiolpdakelaljgnojjekeogkma
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcgokbaiolpdakelaljgnojjekeogkma\2.7\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcgokbaiolpdakelaljgnojjekeogkma\2.7\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcgokbaiolpdakelaljgnojjekeogkma\2.7\l542hTQai9OB.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcgokbaiolpdakelaljgnojjekeogkma\2.7\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcgokbaiolpdakelaljgnojjekeogkma\2.7\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan\105\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan\105\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan\105\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan\105\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan\105\s0K7yuIZ5.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhcloglpfhidhebcljjfejlmjbahoglj
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhcloglpfhidhebcljjfejlmjbahoglj\1.1\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhcloglpfhidhebcljjfejlmjbahoglj\1.1\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhcloglpfhidhebcljjfejlmjbahoglj\1.1\eG2Dwbpp5.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhcloglpfhidhebcljjfejlmjbahoglj\1.1\icon48.png
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhcloglpfhidhebcljjfejlmjbahoglj\1.1\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhcloglpfhidhebcljjfejlmjbahoglj\1.1\manifest.json
c:\windows\SysWow64\DEBUG.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-07-15 do 2014-08-15 )))))))))))))))))))))))))))))))
.
.
2014-08-15 16:24 . 2014-08-15 16:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-15 16:23 . 2014-08-15 16:23 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B80542BF-6D2D-48F0-B12A-5EB95DBEAA6B}\offreg.dll
2014-08-15 16:07 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B80542BF-6D2D-48F0-B12A-5EB95DBEAA6B}\mpengine.dll
2014-08-14 17:18 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-08-14 17:17 . 2014-08-14 17:21 -------- d-----w- C:\AdwCleaner
2014-08-14 10:45 . 2014-08-14 20:04 -------- d-----w- c:\program files\trend micro
2014-08-14 01:01 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-14 01:01 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-08-14 01:01 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-14 01:01 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-08-14 01:01 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-08-14 01:01 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-08-14 01:00 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-08-14 01:00 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-13 14:50 . 2014-08-13 14:50 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-08-13 08:02 . 2014-08-07 02:06 529920 ----a-w- c:\windows\system32\aepdu.dll
2014-08-13 08:02 . 2014-08-07 02:01 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-08-13 08:01 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDYAK.DLL
2014-08-13 08:01 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDTAT.DLL
2014-08-13 08:01 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDRU1.DLL
2014-08-13 08:01 . 2014-07-09 02:03 6656 ----a-w- c:\windows\system32\KBDRU.DLL
2014-08-13 08:01 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDBASH.DLL
2014-08-13 08:01 . 2014-07-09 01:31 7168 ----a-w- c:\windows\SysWow64\KBDYAK.DLL
2014-08-13 08:01 . 2014-07-09 01:31 6656 ----a-w- c:\windows\SysWow64\KBDBASH.DLL
2014-08-13 07:58 . 2014-07-16 03:23 2048 ----a-w- c:\windows\system32\tzres.dll
2014-08-13 07:58 . 2014-07-16 02:46 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-08-13 07:57 . 2014-06-03 10:02 3241984 ----a-w- c:\windows\system32\msi.dll
2014-08-13 07:57 . 2014-06-03 10:02 112064 ----a-w- c:\windows\system32\consent.exe
2014-08-13 07:57 . 2014-06-03 10:02 504320 ----a-w- c:\windows\system32\msihnd.dll
2014-08-13 07:57 . 2014-06-03 10:02 1941504 ----a-w- c:\windows\system32\authui.dll
2014-08-13 07:57 . 2014-06-03 09:29 337408 ----a-w- c:\windows\SysWow64\msihnd.dll
2014-08-13 07:57 . 2014-06-03 09:29 2363392 ----a-w- c:\windows\SysWow64\msi.dll
2014-08-13 07:57 . 2014-06-03 09:29 1805824 ----a-w- c:\windows\SysWow64\authui.dll
2014-08-13 07:57 . 2014-06-16 02:10 985536 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-08-13 07:56 . 2014-07-16 03:25 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-13 07:56 . 2014-07-16 02:46 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-13 07:56 . 2014-07-16 02:12 3163648 ----a-w- c:\windows\system32\win32k.sys
2014-08-13 07:56 . 2014-06-25 02:05 14175744 ----a-w- c:\windows\system32\shell32.dll
2014-08-13 07:56 . 2014-07-14 02:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-08-13 07:56 . 2014-07-14 01:40 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-08-09 00:00 . 2014-08-09 00:00 -------- d-----w- c:\users\Fida\AppData\Roaming\.mono
2014-08-01 07:58 . 2013-12-10 02:28 610304 ----a-w- c:\windows\system32\vbscript.dll
2014-08-01 07:58 . 2013-12-10 02:02 428032 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-07-26 23:27 . 2014-08-01 07:55 -------- d-----w- c:\users\luke
2014-07-22 14:55 . 2014-07-22 14:55 2434856 ----a-w- c:\windows\SysWow64\pbsvc_bc2.exe
2014-07-21 14:04 . 2014-08-10 14:33 -------- d-----w- c:\users\Fida\.minion
2014-07-21 14:04 . 2014-08-10 14:33 -------- d-----w- c:\users\Fida\.junique
2014-07-21 14:04 . 2014-07-21 14:04 -------- d-----w- c:\users\Fida\AppData\Local\Minion
2014-07-17 18:14 . 2014-07-17 18:14 -------- d-----w- c:\users\Fida\AppData\Local\ElevatedDiagnostics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-15 14:49 . 2014-06-29 11:50 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-13 11:04 . 2014-07-14 15:15 282296 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-08-13 11:04 . 2013-12-30 21:42 282296 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-08-13 11:03 . 2013-11-08 14:07 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-08-13 10:01 . 2014-07-14 15:17 76152 ----a-w- c:\windows\system32\PnkBstrA.exe
2014-08-13 07:23 . 2014-07-08 13:51 122584 ----a-w- c:\windows\system32\drivers\48230029.sys
2014-07-25 13:50 . 2014-07-09 09:27 1291280 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2014-07-25 13:50 . 2013-11-08 15:27 1126480 ----a-w- c:\windows\SysWow64\nvspcap.dll
2014-07-25 13:50 . 2014-07-09 09:27 1715224 ----a-w- c:\windows\system32\nvspbridge64.dll
2014-07-25 13:50 . 2013-11-08 15:27 1283136 ----a-w- c:\windows\system32\nvspcap64.dll
2014-07-22 20:34 . 2014-07-14 15:15 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2014-07-09 16:44 . 2013-11-10 14:02 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-09 16:44 . 2013-11-10 14:02 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-06-18 02:18 . 2014-07-09 20:40 692736 ----a-w- c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-09 20:40 646144 ----a-w- c:\windows\SysWow64\osk.exe
2014-06-12 05:55 . 2014-05-28 18:17 95414520 ----a-w- c:\windows\system32\MRT.exe
2014-06-08 03:20 . 2014-06-08 03:20 0 ---ha-w- c:\users\Fida\AppData\Local\BIT6CD6.tmp
2014-06-06 21:21 . 2014-06-06 21:21 0 ---ha-w- c:\users\Fida\AppData\Local\BIT2193.tmp
2014-06-06 10:10 . 2014-07-09 20:40 624128 ----a-w- c:\windows\system32\qedit.dll
2014-06-06 09:44 . 2014-07-09 20:40 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-06-05 14:45 . 2014-07-09 20:38 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-06-05 14:26 . 2014-07-09 20:38 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-06-05 14:25 . 2014-07-09 20:38 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-05-30 08:08 . 2014-07-09 20:40 210944 ----a-w- c:\windows\system32\wdigest.dll
2014-05-30 08:08 . 2014-07-09 20:40 86528 ----a-w- c:\windows\system32\TSpkg.dll
2014-05-30 08:08 . 2014-07-09 20:40 340992 ----a-w- c:\windows\system32\schannel.dll
2014-05-30 08:08 . 2014-07-09 20:40 314880 ----a-w- c:\windows\system32\msv1_0.dll
2014-05-30 08:08 . 2014-07-09 20:40 307200 ----a-w- c:\windows\system32\ncrypt.dll
2014-05-30 08:08 . 2014-07-09 20:40 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-05-30 08:08 . 2014-07-09 20:40 22016 ----a-w- c:\windows\system32\credssp.dll
2014-05-30 07:52 . 2014-07-09 20:40 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2014-05-30 07:52 . 2014-07-09 20:40 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2014-05-30 07:52 . 2014-07-09 20:40 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2014-05-30 07:52 . 2014-07-09 20:40 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2014-05-30 07:52 . 2014-07-09 20:40 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
2014-05-30 07:52 . 2014-07-09 20:40 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-05-30 07:52 . 2014-07-09 20:40 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2014-05-30 06:45 . 2014-07-09 20:40 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2014-05-20 02:44 . 2014-07-09 09:36 9735256 ----a-w- c:\windows\SysWow64\nvcuda.dll
2014-05-20 02:44 . 2014-07-09 09:36 9697640 ----a-w- c:\windows\SysWow64\nvopencl.dll
2014-05-20 02:44 . 2014-07-09 09:36 895776 ----a-w- c:\windows\system32\NvIFR64.dll
2014-05-20 02:44 . 2014-07-09 09:36 892704 ----a-w- c:\windows\system32\NvFBC64.dll
2014-05-20 02:44 . 2014-07-09 09:36 867784 ----a-w- c:\windows\SysWow64\NvIFR.dll
2014-05-20 02:44 . 2014-07-09 09:36 861128 ----a-w- c:\windows\SysWow64\NvFBC.dll
2014-05-20 02:44 . 2014-07-09 09:36 837056 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2014-05-20 02:44 . 2014-07-09 09:36 492376 ----a-w- c:\windows\system32\nvEncodeAPI64.dll
2014-05-20 02:44 . 2014-07-09 09:36 416712 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll
2014-05-20 02:44 . 2014-07-09 09:36 382240 ----a-w- c:\windows\system32\NvIFROpenGL.dll
2014-05-20 02:44 . 2014-07-09 09:36 354016 ----a-w- c:\windows\system32\nvoglshim64.dll
2014-05-20 02:44 . 2014-07-09 09:36 335704 ----a-w- c:\windows\SysWow64\NvIFROpenGL.dll
2014-05-20 02:44 . 2014-07-09 09:36 3141976 ----a-w- c:\windows\system32\nvcuvid.dll
2014-05-20 02:44 . 2014-07-09 09:36 31387936 ----a-w- c:\windows\system32\nvoglv64.dll
2014-05-20 02:44 . 2014-07-09 09:36 305600 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2014-05-20 02:44 . 2014-07-09 09:36 2953672 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2014-05-20 02:44 . 2014-07-09 09:36 2785568 ----a-w- c:\windows\system32\nvcuvenc.dll
2014-05-20 02:44 . 2014-07-09 09:36 25256224 ----a-w- c:\windows\system32\nvcompiler.dll
2014-05-20 02:44 . 2014-07-09 09:36 2412376 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2014-05-20 02:44 . 2014-07-09 09:36 24025376 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2014-05-20 02:44 . 2014-07-09 09:36 1889112 ----a-w- c:\windows\system32\nvdispco6433788.dll
2014-05-20 02:44 . 2014-07-09 09:36 17561544 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2014-05-20 02:44 . 2014-07-09 09:36 17480432 ----a-w- c:\windows\system32\nvd3dumx.dll
2014-05-20 02:44 . 2014-07-09 09:36 166568 ----a-w- c:\windows\system32\nvinitx.dll
2014-05-20 02:44 . 2014-07-09 09:36 16003912 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2014-05-20 02:44 . 2014-07-09 09:36 1541576 ----a-w- c:\windows\system32\nvdispgenco6433788.dll
2014-05-20 02:44 . 2014-07-09 09:36 146480 ----a-w- c:\windows\SysWow64\nvinit.dll
2014-05-20 02:44 . 2014-07-09 09:36 12688328 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2014-05-20 02:44 . 2014-07-09 09:36 11644928 ----a-w- c:\windows\system32\nvcuda.dll
2014-05-20 02:44 . 2014-07-09 09:36 11599072 ----a-w- c:\windows\system32\nvopencl.dll
2014-05-20 02:44 . 2014-03-22 10:56 14434704 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-05-20 02:44 . 2013-11-08 15:25 952952 ----a-w- c:\windows\system32\nvumdshimx.dll
2014-05-20 02:44 . 2013-11-08 15:25 3109248 ----a-w- c:\windows\system32\nvapi64.dll
2014-05-20 02:44 . 2013-11-08 15:25 2730208 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-05-20 02:44 . 2013-11-08 15:25 18531568 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-05-20 01:25 . 2013-11-08 15:26 6769096 ----a-w- c:\windows\system32\nvcpl.dll
2014-05-20 01:25 . 2013-11-08 15:26 3514144 ----a-w- c:\windows\system32\nvsvc64.dll
2014-05-20 01:25 . 2013-11-08 15:26 927520 ----a-w- c:\windows\system32\nvvsvc.exe
2014-05-20 01:25 . 2013-11-08 15:26 62808 ----a-w- c:\windows\system32\nvshext.dll
2014-05-20 01:25 . 2013-11-08 15:26 387528 ----a-w- c:\windows\system32\nvmctray.dll
2014-05-20 01:25 . 2013-11-08 15:26 2560968 ----a-w- c:\windows\system32\nvsvcr.dll
2014-05-19 23:10 . 2014-07-09 09:40 601432 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2013-11-08 14:05 . 2013-11-08 14:05 50053120 ----a-w- c:\program files (x86)\GUT5246.tmp
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2013-12-09 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2013-12-09 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="c:\users\Fida\AppData\Roaming\BitTorrent\BitTorrent.exe" [2014-04-28 1240664]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-10-28 3675352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2013-03-12 134616]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-03-06 291128]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R1 UsbCharger;UsbCharger;c:\windows\system32\DRIVERS\UsbCharger.sys;c:\windows\SYSNATIVE\DRIVERS\UsbCharger.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 OverwolfUpdaterService;Overwolf Updater Service;c:\program files (x86)\Overwolf\OverwolfUpdater.exe;c:\program files (x86)\Overwolf\OverwolfUpdater.exe [x]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.20);c:\windows\system32\DRIVERS\RtTeam620.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam620.sys [x]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan620.sys;c:\windows\SYSNATIVE\DRIVERS\RtVlan620.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 tapSF0901;Spotflux Virtual Network Device Driver;c:\windows\system32\DRIVERS\tapSF0901.sys;c:\windows\SYSNATIVE\DRIVERS\tapSF0901.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\KMPService.exe;c:\program files (x86)\PANDORA.TV\PanService\KMPService.exe [x]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys;c:\windows\SYSNATIVE\DRIVERS\RtNdPt60.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-14 14:11 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-08-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-10 16:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-06-27 12:20 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-06-27 12:20 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-06-27 12:20 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-06-27 12:20 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-06-27 12:20 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-06-27 12:20 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-03-22 165872]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-03-22 407536]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-03-22 441840]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-02-26 13423688]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2013-01-31 36352]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-07-25 2403104]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-07-25 1283136]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-BitTorrent Sync - c:\program files (x86)\BitTorrent Sync\BTSync.exe
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{016ACB69-F547-0DF5-63B6-653F9FD5B031} - c:\program files (x86)\YoutubeAdblocker\Yw.x64.dll
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-BattlEye for A2 - c:\program files (x86)\Steam\steamapps\common\Arma 2BattlEye\UnInstallBE.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2014-08-15 18:26:03
ComboFix-quarantined-files.txt 2014-08-15 16:26
.
Před spuštěním: Volných bajtů: 45 108 297 728
Po spuštění: Volných bajtů: 45 000 728 576
.
- - End Of File - - 7F498B979A31D343F895E0F8C58CAF10
A36C5E4F47E84449FF07ED3517B43A31

#12 Příspěvek od **Rudy** » 15 srp 2014 18:27

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

bulljoker · #13 Příspěvek od **bulljoker** » 15 srp 2014 19:16

pořád nic :/ každopádně moc děkuju za snahu,aspoň mám pročištěnej PC no

ComboFix 14-08-15.01 - Fida 15.08.2014 19:58:52.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.8071.6544 [GMT 2:00]
Spuštěný z: c:\users\Fida\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Fida\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-07-15 do 2014-08-15 )))))))))))))))))))))))))))))))
.
.
2014-08-15 18:04 . 2014-08-15 18:04 -------- d-----w- c:\users\Guest\AppData\Local\temp
2014-08-15 18:04 . 2014-08-15 18:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-15 16:07 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B80542BF-6D2D-48F0-B12A-5EB95DBEAA6B}\mpengine.dll
2014-08-14 17:18 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-08-14 17:17 . 2014-08-14 17:21 -------- d-----w- C:\AdwCleaner
2014-08-14 10:45 . 2014-08-14 20:04 -------- d-----w- c:\program files\trend micro
2014-08-14 01:01 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-14 01:01 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-08-14 01:01 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-14 01:01 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-08-14 01:01 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-08-14 01:01 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-08-14 01:00 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-08-14 01:00 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-13 14:50 . 2014-08-13 14:50 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-08-13 08:02 . 2014-08-07 02:06 529920 ----a-w- c:\windows\system32\aepdu.dll
2014-08-13 08:02 . 2014-08-07 02:01 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-08-13 08:01 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDYAK.DLL
2014-08-13 08:01 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDTAT.DLL
2014-08-13 08:01 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDRU1.DLL
2014-08-13 08:01 . 2014-07-09 02:03 6656 ----a-w- c:\windows\system32\KBDRU.DLL
2014-08-13 08:01 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDBASH.DLL
2014-08-13 08:01 . 2014-07-09 01:31 7168 ----a-w- c:\windows\SysWow64\KBDYAK.DLL
2014-08-13 08:01 . 2014-07-09 01:31 6656 ----a-w- c:\windows\SysWow64\KBDBASH.DLL
2014-08-13 07:58 . 2014-07-16 03:23 2048 ----a-w- c:\windows\system32\tzres.dll
2014-08-13 07:58 . 2014-07-16 02:46 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-08-13 07:57 . 2014-06-03 10:02 3241984 ----a-w- c:\windows\system32\msi.dll
2014-08-13 07:57 . 2014-06-03 10:02 112064 ----a-w- c:\windows\system32\consent.exe
2014-08-13 07:57 . 2014-06-03 10:02 504320 ----a-w- c:\windows\system32\msihnd.dll
2014-08-13 07:57 . 2014-06-03 10:02 1941504 ----a-w- c:\windows\system32\authui.dll
2014-08-13 07:57 . 2014-06-03 09:29 337408 ----a-w- c:\windows\SysWow64\msihnd.dll
2014-08-13 07:57 . 2014-06-03 09:29 2363392 ----a-w- c:\windows\SysWow64\msi.dll
2014-08-13 07:57 . 2014-06-03 09:29 1805824 ----a-w- c:\windows\SysWow64\authui.dll
2014-08-13 07:57 . 2014-06-16 02:10 985536 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-08-13 07:56 . 2014-07-16 03:25 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-13 07:56 . 2014-07-16 02:46 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-13 07:56 . 2014-07-16 02:12 3163648 ----a-w- c:\windows\system32\win32k.sys
2014-08-13 07:56 . 2014-06-25 02:05 14175744 ----a-w- c:\windows\system32\shell32.dll
2014-08-13 07:56 . 2014-07-14 02:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-08-13 07:56 . 2014-07-14 01:40 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-08-09 00:00 . 2014-08-09 00:00 -------- d-----w- c:\users\Fida\AppData\Roaming\.mono
2014-08-01 07:58 . 2013-12-10 02:28 610304 ----a-w- c:\windows\system32\vbscript.dll
2014-08-01 07:58 . 2013-12-10 02:02 428032 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-07-26 23:27 . 2014-08-01 07:55 -------- d-----w- c:\users\luke
2014-07-22 14:55 . 2014-07-22 14:55 2434856 ----a-w- c:\windows\SysWow64\pbsvc_bc2.exe
2014-07-21 14:04 . 2014-08-10 14:33 -------- d-----w- c:\users\Fida\.minion
2014-07-21 14:04 . 2014-08-10 14:33 -------- d-----w- c:\users\Fida\.junique
2014-07-21 14:04 . 2014-07-21 14:04 -------- d-----w- c:\users\Fida\AppData\Local\Minion
2014-07-17 18:14 . 2014-07-17 18:14 -------- d-----w- c:\users\Fida\AppData\Local\ElevatedDiagnostics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-15 18:06 . 2014-06-29 11:50 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-13 11:04 . 2014-07-14 15:15 282296 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-08-13 11:04 . 2013-12-30 21:42 282296 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-08-13 11:03 . 2013-11-08 14:07 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-08-13 10:01 . 2014-07-14 15:17 76152 ----a-w- c:\windows\system32\PnkBstrA.exe
2014-08-13 07:23 . 2014-07-08 13:51 122584 ----a-w- c:\windows\system32\drivers\48230029.sys
2014-07-25 13:50 . 2014-07-09 09:27 1291280 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2014-07-25 13:50 . 2013-11-08 15:27 1126480 ----a-w- c:\windows\SysWow64\nvspcap.dll
2014-07-25 13:50 . 2014-07-09 09:27 1715224 ----a-w- c:\windows\system32\nvspbridge64.dll
2014-07-25 13:50 . 2013-11-08 15:27 1283136 ----a-w- c:\windows\system32\nvspcap64.dll
2014-07-22 20:34 . 2014-07-14 15:15 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2014-07-09 16:44 . 2013-11-10 14:02 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-09 16:44 . 2013-11-10 14:02 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-06-18 02:18 . 2014-07-09 20:40 692736 ----a-w- c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-09 20:40 646144 ----a-w- c:\windows\SysWow64\osk.exe
2014-06-12 05:55 . 2014-05-28 18:17 95414520 ----a-w- c:\windows\system32\MRT.exe
2014-06-08 03:20 . 2014-06-08 03:20 0 ---ha-w- c:\users\Fida\AppData\Local\BIT6CD6.tmp
2014-06-06 21:21 . 2014-06-06 21:21 0 ---ha-w- c:\users\Fida\AppData\Local\BIT2193.tmp
2014-06-06 10:10 . 2014-07-09 20:40 624128 ----a-w- c:\windows\system32\qedit.dll
2014-06-06 09:44 . 2014-07-09 20:40 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-06-05 14:45 . 2014-07-09 20:38 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-06-05 14:26 . 2014-07-09 20:38 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-06-05 14:25 . 2014-07-09 20:38 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-05-30 08:08 . 2014-07-09 20:40 210944 ----a-w- c:\windows\system32\wdigest.dll
2014-05-30 08:08 . 2014-07-09 20:40 86528 ----a-w- c:\windows\system32\TSpkg.dll
2014-05-30 08:08 . 2014-07-09 20:40 340992 ----a-w- c:\windows\system32\schannel.dll
2014-05-30 08:08 . 2014-07-09 20:40 314880 ----a-w- c:\windows\system32\msv1_0.dll
2014-05-30 08:08 . 2014-07-09 20:40 307200 ----a-w- c:\windows\system32\ncrypt.dll
2014-05-30 08:08 . 2014-07-09 20:40 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-05-30 08:08 . 2014-07-09 20:40 22016 ----a-w- c:\windows\system32\credssp.dll
2014-05-30 07:52 . 2014-07-09 20:40 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2014-05-30 07:52 . 2014-07-09 20:40 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2014-05-30 07:52 . 2014-07-09 20:40 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2014-05-30 07:52 . 2014-07-09 20:40 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2014-05-30 07:52 . 2014-07-09 20:40 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
2014-05-30 07:52 . 2014-07-09 20:40 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-05-30 07:52 . 2014-07-09 20:40 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2014-05-30 06:45 . 2014-07-09 20:40 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2014-05-20 02:44 . 2014-07-09 09:36 9735256 ----a-w- c:\windows\SysWow64\nvcuda.dll
2014-05-20 02:44 . 2014-07-09 09:36 9697640 ----a-w- c:\windows\SysWow64\nvopencl.dll
2014-05-20 02:44 . 2014-07-09 09:36 895776 ----a-w- c:\windows\system32\NvIFR64.dll
2014-05-20 02:44 . 2014-07-09 09:36 892704 ----a-w- c:\windows\system32\NvFBC64.dll
2014-05-20 02:44 . 2014-07-09 09:36 867784 ----a-w- c:\windows\SysWow64\NvIFR.dll
2014-05-20 02:44 . 2014-07-09 09:36 861128 ----a-w- c:\windows\SysWow64\NvFBC.dll
2014-05-20 02:44 . 2014-07-09 09:36 837056 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2014-05-20 02:44 . 2014-07-09 09:36 492376 ----a-w- c:\windows\system32\nvEncodeAPI64.dll
2014-05-20 02:44 . 2014-07-09 09:36 416712 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll
2014-05-20 02:44 . 2014-07-09 09:36 382240 ----a-w- c:\windows\system32\NvIFROpenGL.dll
2014-05-20 02:44 . 2014-07-09 09:36 354016 ----a-w- c:\windows\system32\nvoglshim64.dll
2014-05-20 02:44 . 2014-07-09 09:36 335704 ----a-w- c:\windows\SysWow64\NvIFROpenGL.dll
2014-05-20 02:44 . 2014-07-09 09:36 3141976 ----a-w- c:\windows\system32\nvcuvid.dll
2014-05-20 02:44 . 2014-07-09 09:36 31387936 ----a-w- c:\windows\system32\nvoglv64.dll
2014-05-20 02:44 . 2014-07-09 09:36 305600 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2014-05-20 02:44 . 2014-07-09 09:36 2953672 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2014-05-20 02:44 . 2014-07-09 09:36 2785568 ----a-w- c:\windows\system32\nvcuvenc.dll
2014-05-20 02:44 . 2014-07-09 09:36 25256224 ----a-w- c:\windows\system32\nvcompiler.dll
2014-05-20 02:44 . 2014-07-09 09:36 2412376 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2014-05-20 02:44 . 2014-07-09 09:36 24025376 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2014-05-20 02:44 . 2014-07-09 09:36 1889112 ----a-w- c:\windows\system32\nvdispco6433788.dll
2014-05-20 02:44 . 2014-07-09 09:36 17561544 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2014-05-20 02:44 . 2014-07-09 09:36 17480432 ----a-w- c:\windows\system32\nvd3dumx.dll
2014-05-20 02:44 . 2014-07-09 09:36 166568 ----a-w- c:\windows\system32\nvinitx.dll
2014-05-20 02:44 . 2014-07-09 09:36 16003912 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2014-05-20 02:44 . 2014-07-09 09:36 1541576 ----a-w- c:\windows\system32\nvdispgenco6433788.dll
2014-05-20 02:44 . 2014-07-09 09:36 146480 ----a-w- c:\windows\SysWow64\nvinit.dll
2014-05-20 02:44 . 2014-07-09 09:36 12688328 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2014-05-20 02:44 . 2014-07-09 09:36 11644928 ----a-w- c:\windows\system32\nvcuda.dll
2014-05-20 02:44 . 2014-07-09 09:36 11599072 ----a-w- c:\windows\system32\nvopencl.dll
2014-05-20 02:44 . 2014-03-22 10:56 14434704 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-05-20 02:44 . 2013-11-08 15:25 952952 ----a-w- c:\windows\system32\nvumdshimx.dll
2014-05-20 02:44 . 2013-11-08 15:25 3109248 ----a-w- c:\windows\system32\nvapi64.dll
2014-05-20 02:44 . 2013-11-08 15:25 2730208 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-05-20 02:44 . 2013-11-08 15:25 18531568 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-05-20 01:25 . 2013-11-08 15:26 6769096 ----a-w- c:\windows\system32\nvcpl.dll
2014-05-20 01:25 . 2013-11-08 15:26 3514144 ----a-w- c:\windows\system32\nvsvc64.dll
2014-05-20 01:25 . 2013-11-08 15:26 927520 ----a-w- c:\windows\system32\nvvsvc.exe
2014-05-20 01:25 . 2013-11-08 15:26 62808 ----a-w- c:\windows\system32\nvshext.dll
2014-05-20 01:25 . 2013-11-08 15:26 387528 ----a-w- c:\windows\system32\nvmctray.dll
2014-05-20 01:25 . 2013-11-08 15:26 2560968 ----a-w- c:\windows\system32\nvsvcr.dll
2014-05-19 23:10 . 2014-07-09 09:40 601432 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2013-11-08 14:05 . 2013-11-08 14:05 50053120 ----a-w- c:\program files (x86)\GUT5246.tmp
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2013-12-09 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2013-12-09 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="c:\users\Fida\AppData\Roaming\BitTorrent\BitTorrent.exe" [2014-04-28 1240664]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-10-28 3675352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2013-03-12 134616]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-03-06 291128]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R1 UsbCharger;UsbCharger;c:\windows\system32\DRIVERS\UsbCharger.sys;c:\windows\SYSNATIVE\DRIVERS\UsbCharger.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 OverwolfUpdaterService;Overwolf Updater Service;c:\program files (x86)\Overwolf\OverwolfUpdater.exe;c:\program files (x86)\Overwolf\OverwolfUpdater.exe [x]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.20);c:\windows\system32\DRIVERS\RtTeam620.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam620.sys [x]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan620.sys;c:\windows\SYSNATIVE\DRIVERS\RtVlan620.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 tapSF0901;Spotflux Virtual Network Device Driver;c:\windows\system32\DRIVERS\tapSF0901.sys;c:\windows\SYSNATIVE\DRIVERS\tapSF0901.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\KMPService.exe;c:\program files (x86)\PANDORA.TV\PanService\KMPService.exe [x]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys;c:\windows\SYSNATIVE\DRIVERS\RtNdPt60.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-14 14:11 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-08-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-10 16:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{016ACB69-F547-0DF5-63B6-653F9FD5B031}]
c:\program files (x86)\YoutubeAdblocker\Yw.x64.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-06-27 12:20 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-06-27 12:20 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-06-27 12:20 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-06-27 12:20 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-06-27 12:20 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-06-27 12:20 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-03-22 165872]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-03-22 407536]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-03-22 441840]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-02-26 13423688]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2013-01-31 36352]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-07-25 2403104]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-07-25 1283136]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-BattlEye for A2 - c:\program files (x86)\Steam\steamapps\common\Arma 2BattlEye\UnInstallBE.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
c:\program files (x86)\PANDORA.TV\PanService\KMPProcess.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\windows\system32\PnkBstrA.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Celkový čas: 2014-08-15 20:10:33 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-08-15 18:10
ComboFix2.txt 2014-08-15 16:26
.
Před spuštěním: Volných bajtů: 45 111 189 504
Po spuštění: Volných bajtů: 45 092 929 536
.
- - End Of File - - A5A470FB750EF78EA5AE4D147A3C4252
A36C5E4F47E84449FF07ED3517B43A31

#14 Příspěvek od **Rudy** » 15 srp 2014 19:28

Log je již OK. CF odinstalujte pomocí T-Cleaneru: http://vyosek.tym.cz/pro_usery/T-Cleaner.exe . Zkuste ještě restartovat modem, příp další síť. prvek v datové cestě. Když to nepomůže, obraťte se na providera.

VIRY.CZ

Zpomalený internet

Zpomalený internet

Re: Zpomalený internet

Re: Zpomalený internet

Re: Zpomalený internet

Re: Zpomalený internet

Re: Zpomalený internet

Re: Zpomalený internet

Re: Zpomalený internet

Re: Zpomalený internet

Re: Zpomalený internet

Re: Zpomalený internet

Re: Zpomalený internet

Re: Zpomalený internet

Re: Zpomalený internet