Chrome nelze spustit

Zpráva

Holicz · #16 Příspěvek od **Holicz** » 08 zář 2014 22:10

//EDIT vyosek: Prispevky slouceny a tema odemknuto

Dobrý den,

řešil jsem zde problém hodně zaneseného PC a hlavně nefunkčního chromu. Pak jsem tu bohužel neměl možnost být a téma se uzamklo. Zde je. Níže je nový RSIT log, pokud se začne znovu, pokud ne, skončili jsme ComboFixem. Děkuji mnohokrát.

takoLogfile of random's system information tool 1.10 (written by random/random)
Run by Samsung at 2014-09-04 19:50:00
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 2 GB (1%) free of 237 GB
Total RAM: 3893 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:50:04, on 4.9.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17239)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
C:\Program Files (x86)\SupTab\HpUI.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\SupTab\Loader32.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
C:\program files (x86)\hd-v1.9\hd-v1.9-bg.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Samsung\Desktop\RSIT.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files (x86)\trend micro\Samsung.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://search13.net/search.php?clid=486&q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds& ... earchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hp&ts=1 ... J9EB711232
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds& ... earchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds& ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hp&ts=1 ... J9EB711232
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.istartsurf.com/web/?type=ds& ... earchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.istartsurf.com/web/?type=ds& ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\9.6\iobitappsToolbarIE.dll (file missing)
O2 - BHO: CrossriderApp0061792 - {11111111-1111-1111-1111-110611171192} - C:\Program Files (x86)\HD-V1.9\HD-V1.9-bho.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - (no file)
O2 - BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll
O2 - BHO: Ask Toolbar BHO - {41545534-2D56-3700-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ATU4-V7\Passport.dll" (file missing)
O2 - BHO: Lišta Centrum.cz - {5D9C17C6-093D-43E5-BF3D-4A13D162AB74} - C:\PROGRA~2\CENTRU~1.O\LITACE~1.CZ\cenbho32.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL
O2 - BHO: aTube Toolbar - {bfc39e47-d643-4dc2-aa1d-61377501c844} - C:\Program Files (x86)\atube\atubeX.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [WebcamMaxAutoRun] "C:\Program Files (x86)\WebcamMax\wcmmon.exe" -a
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [AppleIEDAV] C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Upload to Facebook - C:\Program Files (x86)\WebcamMax\share\iecontext.htm
O9 - Extra button: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files (x86)\Stylish Profile\ct.htm (file missing)
O9 - Extra 'Tools' menuitem: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files (x86)\Stylish Profile\ct.htm (file missing)
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Odeslat do zařízení Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Odeslat do zařízení &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{437DF307-EDD5-4A7C-B798-169505122258}: NameServer = 10.168.38.53
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Computer Backup (MyPC Backup) (BackupStack) - Unknown owner - C:\Program Files (x86)\MyPC Backup\BackupStack.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: globalUpdate Update Service (globalUpdatem) (globalUpdatem) - globalUpdate - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: IePlugin Services (IePluginServices) - Cherished Technololgy LIMITED - C:\ProgramData\IePluginServices\PluginService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NitroPDFReaderDriverCreatorReadSpool2 (NitroReaderDriverReadSpool2) - Nitro PDF Software - C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14933 bytes

======Scheduled tasks folder======

C:\Windows\tasks\3e8db241-0a11-4d88-9dd8-ab754af26e88-1.job - C:\Program Files (x86)\HD-V1.9\HD-V1.9-codedownloader.exe /reinstallapp /runfrom=task /agentregpath='HD-V1.9' /appid=61792 /srcid='001859' /subid='0' /zdata='0' /bic=8D9D8B3FAFB74B61A0CC02EE85B46139IE /verifier=74c1a036cd686a894792d0620e7e60f2 /installerversion=1_34_08_12 /installerfullversion=1.34.8.12 /installationtime=1408119177 /statsdomain=http://stats.inputdatacloud.com /errorsdomain=http://errors.inputdatacloud.com /codedownloaddomain=http://js.inputdatacloud.com /defbro=ie /crregname='HD-V1.9' /fbcodedownloaddomain=http://js.clientdemocloud.com /allusers /addinfojson='{"asw":[1081360, -2113929215, 83951616],"browser_name":"__BROWSER_NAME__"}' /autoupdateulr='http://update.inputdatacloud.com/ie_cod ... pdate.json' /runfrom='task' /externallog=''
C:\Windows\tasks\3e8db241-0a11-4d88-9dd8-ab754af26e88-11.job - C:\Program Files (x86)\HD-V1.9\3e8db241-0a11-4d88-9dd8-ab754af26e88-11.exe /rawdata=wHmYZvvHu8QxDkOlNmgIU/k3rtzuJfGJgzH76ztuZW+XGoxFkRkhekSS1ESY8DzkbPt+1xPqHHuwA4h68DS9KMbVFike/1288Wp6LTfI6EV0qx73HqiHVSE/+H7Id6i4UiLAFIoKfJnkxGzjJBG9Q/lYEVFCnYal8MEqu9JG2klumK0HrCyIOGRJO44iU/Gyqve/BpEg8gdW1LU2cg07uBYi80ZO+h01bW/DYJcpUotcYJ4CVvAXiRjP4jeTs6qErSujii41UP+KObuvD7TxWmPpK02C60REmuKLtq9EBgCRndzvKRdG+Rrsgq45elexp+jZqtDG/QsSUiCbjE7SKVzKpGd7e0eSS5u9IeBNf6y+zsGzfrOY/kcrjmrBwD3BAI2r/lOiw5gsReLBpLvs8eCcp5EhH0Vc8UMNV6ss+un/oxp+qzCgraeQ4aJAP84eQ0KhK0yyB6KRZdS0EH3qVLp+p9W8KvpKWFhltJJoVNfZKhHgAWmo7cjTCNGCX1GITZOZTJkB0OJePmKwg8kfJdqqxahQrU8Y6k3m2voLQBLY8ke7jAlanXoymWuIXm/meJNZ/eZx8+NjuEV/pfLBLz3/iFtpFAvYD5tw2sdE1vmTiccvcuC0fjulZYoLAknATcPSc8fqZo+LfC1qiwP7bye2SAk0Yutxf3M1WhCALVZZyzJzmfPJFeqAQUKchoinvbwxS49ftox4wXvMbslByDXWJpUZDLivLTSVHQbDXHUgRNe4bZV6ChscYVtHbiICroHASUdhdNGnmdjo3WqdwPK7gV2UsL6+cl4ISQeeLLVyrXsUloUl6ssy96JkcPf7JE2BXUJyUUVaMu2HEgnsgKdzLffgmfcXm1ak1DOcLvYYOv2HBkRyAyGbFLfTLd9d6We1kmpPoYIKIBPcp6AZGPhcKPJ+Ij9yPwkucC6Sy0qoeSlHaLLQhenEDMriQK1og5dRv9CzNOX7iBTiqz7ak8KJB2C2jSFRjHFgdpSvMCzrDRZSQDoizo+WVxjrb4Baa1tWPx6md+BbVDbnTV854dpUZAOPx7NZ+hgfSk39GEO0bVZDyOe3S0HlH8858GTgAJDRM7wvfQTuRAU9/QLVKM33Rs3dqtm6L4/R3izXQ+m0ywvHiPaLR3CHQP77v2AlsSySjqkXd6DuiCOP1kNVpL/eVYTb2m7LUANZAxS/QfF46hOEN/+yhMy3PrpFQ6ZtKwcQ2scsUWf6yZff85YcZ47TKsgLM5nq0OU2awlsVeJ14HlDGAws0kgmQeiHFrG6v2Y5Zk2e23izhcp+zsqNgwzyIziq/sOAqKLzpPQ1f449aKqLxYV3LOGdk14cfEC+lyFW8/10l8fLCfjfIiKz555ldhI2QszgLRMv6uhfVQozUXXBvTU1E+3DZ6kSEdopvSqe0JhJtaYM4GtjnPwCv5i1MGu+BVL3AKsI2wMSFR21Zr3xjVyxJlZv+JZ3k6huGkgbp9s7Ql7jqhyoj5LG6SHzSrmONaFO3Vfg/3iZvHcfLrHLqmt8vnPG6pPW8LVIdDebJi7wlJUeB4XehJNfF1SJj0we4niSNHtgT8Bs4tUl28H8N/lUC7VICe+nNBZixx1VGHe35yym4dHWDnqREHx4QdS9pHy0hRMJ0GtcdnBHwbuRA0d6nMd5X0xi7bwjDzZvVBtx+Zq9VqmOUAxY9L5jU95HP39mAtrPE6c1Id0itRaltP5MPZ7Pb6OdtzCrbW5ow5g8cJ2UVWWLwpci8jwaJ7rP9p3zwssv7sSvc6MgE+lMql7YoNdzIe3aaJXCkeRsxRW7jeAI3k+q2FrkZ2cLBZX4njGq9koTLkXFCNw9UtCl4PpDJPbsrTE3YS45wVptlgEiR4NpZ61vecaWoTRYN61MBW57gsPRNC2FkB7JdHkwzqCh9tETdk7lPslCDbpKwPoMsOpSSpUq+7aS82/MinPWRK08yP9cdteDY6J+uXbgWqawxTqu1BbOLBHcCALRrTnFQ5q7a7gB5tY6RX/t9SAlwdisCxhltqksqoRd6m6Kh4YWaAObHZwEyVPy
C:\Windows\tasks\3e8db241-0a11-4d88-9dd8-ab754af26e88-2.job - C:\Program Files (x86)\HD-V1.9\3e8db241-0a11-4d88-9dd8-ab754af26e88-2.exe /enablebho /agentregpath='HD-V1.9' /appid=61792 /srcid='001859' /subid='0' /zdata='0' /bic=8D9D8B3FAFB74B61A0CC02EE85B46139IE /verifier=74c1a036cd686a894792d0620e7e60f2 /installerversion=1_34_08_12 /installationtime=1408119177 /statsdomain=http://stats.inputdatacloud.com /errorsdomain=http://errors.inputdatacloud.com /bhoguid=11111111-1111-1111-1111-110611171192 /defbro=ie /useiepol /allusers /autoupdateulr='http://update.inputdatacloud.com/ie_ena ... pdate.json' /runfrom='task' /externallog=''
C:\Windows\tasks\3e8db241-0a11-4d88-9dd8-ab754af26e88-3.job - C:\Program Files (x86)\HD-V1.9\3e8db241-0a11-4d88-9dd8-ab754af26e88-3.exe /rawdata=NPjIBh32SosePX0fGi5HIl9xmdcPaMOEp63bq+i3c7ZtsMXnzz9e5c62/v5a5cBRkAEwx4NoOtvCj0WylrySs5G6+EDFgCfXHqcPR7FWUAR9kFs9ZCPjlEunMVSUZmRxiqc91HBzc69b4w2+kU7c4KqAYr9OrRhHLcueHsqgpvNBVYrW4XlxHHBK+FyCWjXo4fpElwlmf/xLBD3uzg51fDF1cMp5oXX12/eHkl9WuGX0GbKhaTmJL6uY78h9dlZBG0QTscJn3BiMGeLptNXmKkGZGGmnVeqiUVdZNtjUdVa+hWbJXZ2lu46z2oFZW/gA3tkwmsAn1hyexIR4uR4z9y729Q9V/1oYJ7j4AURwL7z7IjQJ4wlMWrwegakR4BUz+7OpKc8mwbWU0S0SRrHV/EVIaLyRw8ts9LWG64jrqCuRuP+SqbJQTaehfbufcrKhPno56wx1EYFARh4qQO1GCki7AHs2DOC46dDu8RLz+QscSsDlrycTQQlzNyjgvXcbxxCCSk4inALHG79CDC/4Y/uRHKaula0bKXBRpEGw/nB4XtHu+AuiT8wJkhKc/NOYUIgkfdzf3ccZ54WLJu2jSvEjEkpRZlw3vwJRkOM7OlClAxjDn7p7tgm74rFUvPdOrs/t2sipHlXRw5/fNuzMTSvaToqj+cN75VcwqPBMtop1MFHL3AQrH2g4vz69n0bCKCQEJupfYzVOLlWVS0QEGHwRp4qRe/AHUIb30kCfOs6JrPrRxjuS4ax41ztpYDBlrsm2TJBMuhACyfF2fzlg8b4jUqVOfk33BhxwvTUzLjaDZK/a96vpPagCIAfZJ4IxO9Mwyx9Rx5bIbrW1oJY3diVWA4GwPan9IHaHE41lv5AKZ23K9KuIE9ZRTuwMK+XJm0D3Oq+U680YmJA/qgL1dNKVZMHerUShmyAiCY1PDLst5QwNAS9ne/ZY1gbMa82j5l8cKaZ4upIakKUHeRe/U7v4Ilvjzpg4kFU9dp2n1QG5x0AG8U4R+JzIlVjurDi0AjGvA+lIHj1Q8QMSC8z0sg7+CVz18LlTWJMdZGcZKeHEEtPFM/wnxc9XGO2Qve7yprKGnGMaN2X4N3iTG+8eX5O2Mce4vmy0OAHsuccwgKDnDMKEsHxFvsUC3I83Wf2gypW11JNu6yMasK4bOFR2QrV50o9tdfT8+WZWG0qAlbxFZ4kxT3spAwmfPH0wm3AuBH1cu4WYAvHPWTFCbAmU/MHzy7Y2tAEycoXDFSng5L34Fgfly+cqv8dWs4rqk3mj5ve/2Wo8aPtma4Y2+wvGL/GhICF24hlOKB2cgEN9j9gOK5N+63HgKn6IRKDGsE7cuEvvuEDkZMIgjYZzUAHTDXtKObMDBqi5oF+lLUD25b8pEzgD7SF61UumfNPpaIAfGq1XpJl3ZA6t3HGx1wYj7s+6cO+BhNvWmnFwUkg5/2a23wciZO6YysFbBKf8cvlrjiWHSgoOypqNj3CqLd38cszG00NnUch/7LmHFNrY1Z2vfKGh9MWmEF2vqK5NNLlDLXlHKUcNF2HLguTAoXPsPYZPYIz0xA6gbbQ3m6hFp+0rQJbckCUnVCOSeL+wQGZNm72CpP2VKTWGe2oksnjj8KzyGK+UxW7nmsTpp13pHHB2mDZG3ZBm8RZWD3zMyMkICdZ9xIq0rUjOsLmdJxt3Lht1JWSdQ9ybxUQ2Jp8yVMA=
C:\Windows\tasks\3e8db241-0a11-4d88-9dd8-ab754af26e88-6.job - C:\Program Files (x86)\HD-V1.9\3e8db241-0a11-4d88-9dd8-ab754af26e88-6.exe /agentregpath='HD-V1.9-nv' /appid=61792 /srcid='001859' /subid='0' /zdata='0' /bic=8D9D8B3FAFB74B61A0CC02EE85B46139IE /verifier=74c1a036cd686a894792d0620e7e60f2 /installerversion=1_34_08_12 /installerfullversion=1.34.8.12 /installationtime=1408119177 /statsdomain=http://stats.inputdatacloud.com /errorsdomain=http://errors.inputdatacloud.com /codedownloaddomain=http://js.inputdatacloud.com /defbro=ie /DllName32ToInjectToChrome='9b9f3bbd-bfd1-4664-8723-5a2a77b18aa5.dll' /DllName64ToInjectToChrome='16f05506-499b-49b2-b0cf-35e7e75e9208.dll' /nova64bitexe='3e8db241-0a11-4d88-9dd8-ab754af26e88-64.exe' /browsername='nova' /usehklm /crregname='HD-V1.9' /fbcodedownloaddomain=http://js.clientdemocloud.com /addinfojson='{"asw":[1081360, -2113929215, 83951616],"browser_name":"__BROWSER_NAME__"}' /autoupdateulr='http://update.inputdatacloud.com/novaru ... pdate.json' /runfrom='task' /externallog=''
C:\Windows\tasks\3e8db241-0a11-4d88-9dd8-ab754af26e88-7.job - C:\Program Files (x86)\HD-V1.9\3e8db241-0a11-4d88-9dd8-ab754af26e88-7.exe /updateapp /agentregpath='HD-V1.9-nv' /appid=61792 /srcid='001859' /subid='0' /zdata='0' /bic=8D9D8B3FAFB74B61A0CC02EE85B46139IE /verifier=74c1a036cd686a894792d0620e7e60f2 /installerversion=1_34_08_12 /installerfullversion=1.34.8.12 /installationtime=1408119177 /statsdomain=http://stats.inputdatacloud.com /errorsdomain=http://errors.inputdatacloud.com /codedownloaddomain=http://js.inputdatacloud.com /defbro=ie /DllName32ToInjectToChrome='9b9f3bbd-bfd1-4664-8723-5a2a77b18aa5.dll' /DllName64ToInjectToChrome='16f05506-499b-49b2-b0cf-35e7e75e9208.dll' /nova64bitexe='3e8db241-0a11-4d88-9dd8-ab754af26e88-64.exe' /browsername='nova' /usehklm /crregname='HD-V1.9' /fbcodedownloaddomain=http://js.clientdemocloud.com /addinfojson='{"asw":[1081360, -2113929215, 83951616],"browser_name":"__BROWSER_NAME__"}' /runfrom=task /autoupdateulr='http://update.inputdatacloud.com/novaco ... pdate.json' /runfrom='task' /externallog=''
C:\Windows\tasks\fdd1e5fc-39c2-47ae-b769-5601ddbc5a0c.job - C:\Program Files (x86)\HD-V1.9\fdd1e5fc-39c2-47ae-b769-5601ddbc5a0c.exe 001859 8D9D8B3FAFB74B61A0CC02EE85B46139IE 61792 1408119177 93-0,102-0,104-0,178-288,179-288,180-288,223-288,263-24 HD-V1.9
C:\Windows\tasks\globalUpdateUpdateTaskMachineCore.job - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /c
C:\Windows\tasks\globalUpdateUpdateTaskMachineUA.job - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\Registry Optimizer_DEFAULT.job - C:\Program Files (x86)\WinZip Registry Optimizer\Winzipro.exe -default
C:\Windows\tasks\Registry Optimizer_UPDATES.job - C:\Program Files (x86)\WinZip Registry Optimizer\Winzipro.exe -updatecheck

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
IObit Apps Toolbar - C:\Program Files (x86)\IObit Apps Toolbar\IE\9.6\iobitappsToolbarIE.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611171192}]
HD-V1.9 - C:\Program Files (x86)\HD-V1.9\HD-V1.9-bho.dll [2014-08-15 610168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
IETabPage Class - C:\Program Files (x86)\SupTab\SupTab.dll [2014-08-15 507904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41545534-2D56-3700-76A7-7A786E7484D7}]
Ask Toolbar - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ATU4-V7\Passport.dll [2013-08-16 12240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5D9C17C6-093D-43E5-BF3D-4A13D162AB74}]
Lišta Centrum.cz - C:\PROGRA~2\CENTRU~1.O\LITACE~1.CZ\cenbho32.dll [2011-11-24 265680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-02-08 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-08-31 457712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-08-31 194504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14 1709152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}]
Advanced SystemCare Browser Protection - C:\PROGRA~2\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL [2014-02-20 669504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bfc39e47-d643-4dc2-aa1d-61377501c844}]
aTube Toolbar - C:\Program Files (x86)\atube\atubeX.dll [2011-10-31 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-02-08 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll [2011-08-17 1055808]
{EEE6C35B-6118-11DC-9C72-001320C79847}
{98889811-442D-49dd-99D7-DC866BE87DBC}
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-08-31 194504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer"=C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2009-11-02 103720]
"SSDMonitor"=C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [2011-12-12 103896]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2014-07-31 43816]
""= []
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2014-08-01 152392]
"DivXUpdate"=C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2014-01-10 1861968]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-08-31 4085896]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EA Core"=C:\Program Files (x86)\Electronic Arts\EADM\Core.exe [2009-03-28 3325952]
"WebcamMaxAutoRun"=C:\Program Files (x86)\WebcamMax\wcmmon.exe [2011-07-17 1038848]
"iCloudServices"=C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [2013-11-20 59720]
"ApplePhotoStreams"=C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [2013-11-20 59720]
"AppleIEDAV"=C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [2013-11-15 1326408]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"msacm.l3fhg"=mp3fhg.acm
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"VIDC.FFDS"=ff_vfw.dll
"VIDC.FMVC"=fmcodec.dll
"vidc.VP60"=C:\Windows\system32\vp6vfw.dll
"vidc.VP61"=C:\Windows\system32\vp6vfw.dll
"VIDC.DIVX"=divx.dll
"msacm.lameacm"=lameACM.acm

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 3 months======

2014-09-04 19:50:00 ----D---- C:\Program Files (x86)\trend micro
2014-09-01 10:19:16 ----D---- C:\ComboFixtext
2014-08-31 19:48:17 ----D---- C:\Users\Samsung\AppData\Roaming\AVAST Software
2014-08-31 19:46:33 ----D---- C:\ProgramData\Google
2014-08-31 19:45:24 ----A---- C:\Windows\avastSS.scr
2014-08-31 19:43:36 ----D---- C:\ProgramData\AVAST Software
2014-08-31 08:46:56 ----A---- C:\awh6A94.tmp
2014-08-30 17:27:27 ----A---- C:\awh8361.tmp
2014-08-30 16:23:52 ----D---- C:\Users\Samsung\AppData\Roaming\pSUxcuyV
2014-08-30 16:13:30 ----A---- C:\awh89E7.tmp
2014-08-27 21:52:38 ----A---- C:\Windows\SysWOW64\gdi32.dll
2014-08-27 21:49:08 ----A---- C:\awhC995.tmp
2014-08-24 22:05:19 ----A---- C:\awh1026.tmp
2014-08-22 21:04:50 ----A---- C:\awh1BBA.tmp
2014-08-22 17:45:31 ----A---- C:\awhFC13.tmp
2014-08-19 18:23:24 ----A---- C:\awhC522.tmp
2014-08-19 09:49:24 ----A---- C:\awhAB1D.tmp
2014-08-18 11:07:18 ----A---- C:\awhC428.tmp
2014-08-17 18:11:34 ----A---- C:\awh2A0C.tmp
2014-08-17 11:28:02 ----A---- C:\awh71D5.tmp
2014-08-16 20:29:07 ----A---- C:\awh20A9.tmp
2014-08-15 18:17:05 ----A---- C:\awhBBF4.tmp
2014-08-15 18:15:48 ----D---- C:\Program Files (x86)\Common Files\DivX Shared
2014-08-15 18:14:46 ----D---- C:\Program Files (x86)\DivX
2014-08-15 18:14:16 ----D---- C:\ProgramData\DivX
2014-08-15 18:13:08 ----D---- C:\Program Files (x86)\globalUpdate
2014-08-15 18:13:04 ----D---- C:\Program Files (x86)\HD-V1.9
2014-08-15 18:12:57 ----D---- C:\ProgramData\IePluginServices
2014-08-15 18:12:47 ----D---- C:\Program Files (x86)\SupTab
2014-08-15 18:12:39 ----D---- C:\ProgramData\WindowsMangerProtect
2014-08-15 18:12:25 ----D---- C:\Users\Samsung\AppData\Roaming\istartsurf
2014-08-15 18:11:54 ----D---- C:\Program Files (x86)\Common Files\Config
2014-08-15 16:39:34 ----A---- C:\Windows\SysWOW64\installd.exe
2014-08-15 16:39:14 ----A---- C:\Windows\SysWOW64\hfnapi.dll
2014-08-15 16:39:04 ----A---- C:\Windows\SysWOW64\hfpapi.dll
2014-08-15 12:39:18 ----D---- C:\Program Files (x86)\Common Files\Skype
2014-08-14 17:57:03 ----D---- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-13 20:29:44 ----A---- C:\Windows\SysWOW64\infocardapi.dll
2014-08-13 20:29:43 ----A---- C:\Windows\SysWOW64\icardagt.exe
2014-08-13 20:29:42 ----A---- C:\Windows\SysWOW64\icardres.dll
2014-08-13 20:29:28 ----A---- C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-13 19:40:58 ----A---- C:\Windows\SysWOW64\rpcrt4.dll
2014-08-13 19:40:42 ----A---- C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-13 19:40:41 ----A---- C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-13 19:40:41 ----A---- C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-13 19:40:41 ----A---- C:\Windows\SysWOW64\KBDRU.DLL
2014-08-13 19:40:41 ----A---- C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-13 19:40:33 ----A---- C:\Windows\SysWOW64\tzres.dll
2014-08-13 19:40:27 ----A---- C:\Windows\SysWOW64\msi.dll
2014-08-13 19:40:26 ----A---- C:\Windows\SysWOW64\authui.dll
2014-08-13 19:40:25 ----A---- C:\Windows\SysWOW64\msihnd.dll
2014-08-13 19:40:16 ----A---- C:\Windows\SysWOW64\shell32.dll
2014-08-13 19:40:09 ----A---- C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-13 19:40:08 ----A---- C:\Windows\SysWOW64\mshtmled.dll
2014-08-13 19:40:08 ----A---- C:\Windows\SysWOW64\jscript9diag.dll
2014-08-13 19:40:08 ----A---- C:\Windows\SysWOW64\iernonce.dll
2014-08-13 19:40:07 ----A---- C:\Windows\SysWOW64\urlmon.dll
2014-08-13 19:40:07 ----A---- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-13 19:40:06 ----A---- C:\Windows\SysWOW64\msfeeds.dll
2014-08-13 19:40:06 ----A---- C:\Windows\SysWOW64\dxtmsft.dll
2014-08-13 19:40:05 ----A---- C:\Windows\SysWOW64\mshtml.dll
2014-08-13 19:40:03 ----A---- C:\Windows\SysWOW64\iesetup.dll
2014-08-13 19:40:03 ----A---- C:\Windows\SysWOW64\iedkcs32.dll
2014-08-13 19:40:02 ----A---- C:\Windows\SysWOW64\jsproxy.dll
2014-08-13 19:40:02 ----A---- C:\Windows\SysWOW64\iertutil.dll
2014-08-13 19:40:01 ----A---- C:\Windows\SysWOW64\ieui.dll
2014-08-13 19:40:01 ----A---- C:\Windows\SysWOW64\dxtrans.dll
2014-08-13 19:40:00 ----A---- C:\Windows\SysWOW64\ieframe.dll
2014-08-13 19:39:57 ----A---- C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-13 19:39:57 ----A---- C:\Windows\SysWOW64\ieUnatt.exe
2014-08-13 19:39:54 ----A---- C:\Windows\SysWOW64\jscript9.dll
2014-08-13 19:39:53 ----A---- C:\Windows\SysWOW64\vbscript.dll
2014-08-13 19:39:52 ----A---- C:\Windows\SysWOW64\wininet.dll
2014-08-13 19:39:52 ----A---- C:\Windows\SysWOW64\ieapfltr.dll
2014-08-13 19:39:51 ----A---- C:\Windows\SysWOW64\msrating.dll
2014-08-13 19:39:51 ----A---- C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-12 20:52:32 ----D---- C:\Windows\rescache
2014-08-07 18:40:58 ----D---- C:\ProgramData\Malwarebytes
2014-08-06 12:23:13 ----A---- C:\Windows\ntbtlog.txt
2014-08-01 20:03:46 ----A---- C:\Windows\SysWOW64\wudriver.dll
2014-08-01 20:03:45 ----A---- C:\Windows\SysWOW64\wups.dll
2014-08-01 20:03:45 ----A---- C:\Windows\SysWOW64\wuapi.dll
2014-08-01 20:03:27 ----A---- C:\Windows\SysWOW64\wuwebv.dll
2014-08-01 20:03:27 ----A---- C:\Windows\SysWOW64\wuapp.exe
2014-07-31 20:35:40 ----A---- C:\Windows\SysWOW64\sqlite3.dll
2014-07-31 20:34:27 ----D---- C:\AdwCleaner
2014-07-28 23:02:10 ----D---- C:\rsit
2014-07-28 20:29:20 ----D---- C:\Users\Samsung\AppData\Roaming\SkypEmoticons
2014-07-28 20:28:35 ----D---- C:\ProgramData\EZSoftware
2014-07-28 20:27:41 ----D---- C:\ProgramData\fb6152e1da7df93e
2014-07-28 20:26:35 ----D---- C:\ProgramData\InstallMate
2014-07-22 17:14:00 ----D---- C:\Program Files (x86)\GUM376E.tmp
2014-07-22 17:14:00 ----A---- C:\Program Files (x86)\GUT376F.tmp
2014-07-09 20:18:58 ----A---- C:\Windows\SysWOW64\osk.exe
2014-07-09 20:18:56 ----A---- C:\Windows\SysWOW64\qedit.dll
2014-07-09 20:18:52 ----A---- C:\Windows\SysWOW64\kerberos.dll
2014-07-09 20:18:51 ----A---- C:\Windows\SysWOW64\schannel.dll
2014-07-09 20:18:50 ----A---- C:\Windows\SysWOW64\msv1_0.dll
2014-07-09 20:18:49 ----A---- C:\Windows\SysWOW64\wdigest.dll
2014-07-09 20:18:49 ----A---- C:\Windows\SysWOW64\TSpkg.dll
2014-07-09 20:18:49 ----A---- C:\Windows\SysWOW64\ncrypt.dll
2014-07-09 20:18:48 ----A---- C:\Windows\SysWOW64\credssp.dll
2014-07-09 20:17:35 ----A---- C:\Windows\SysWOW64\sspicli.dll
2014-07-09 20:17:35 ----A---- C:\Windows\SysWOW64\secur32.dll
2014-06-19 22:23:37 ----A---- C:\Users\Samsung\AppData\Roaming\temp.ini
2014-06-11 09:38:19 ----A---- C:\Windows\SysWOW64\usp10.dll
2014-06-11 09:38:15 ----A---- C:\Windows\SysWOW64\msxml6.dll
2014-06-11 09:38:14 ----A---- C:\Windows\SysWOW64\msxml6r.dll
2014-06-11 09:38:14 ----A---- C:\Windows\SysWOW64\msxml3r.dll
2014-06-11 09:38:14 ----A---- C:\Windows\SysWOW64\msxml3.dll

======List of files/folders modified in the last 3 months======

2014-09-04 19:50:02 ----D---- C:\Windows\temp
2014-09-04 19:50:00 ----RD---- C:\Program Files (x86)
2014-09-04 19:49:45 ----D---- C:\Users\Samsung\AppData\Roaming\Skype
2014-09-04 19:44:02 ----D---- C:\Users\Samsung\AppData\Roaming\Nitro PDF
2014-09-04 19:12:05 ----AD---- C:\ProgramData\Temp
2014-09-04 19:00:05 ----D---- C:\Windows
2014-09-04 18:56:07 ----D---- C:\Qoobox
2014-09-04 18:55:59 ----D---- C:\Windows\Prefetch
2014-09-04 18:25:51 ----A---- C:\Windows\SysWOW64\log.txt
2014-09-01 11:59:52 ----A---- C:\Windows\system.ini
2014-09-01 11:34:48 ----D---- C:\Windows\ERDNT
2014-09-01 11:29:58 ----D---- C:\Windows\SysWOW64\drivers
2014-09-01 11:29:58 ----D---- C:\Windows\SysWOW64
2014-09-01 11:29:58 ----D---- C:\Windows\AppPatch
2014-09-01 11:29:56 ----D---- C:\Program Files (x86)\Common Files
2014-09-01 10:34:15 ----D---- C:\Windows\System32
2014-09-01 10:34:15 ----D---- C:\Windows\inf
2014-09-01 10:14:06 ----D---- C:\Users\Samsung\AppData\Roaming\uTorrent
2014-09-01 09:46:18 ----D---- C:\Users\Samsung\AppData\Roaming\Seznam.cz
2014-09-01 09:41:29 ----D---- C:\Windows\Tasks
2014-08-31 20:35:41 ----D---- C:\ProgramData\ProductData
2014-08-31 19:46:44 ----RD---- C:\Program Files
2014-08-31 19:46:44 ----D---- C:\Program Files (x86)\Google
2014-08-31 19:46:42 ----SHD---- C:\Windows\Installer
2014-08-31 19:46:42 ----D---- C:\Config.Msi
2014-08-31 19:46:33 ----D---- C:\ProgramData
2014-08-31 19:45:44 ----D---- C:\Windows\winsxs
2014-08-31 19:44:39 ----SHD---- C:\System Volume Information
2014-08-15 12:39:23 ----D---- C:\ProgramData\Skype
2014-08-14 20:41:40 ----D---- C:\Windows\Microsoft.NET
2014-08-14 20:41:00 ----RSD---- C:\Windows\assembly
2014-08-14 17:57:55 ----D---- C:\Program Files (x86)\iTunes
2014-08-14 17:57:03 ----D---- C:\Program Files (x86)\Common Files\Apple
2014-08-13 23:45:24 ----D---- C:\Windows\ehome
2014-08-13 23:45:23 ----RSD---- C:\Windows\Fonts
2014-08-13 23:45:08 ----D---- C:\Windows\SysWOW64\cs-CZ
2014-08-13 23:45:04 ----D---- C:\Windows\SysWOW64\en-US
2014-08-13 23:45:03 ----D---- C:\Windows\PolicyDefinitions
2014-08-13 23:44:59 ----D---- C:\Program Files (x86)\Internet Explorer
2014-08-13 20:45:37 ----D---- C:\ProgramData\Microsoft Help
2014-08-13 20:34:51 ----D---- C:\Windows\debug
2014-08-09 19:03:19 ----D---- C:\Windows\Logs
2014-08-08 15:11:22 ----RD---- C:\Program Files (x86)\Skype
2014-08-08 15:09:29 ----D---- C:\Windows\SoftwareDistribution
2014-08-07 21:52:16 ----D---- C:\Program Files (x86)\Common Files\Spigot
2014-08-07 21:52:12 ----D---- C:\Users\Samsung\AppData\Roaming\Systweak
2014-08-07 21:52:11 ----D---- C:\Users\Samsung\AppData\Roaming\Funmoods
2014-08-07 21:52:11 ----D---- C:\Program Files (x86)\Boxore
2014-08-07 21:51:40 ----D---- C:\Program Files (x86)\Ask.com
2014-07-29 17:32:11 ----D---- C:\Program Files (x86)\IObit
2014-07-28 20:27:41 ----D---- C:\Windows\SysWOW64\GroupPolicy
2014-07-28 20:27:38 ----RD---- C:\Users
2014-07-25 06:00:26 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2014-07-22 17:30:45 ----D---- C:\ProgramData\IObit
2014-07-20 22:21:46 ----D---- C:\Program Files (x86)\DVDVideoSoft
2014-07-20 22:20:47 ----D---- C:\Program Files (x86)\Common Files\DVDVideoSoft
2014-07-20 22:20:23 ----D---- C:\Users\Samsung\AppData\Roaming\DVDVideoSoft
2014-07-10 14:23:01 ----D---- C:\Windows\SysWOW64\Dism

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\Windows\SysWOW64\drivers\aswRvrt.sys []
R0 aswVmm;avast! VM Monitor; C:\Windows\SysWOW64\drivers\aswVmm.sys []
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys []
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys []
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys []
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys []
R1 SABI;SAMSUNG Kernel Driver For Windows 7; \??\C:\Windows\system32\Drivers\SABI.sys []
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys []
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys []
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys []
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys []
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys []
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl664.sys []
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys []
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys []
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys []
R3 BTWAMPFL;btwampfl; C:\Windows\system32\DRIVERS\btwampfl.sys []
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys []
R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\DRIVERS\btwavdt.sys []
R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys []
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys []
R3 clwvd;CyberLink WebCam Virtual Driver; C:\Windows\system32\DRIVERS\clwvd.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys []
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys []
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys []
R3 Impcd;Impcd; C:\Windows\system32\DRIVERS\Impcd.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys []
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys []
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys []
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys []
R3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys []
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys []
R3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys []
S2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys []
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys []
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files (x86)\MediaCoder\SysInfoX64.sys []
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys []
S3 Netaapl;Apple Mobile Device Ethernet Service; C:\Windows\system32\DRIVERS\netaapl64.sys []
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsux64.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys []
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys []
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys []
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys []
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-18 65432]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2014-06-12 43336]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-08-31 50344]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 462184]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2010-10-22 953632]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-09-22 974944]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2012-02-08 325656]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2; C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2012-04-11 204304]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-12-12 793048]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [2012-02-08 244904]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2012-11-02 2365792]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-02-08 2533400]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2014-08-01 641352]
S2 BackupStack;Computer Backup (MyPC Backup); C:\Program Files (x86)\MyPC Backup\BackupStack.exe []
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-10 116648]
S2 IePluginServices;IePlugin Services; C:\ProgramData\IePluginServices\PluginService.exe [2014-08-15 694784]
S3 globalUpdatem;globalUpdate Update Service (globalUpdatem); C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-08-15 68608]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-10 116648]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2014-08-31 194032]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe /V []
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe []
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

#17 Příspěvek od **Márty84** » 10 zář 2014 02:58

Zkuste znovu ADWCleaner.

Pokud zase nepujde, stahnete novy combofix a spustte novy sken.

Holicz · #18 Příspěvek od **Holicz** » 10 zář 2014 14:46

ADWCleaner

# AdwCleaner v3.309 - Report created 10/09/2014 at 15:34:38
# Updated 02/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Samsung - SAMSUNG-PC
# Running from : C:\Users\Samsung\Desktop\adwcleaner_3.309.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : BackupStack
[#] Service Deleted : globalUpdatem
Service Deleted : IePluginServices

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\AskPartnerNetwork
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\ICQ\ICQToolbar
Folder Deleted : C:\ProgramData\IePluginServices
Folder Deleted : C:\ProgramData\SweetIM
Folder Deleted : C:\ProgramData\WindowsMangerProtect
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SkypEmoticons
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Registry Optimizer
Folder Deleted : C:\Program Files (x86)\~BabylonToolbar
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork
Folder Deleted : C:\Program Files (x86)\Boxore
[!] Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\ICQ6Toolbar
Folder Deleted : C:\Program Files (x86)\SupTab
Folder Deleted : C:\Program Files (x86)\WinZip Registry Optimizer
Folder Deleted : C:\Program Files (x86)\HD-V1.9
Folder Deleted : C:\Program Files (x86)\Common Files\Spigot
Folder Deleted : C:\Windows\Installer\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
Folder Deleted : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Folder Deleted : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\torch
Folder Deleted : C:\Users\Samsung\AppData\Local\apn
Folder Deleted : C:\Users\Samsung\AppData\Local\AskPartnerNetwork
Folder Deleted : C:\Users\Samsung\AppData\Local\Babylon
Folder Deleted : C:\Users\Samsung\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Samsung\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Samsung\AppData\Local\iLivid
Folder Deleted : C:\Users\Samsung\AppData\Local\torch
Folder Deleted : C:\Users\Samsung\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Samsung\AppData\LocalLow\searchresultstb
Folder Deleted : C:\Users\Samsung\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Samsung\AppData\Roaming\Funmoods
Folder Deleted : C:\Users\Samsung\AppData\Roaming\istartsurf
Folder Deleted : C:\Users\Samsung\AppData\Roaming\SkypEmoticons
Folder Deleted : C:\Users\Samsung\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Folder Deleted : C:\Users\Samsung\AppData\Local\Software
Folder Deleted : C:\Program Files (x86)\Software
File Deleted : C:\Windows\SysWOW64\hfpapi.dll
File Deleted : C:\Windows\SysWOW64\installd.exe
File Deleted : C:\Windows\System32\drivers\nethfdrv.sys
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
File Deleted : C:\Program Files (x86)\Mozilla Firefox\user.js

***** [ Scheduled Tasks ] *****

Task Deleted : globalUpdateUpdateTaskMachineCore
Task Deleted : globalUpdateUpdateTaskMachineUA
Task Deleted : Scheduled Update for Ask Toolbar
Task Deleted : 3e8db241-0a11-4d88-9dd8-ab754af26e88-1
Task Deleted : 3e8db241-0a11-4d88-9dd8-ab754af26e88-11
Task Deleted : 3e8db241-0a11-4d88-9dd8-ab754af26e88-2
Task Deleted : 3e8db241-0a11-4d88-9dd8-ab754af26e88-3
Task Deleted : 3e8db241-0a11-4d88-9dd8-ab754af26e88-6
Task Deleted : 3e8db241-0a11-4d88-9dd8-ab754af26e88-7
Task Deleted : fdd1e5fc-39c2-47ae-b769-5601ddbc5a0c

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\Samsung\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Samsung\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\Samsung\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\loaalbhdjmjgdckmmeflpmbacffgnmme
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ICQ Service.exe
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook
Key Deleted : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook.1
Key Deleted : HKLM\SOFTWARE\Classes\MIME\Database\Content Type\application/x-vnd.software.oneclickctrl.8
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\sim-packages
Key Deleted : HKLM\SOFTWARE\Classes\Software.OneClickCtrl.8
Key Deleted : HKLM\SOFTWARE\Classes\SoftwareUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\SoftwareUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\SoftwareUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\SoftwareUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\APN_ATU3__RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\APN_ATU3__RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\boxore_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\boxore_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Deals Plugin_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Deals Plugin_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\DealsPluginROW_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\DealsPluginROW_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@www.dlmanager.net/omaha/tools//Software Update;version=8
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0061792.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0061792.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0061792.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_iringer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_iringer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{32451DFC-C23B-4E12-866C-FC7982238504}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{092A2C6B-43EE-4F9F-8F8E-14ED5E11C14B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{257A6158-1416-4B31-9BF8-29FF49F3814F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{32451DFC-C23B-4E12-866C-FC7982238504}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{42AEFAF9-09D6-4185-87AE-DEDF6E955CB4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AC5C4189-A8A0-4C9D-8910-C9CEF8360077}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622172292}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{736EF78E-5A04-46F9-893E-EDEC6EA5DF45}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7A1BCE27-099C-4628-B63A-AEC00C6376B3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AF3AFF7C-B9E9-48DD-9002-212B6DEAAC02}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DBE82879-914A-422F-BAE9-2ECC80BE536F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E12D7149-73EF-45E4-A1E9-99FD7DAE62D3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F2B184F1-547C-4EE9-BFC4-AC489C7077D9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055225558}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055385547}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055465537}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655175592}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066226658}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066386647}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066466637}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666176692}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077227758}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1C1356DA-1E98-4810-A9F6-18D89BD1C0C0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EAB5257A-1FB3-474C-9B42-231F52622E72}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{42AEFAF9-09D6-4185-87AE-DEDF6E955CB4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{14CD42DD-ABCD-3586-DCAB-40E3693E3737}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{42AEFAF9-09D6-4185-87AE-DEDF6E955CB4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622172292}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055225558}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055385547}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055465537}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655175592}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066226658}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066386647}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066466637}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666176692}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077227758}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command
Key Deleted : HKCU\Software\APN DTX
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskPartnerNetwork
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\ICQ\ICQToolbar
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\PIP
Key Deleted : HKCU\Software\RegisteredApplicationsEx
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\SupHpUISoft
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\HD-V1.9
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\SOFTWARE\APN
Key Deleted : HKLM\SOFTWARE\Application Updater
Key Deleted : HKLM\SOFTWARE\AskPartnerNetwork
Key Deleted : HKLM\SOFTWARE\AskToolbar
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\BetterSurf
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\ICQ\ICQToolbar
Key Deleted : HKLM\SOFTWARE\InstallCore
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\istartsurfSoftware
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\Search Settings
Key Deleted : HKLM\SOFTWARE\SupDp
Key Deleted : HKLM\SOFTWARE\SupTab
Key Deleted : HKLM\SOFTWARE\supWindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\supWPM
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKLM\SOFTWARE\HD-V1.9
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WindowsMangerProtect
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : [x64] HKLM\SOFTWARE\Speedchecker Limited
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCSU-SL_is1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\547B38670606DF14AA57B0BB83F3AE4D
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\64A6E60055D801F4BB8AC269354B72B8
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\70BB52E0BE26F67478CFA64F62BA50E9
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\547B38670606DF14AA57B0BB83F3AE4D
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\64A6E60055D801F4BB8AC269354B72B8
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\70BB52E0BE26F67478CFA64F62BA50E9
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12BF94BD06C95F343A77631402B9556A
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2124D8A8CF720FD44866190AF560228E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27A325ACED8CA4743A30127638591ADB
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\350D17402BD84234EAF7D32F08172D7C
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\38D5CDD0A851B3940A43CC50ABBA251C
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EE8C5F419057E1478A654868CEE60B5
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4735D908D66E1BA46B6C2D7185A12B2B
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76D8378E2DDAED3428720A631F6E3BF0
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8724E58E6C7D00C48A0D4F3345EB2C26
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A001B259DB7D694E818BE29B973992C
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB676B0E1B9EFA049B9F7DDDA9645734
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B31BBB0B825EDEF45AB0FE7099C68C81
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B471D8D7319336B4CA89374ED0D7B806
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA71D41F6CC0B6247B05D473850A8AEA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE2EC163C6A68A48921573E0E7E199D
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC30043663AA2CA4DA1DAA9CA5FDCC75
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C06C6662FA5B04646829E4A460857770
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEEB3E14ABE8270419B0FD762E18F7C6
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1B5E9A3BDB51349BF96E842C062D98
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDC83385E6C239F4C876A77A37DF581D
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FECBC2BC14DA6CD459BD59A041709836
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\547B38670606DF14AA57B0BB83F3AE4D
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\64A6E60055D801F4BB8AC269354B72B8
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\70BB52E0BE26F67478CFA64F62BA50E9
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EE58E3C298524145B73CBBED3CAC4D3
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\1C875DDE39636004CA8CDAEC335B4160
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\BA086F2D38A8E1A47912955A68B3AD24
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17239

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [CustomizeSearch]

-\\ Google Chrome v36.0.1985.125

[ File : C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.icq.com/search/results.php?ch_id=osd&q={searchTerms}&icid=chrome
Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=OVO2&o=APN10379&locale=en_EU&apn_uid=862382dd-0267-4d52-bc99-d87ad31c7ba2&apn_ptnrs=%5EABE&apn_sauid=22A58B60-5E22-4E74-9B95-DF6E04E037B8&apn_dtid=%5EYYYYYY%5EYY%5ECZ&q={searchTerms}
Deleted [Search Provider] : hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=ironpub12&cd=2XzuyEtN2Y1L1Qzu0EzztCtCtAtBzzyB0EyC0FtBzz0DyC0CtN0D0Tzu0CtAzytDtN1L2XzutBtFtBtFtCtFyEyCyCtN1L1Czu1L1C1F1G1E2Y1StCtB&cr=1168698443&ir=
Deleted [Search Provider] : hxxp://www.search.ask.com/web?p2=%5EB1V%5EYYYY ... earchTerms}
Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ATU3&o=APN10379&locale=en_EU&apn_uid=&apn_ptnrs=%5EABE&apn_sauid=&apn_dtid=%5EYYYYYY%5EYY%5ECZ&psv=&q={searchTerms}
Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ATU3&o=APN10379&locale=en_EU&apn_uid=&apn_ptnrs=%5EABE&apn_sauid=&apn_dtid=%5EYYYYYY%5EYY%5ECZ&psv=&q={searchTerms}
Deleted [Search Provider] : hxxp://www.revitalon.cz/?page=websearch&srchtext={searchTerms}
Deleted [Search Provider] : hxxp://sr.searchfunmoods.com/results.php?q={searchTerms}&a=enb-cjpg&f=2&category=web&x=c29b6117-dfc4-4034-b84c-5e629733c140&uref=g1&start=11
Deleted [Search Provider] : hxxp://websearch.wonderfulsearches.info/?l=1&q={searchTerms}&pid=3326&r=2014/07/28&hid=6263081216834321338&lg=EN&cc=CZ&unqvl=60
Deleted [Search Provider] : hxxp://websearch.wonderfulsearches.info/?l=1&q={searchTerms}&pid=3326&r=2014/07/28&hid=6263081216834321338&lg=EN&cc=CZ&unqvl=60
Deleted [Search Provider] : hxxp://www.istartsurf.com/web/?type=ds&ts=1408 ... earchTerms}
Deleted [Search Provider] : hxxp://www.istartsurf.com/web/?type=ds&ts=1408 ... earchTerms}

*************************

AdwCleaner[R0].txt - [36233 octets] - [31/07/2014 20:34:58]
AdwCleaner[R1].txt - [36233 octets] - [31/07/2014 21:22:02]
AdwCleaner[R2].txt - [36224 octets] - [06/08/2014 12:37:24]
AdwCleaner[R3].txt - [45744 octets] - [10/09/2014 15:31:25]
AdwCleaner[S0].txt - [43540 octets] - [10/09/2014 15:34:38]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [43601 octets] ##########

#19 Příspěvek od **Márty84** » 10 zář 2014 19:15

Kde na to porad chodite

Zopakujte MBAM

Holicz · #20 Příspěvek od **Holicz** » 11 zář 2014 19:11

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenov?n?: 11.9.2014
?as skenov?n?: 17:20:12
Protokol: log.txt
Spr?vce: Ano

Verze: 2.00.2.1012
Datab?ze malwaru: v2014.09.11.04
Datab?ze rootkit?: v2014.09.10.02
Licence: Bezplatn? verze
Ochrana proti malwaru: Vypnuto
Ochrana proti ?kodliv?m webov?m str?nk?m: Vypnuto
Self-protection: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborov? syst?m: NTFS
U?ivatel: Samsung

Typ skenu: Vlastn? sken
V?sledek: Dokon?eno
Prohledan?ch objekt?: 621587
Uplynul? ?as: 2 hod, 15 min, 39 sek

Pam??: Zapnuto
Po spu?t?n?: Zapnuto
Souborov? syst?m: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristics: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(No malicious items detected)

Moduly: 0
(No malicious items detected)

Kl??e registru: 2
PUP.Optional.PlusHD.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\HD-V1.9, , [97c930bcee8d290dad14739b29da7c84],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110611171192}, , [164a6389accfcc6a1459609fa460fc04],

Hodnoty registru: 0
(No malicious items detected)

Data registru: 0
(No malicious items detected)

Slo?ky: 12
PUP.Optional.OffersWizard.A, C:\Program Files (x86)\Common Files\Config, , [7de326c64d2e51e54d8b1fe7a65de21e],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\extensionData, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\extensionData\plugins, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\extensionData\userCode, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\icons, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\icons\actions, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\js, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\js\api, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\js\lib, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\js\lib\popupResource, , [f76941ab601bce680597faf555adae52],

Soubory: 117
PUP.Optional.Amonetize, C:\Users\Samsung\AppData\Local\24350\trzF1D.tmp, , [4e12eb0148331026303e65418f7223dd],
PUP.Optional.InfoHD.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\HD-V1.9\3e8db241-0a11-4d88-9dd8-ab754af26e88-6.exe.vir, , [7ce4806cafccad8945f1b2f552aff40c],
PUP.Optional.InfoHD.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\HD-V1.9\3e8db241-0a11-4d88-9dd8-ab754af26e88-11.exe.vir, , [81df4e9ef08b78be13239215d72ac040],
PUP.Optional.InfoHD.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\HD-V1.9\3e8db241-0a11-4d88-9dd8-ab754af26e88-2.exe.vir, , [08588567a0db52e41e18c3e4dd2422de],
PUP.Optional.InfoHD.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\HD-V1.9\3e8db241-0a11-4d88-9dd8-ab754af26e88-3.exe.vir, , [acb46c80c7b47eb8f73fd8cfc43d5da3],
PUP.Optional.InfoHD.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\HD-V1.9\3e8db241-0a11-4d88-9dd8-ab754af26e88-4.exe.vir, , [7ee228c42f4c9a9cd0661b8ce9189070],
PUP.Optional.InfoHD.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\HD-V1.9\3e8db241-0a11-4d88-9dd8-ab754af26e88-5.exe.vir, , [b5ab3fadc1ba6acc35015a4d6b96e020],
PUP.Optional.InfoHD.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\HD-V1.9\3e8db241-0a11-4d88-9dd8-ab754af26e88-64.exe.vir, , [560a40ac7efd072f4fe7ecbbb94807f9],
PUP.Optional.InfoHD.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\HD-V1.9\3e8db241-0a11-4d88-9dd8-ab754af26e88-7.exe.vir, , [fe62727aa0db88ae70c6287fc73aeb15],
PUP.Optional.InfoHD.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\HD-V1.9\HD-V1.9-bg.exe.vir, , [00602cc0bfbc2115300631765da4e61a],
PUP.Optional.InfoHD.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\HD-V1.9\HD-V1.9-bho.dll.vir, , [5c0406e6314a2115ad89dacd9c657b85],
PUP.Optional.InfoHD.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\HD-V1.9\HD-V1.9-bho64.dll.vir, , [065ae8044833e74fc96d1b8c6b960cf4],
PUP.Optional.InfoHD.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\HD-V1.9\HD-V1.9-codedownloader.exe.vir, , [76eab339b3c8e35303334a5d847dd22e],
PUP.Optional.InfoHD.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\HD-V1.9\trzEDE.tmp.vir, , [0b55bb3199e295a125113572b74a0ef2],
PUP.Optional.CrossRider.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\HD-V1.9\utils.exe.vir, , [fe62a44887f47bbb1e2706464db3dc24],
PUP.Optional.IEPluginService.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\RSHP.exe.vir, , [65fb14d83c3f88ae3ffdbeba16eb7888],
PUP.Optional.ELEX, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupIePluginServiceUpdate.exe.vir, , [91cf3ab284f7b77f73773a749c652dd3],
PUP.Optional.SupTab.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir, , [3a2600eca3d80e288ff270c54fb153ad],
PUP.Optional.ELEX, C:\AdwCleaner\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir, , [de8201eb4239ae88ae3c3579b44dec14],
PUP.Optional.WindowsProtectManger.A, C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir, , [114f4f9d26551d195c064c6520e17987],
PUP.Optional.SearchSuite, C:\AdwCleaner\Quarantine\C\Users\Samsung\AppData\Local\iLivid\msvcr100.dll.vir, , [db858d5f7efd9e98404b12ac31d0c838],
PUP.Optional.NetFilter, C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\hfpapi.dll.vir, , [83dd2ac2413a1125ec1db00a6a97d729],
PUP.Optional.Spigot.A, C:\Qoobox\Quarantine\C\Program Files (x86)\IObit Apps Toolbar\IE\9.6\iobitappsToolbarIE.dll.vir, , [20401ad2e695d0667238407a649d7987],
PUP.Optional.Spigot.A, C:\Qoobox\Quarantine\C\Program Files (x86)\IObit Apps Toolbar\IE\9.6\iobitappsToolbarIE64.dll.vir, , [9ec241ab532865d1b3f711a9629f619f],
PUP.Optional.NetFilter, C:\Windows\SysWOW64\hfnapi.dll, , [6cf4f9f34734092dd6324d6d867bf10f],
PUP.Optional.Spigot.A, C:\Config.Msi\32f394.rbf, , [0d5323c9adcef541a2082793fe0326da],
PUP.Optional.Spigot.A, C:\Config.Msi\53e2a.rbf, , [124ec02c4d2e46f0efbb744615ec58a8],
PUP.Optional.Spigot.A, C:\Config.Msi\53e2b.rbf, , [1050ca225f1c2313a4067a40b44de719],
PUP.Optional.OffersWizard.A, C:\Program Files (x86)\Common Files\Config\ver.xml, , [7de326c64d2e51e54d8b1fe7a65de21e],
PUP.Optional.OffersWizard.A, C:\Program Files (x86)\Common Files\Config\data.xml, , [7de326c64d2e51e54d8b1fe7a65de21e],
PUP.Optional.OffersWizard.A, C:\Program Files (x86)\Common Files\Config\uninstinethnfd.exe, , [7de326c64d2e51e54d8b1fe7a65de21e],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\background.html, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\chromeCoreFilesIndex.txt, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\manifest.json, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\popup.html, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\Settings.json, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\extensionData\manifest.xml, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\extensionData\plugins.json, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\extensionData\plugins\242.js, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\extensionData\plugins\102.js, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\extensionData\plugins\104.js, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\extensionData\plugins\119.js, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\extensionData\plugins\123.js, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\extensionData\plugins\13.js, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\extensionData\plugins\14.js, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\extensionData\plugins\155.js, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\extensionData\plugins\17.js, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\extensionData\plugins\178.js, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\extensionData\plugins\179.js, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\extensionData\plugins\180.js, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\extensionData\plugins\184.js, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\extensionData\plugins\19.js, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\extensionData\plugins\191.js, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\extensionData\plugins\195.js, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\extensionData\plugins\198.js, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\extensionData\plugins\217.js, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\extensionData\plugins\220.js, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\extensionData\plugins\221.js, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\extensionData\plugins\223.js, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\extensionData\plugins\231.js, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\extensionData\plugins\232.js, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\extensionData\plugins\244.js, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\extensionData\plugins\246.js, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\extensionData\plugins\259.js, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\extensionData\plugins\262.js, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\extensionData\plugins\263.js, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\extensionData\plugins\267.js, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\extensionData\plugins\273.js, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\extensionData\plugins\281.js, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\extensionData\plugins\286.js, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\extensionData\plugins\288.js, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\extensionData\plugins\289.js, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\extensionData\plugins\300.js, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\extensionData\plugins\4.js, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\extensionData\plugins\47.js, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\extensionData\plugins\64.js, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\extensionData\plugins\7.js, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\extensionData\plugins\78.js, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\extensionData\plugins\80.js, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\extensionData\plugins\9.js, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\extensionData\plugins\91.js, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\extensionData\plugins\93.js, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\extensionData\plugins\97.js, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\extensionData\userCode\background.js, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\extensionData\userCode\extension.js, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\icons\icon128.png, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\icons\icon16.png, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\icons\icon48.png, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\icons\actions\1.png, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\js\background.js, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\js\main.js, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\js\platformVersion.js, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\js\api\chrome.js, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\js\api\cookie.js, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\js\api\message.js, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\js\api\monitor.js, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\js\api\pageAction.js, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\js\api\pageActionBG.js, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\js\lib\app_api.js, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\js\lib\bg_app_api.js, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\js\lib\consts.js, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\js\lib\cookie_store.js, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\js\lib\crossriderAPI.js, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\js\lib\delegate.js, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\js\lib\events.js, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\js\lib\extensionDataStore.js, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\js\lib\installer.js, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\js\lib\logFile.js, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\js\lib\logging.js, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\js\lib\onBGDocumentLoad.js, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\js\lib\reports.js, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\js\lib\storageWrapper.js, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\js\lib\updateManager.js, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\js\lib\util.js, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\js\lib\xhr.js, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\js\lib\popupResource\newPopup.js, , [f76941ab601bce680597faf555adae52],
PUP.Optional.CrossRider.A, C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjanbijkblmillaeknkalicgnjidndkl\1.26.26_0\js\lib\popupResource\popup.js, , [f76941ab601bce680597faf555adae52],

Fyzick? sektory: 0
(No malicious items detected)

(end)

#21 Příspěvek od **Márty84** » 12 zář 2014 14:20

Vsechny nalezy hodte do karanteny. Pak restartujte pc a zopakujte test, at vime, jestli se to nevraci. Napiste jeho vysledek a podle toho zvolim dalsi postup.

Holicz · #22 Příspěvek od **Holicz** » 14 zář 2014 20:18

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenov?n?: 13.9.2014
?as skenov?n?: 11:23:34
Protokol: log.txt
Spr?vce: Ano

Verze: 2.00.2.1012
Datab?ze malwaru: v2014.09.13.01
Datab?ze rootkit?: v2014.09.12.01
Licence: Bezplatn? verze
Ochrana proti malwaru: Vypnuto
Ochrana proti ?kodliv?m webov?m str?nk?m: Vypnuto
Self-protection: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborov? syst?m: NTFS
U?ivatel: Samsung

Typ skenu: Vlastn? sken
V?sledek: Dokon?eno
Prohledan?ch objekt?: 625376
Uplynul? ?as: 2 hod, 22 min, 44 sek

Pam??: Zapnuto
Po spu?t?n?: Zapnuto
Souborov? syst?m: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristics: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(No malicious items detected)

Moduly: 0
(No malicious items detected)

Kl??e registru: 1
PUP.Optional.Agent, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{34BE6615-ADA0-46D1-9457-ABE77C82B0AD}, , [43e2e5084932ce68c3b6d3aeea188c74],

Hodnoty registru: 0
(No malicious items detected)

Data registru: 0
(No malicious items detected)

Slo?ky: 0
(No malicious items detected)

Soubory: 0
(No malicious items detected)

Fyzick? sektory: 0
(No malicious items detected)

(end)

#23 Příspěvek od **Márty84** » 15 zář 2014 09:45

Nalez nechte odstranit, pak MBAM odinstalujte.

Pokud nemate, zazalohujte si radeji dulezita data (fotky, dokumenty, atd.)

Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc!

Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Kliknete na ComboFix pravym mysidlem a levym na Spustit jako spravce
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace

Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

Holicz · #24 Příspěvek od **Holicz** » 20 zář 2014 11:34

ComboFix 14-09-16.01 - Samsung 15.09.2014 19:45:26.5.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3893.2484 [GMT 2:00]
Spuštěný z: c:\users\Samsung\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-08-15 do 2014-09-15 )))))))))))))))))))))))))))))))
.
.
2014-09-15 17:55 . 2014-09-15 17:55 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-09-15 17:55 . 2014-09-15 17:55 -------- d-----w- c:\users\Luboš\AppData\Local\temp
2014-09-15 17:55 . 2014-09-15 17:55 -------- d-----w- c:\users\HomeGroupUser$\AppData\Local\temp
2014-09-15 17:55 . 2014-09-15 17:55 -------- d-----w- c:\users\Guest\AppData\Local\temp
2014-09-15 17:55 . 2014-09-15 17:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-15 17:55 . 2014-09-15 17:55 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2014-09-13 09:44 . 2014-09-13 09:44 -------- d-----w- c:\program files\iPod
2014-09-13 09:44 . 2014-09-13 09:46 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-13 09:44 . 2014-09-13 09:46 -------- d-----w- c:\program files\iTunes
2014-09-12 11:16 . 2014-08-21 03:43 11319192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{995426B5-1436-4D3B-9290-EA8E01DB6EA9}\mpengine.dll
2014-09-10 12:29 . 2014-08-01 11:53 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-09-10 12:29 . 2014-08-01 11:35 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2014-09-10 12:29 . 2014-06-24 03:29 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-09-10 12:29 . 2014-06-24 02:59 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-09-10 11:04 . 2014-07-07 02:06 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-09-10 11:04 . 2014-07-07 01:40 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-09-10 11:04 . 2014-07-07 02:06 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-09-10 11:04 . 2014-07-07 01:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-09-10 11:04 . 2014-07-07 01:39 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-09-10 11:03 . 2014-09-05 02:10 578048 ----a-w- c:\windows\system32\aepdu.dll
2014-09-10 11:03 . 2014-09-05 02:05 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-09-10 11:03 . 2014-06-27 02:08 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-09-10 11:03 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2014-09-04 17:50 . 2014-09-04 17:50 -------- d-----w- c:\program files (x86)\trend micro
2014-08-31 17:48 . 2014-08-31 17:48 -------- d-----w- c:\users\Samsung\AppData\Roaming\AVAST Software
2014-08-31 17:46 . 2014-08-31 17:46 -------- d-----w- c:\program files\Google
2014-08-31 17:45 . 2014-08-31 17:47 427360 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-08-31 17:45 . 2014-08-31 17:45 92008 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-08-31 17:45 . 2014-08-31 17:45 224896 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-08-31 17:45 . 2014-08-31 17:45 1041168 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-08-31 17:45 . 2014-08-31 17:45 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-08-31 17:45 . 2014-08-31 17:45 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-08-31 17:45 . 2014-08-31 17:45 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-08-31 17:45 . 2014-08-31 17:45 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-08-31 17:45 . 2014-08-31 17:45 307344 ----a-w- c:\windows\system32\aswBoot.exe
2014-08-31 17:45 . 2014-08-31 17:45 43152 ----a-w- c:\windows\avastSS.scr
2014-08-31 17:44 . 2014-08-31 17:44 -------- d-----w- c:\program files\AVAST Software
2014-08-31 17:43 . 2014-08-31 17:44 -------- d-----w- c:\programdata\AVAST Software
2014-08-31 06:46 . 2014-08-31 06:46 687 ----a-w- C:\awh6A94.tmp
2014-08-30 15:27 . 2014-08-30 15:27 687 ----a-w- C:\awh8361.tmp
2014-08-30 14:23 . 2014-08-30 14:23 -------- d-----w- c:\users\Samsung\AppData\Roaming\pSUxcuyV
2014-08-30 14:13 . 2014-08-30 14:13 687 ----a-w- C:\awh89E7.tmp
2014-08-27 19:52 . 2014-08-23 00:59 3163648 ----a-w- c:\windows\system32\win32k.sys
2014-08-27 19:52 . 2014-08-23 02:07 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-27 19:52 . 2014-08-23 01:45 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-27 19:49 . 2014-08-27 19:49 687 ----a-w- C:\awhC995.tmp
2014-08-24 20:05 . 2014-08-24 20:05 687 ----a-w- C:\awh1026.tmp
2014-08-22 19:04 . 2014-08-22 19:04 687 ----a-w- C:\awh1BBA.tmp
2014-08-22 15:45 . 2014-08-22 15:45 687 ----a-w- C:\awhFC13.tmp
2014-08-19 16:23 . 2014-08-19 16:23 687 ----a-w- C:\awhC522.tmp
2014-08-19 07:49 . 2014-08-19 07:49 687 ----a-w- C:\awhAB1D.tmp
2014-08-18 09:07 . 2014-08-18 09:07 687 ----a-w- C:\awhC428.tmp
2014-08-17 16:11 . 2014-08-17 16:11 687 ----a-w- C:\awh2A0C.tmp
2014-08-17 09:28 . 2014-08-17 09:28 687 ----a-w- C:\awh71D5.tmp
2014-08-16 18:29 . 2014-08-16 18:29 687 ----a-w- C:\awh20A9.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-11 13:35 . 2012-02-12 09:41 101694776 ----a-w- c:\windows\system32\MRT.exe
2014-08-15 16:17 . 2014-08-15 16:17 687 ----a-w- C:\awhBBF4.tmp
2014-08-05 07:20 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-07-28 12:52 . 2014-07-28 12:52 6112072 ----a-w- c:\windows\system32\usbaaplrc.dll
2014-07-28 12:52 . 2014-07-28 12:52 54784 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2014-07-25 00:35 . 2014-07-25 00:35 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 21:47 . 2014-07-24 21:47 869544 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-07-22 15:14 . 2014-07-22 15:14 6010880 ----a-w- c:\program files (x86)\GUT376F.tmp
2014-07-16 03:23 . 2014-08-13 17:40 2048 ----a-w- c:\windows\system32\tzres.dll
2014-07-16 02:46 . 2014-08-13 17:40 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-07-14 02:02 . 2014-08-13 17:41 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-07-14 01:40 . 2014-08-13 17:40 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-07-09 02:03 . 2014-08-13 17:40 7168 ----a-w- c:\windows\system32\KBDTAT.DLL
2014-07-09 02:03 . 2014-08-13 17:40 7168 ----a-w- c:\windows\system32\KBDRU1.DLL
2014-07-09 02:03 . 2014-08-13 17:40 6656 ----a-w- c:\windows\system32\KBDRU.DLL
2014-07-09 02:03 . 2014-08-13 17:40 7168 ----a-w- c:\windows\system32\KBDYAK.DLL
2014-07-09 02:03 . 2014-08-13 17:40 7168 ----a-w- c:\windows\system32\KBDBASH.DLL
2014-07-09 01:31 . 2014-08-13 17:40 7168 ----a-w- c:\windows\SysWow64\KBDYAK.DLL
2014-07-09 01:31 . 2014-08-13 17:40 6656 ----a-w- c:\windows\SysWow64\KBDBASH.DLL
2014-06-30 22:24 . 2014-08-13 18:29 8856 ----a-w- c:\windows\system32\icardres.dll
2014-06-30 22:14 . 2014-08-13 18:29 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-06-25 02:05 . 2014-08-13 17:40 14175744 ----a-w- c:\windows\system32\shell32.dll
2014-06-18 02:18 . 2014-07-09 18:18 692736 ----a-w- c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-09 18:18 646144 ----a-w- c:\windows\SysWow64\osk.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EA Core"="c:\program files (x86)\Electronic Arts\EADM\Core.exe" [2009-03-28 3325952]
"WebcamMaxAutoRun"="c:\program files (x86)\WebcamMax\wcmmon.exe" [2011-07-17 1038848]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-11-20 59720]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-11-20 59720]
"AppleIEDAV"="c:\program files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe" [2013-11-15 1326408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2011-12-12 103896]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-07-31 43816]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2014-01-10 1861968]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-31 4085896]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-09-01 152392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-10-22 1133856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:18d5a07c /wow /dir:C:\Program
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [x]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-10 18:26 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-08-10 18:26]
.
2014-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-08-10 18:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-08-31 17:45 634872 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-08 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-08 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-08 415256]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-02-08 11660904]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com
uCustomizeSearch = hxxp://www.google.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Upload to Facebook - c:\program files (x86)\WebcamMax\share\iecontext.htm
TCP: DhcpNameServer = 213.46.172.37 213.46.172.36
TCP: Interfaces\{437DF307-EDD5-4A7C-B798-169505122258}: NameServer = 10.168.38.53
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{41545534-2D56-3700-76A7-7A786E7484D7} - (no file)
BHO-{bfc39e47-d643-4dc2-aa1d-61377501c844} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
Celkový čas: 2014-09-15 19:57:39
ComboFix-quarantined-files.txt 2014-09-15 17:57
ComboFix2.txt 2014-09-01 10:04
.
Před spuštěním: 5 088 788 480
Po spuštění: 5 535 842 304
.
- - End Of File - - 2A581B090DF6356F0CB49D410BB8D301

#25 Příspěvek od **Márty84** » 22 zář 2014 13:10

Vypnete trvale Windows Defender

Dejte novy log z RSIT

Holicz · #26 Příspěvek od **Holicz** » 23 zář 2014 19:20

Logfile of random's system information tool 1.10 (written by random/random)
Run by Samsung at 2014-09-23 20:15:36
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 3 GB (1%) free of 237 GB
Total RAM: 3893 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:15:39, on 23.9.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17280)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\Samsung\Downloads\RSIT (1).exe
C:\Program Files (x86)\trend micro\Samsung.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://search13.net/search.php?clid=486&q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Ask Toolbar BHO - {41545534-2D56-3700-76A7-7A786E7484D7} - (no file)
O2 - BHO: Lišta Centrum.cz - {5D9C17C6-093D-43E5-BF3D-4A13D162AB74} - C:\PROGRA~2\CENTRU~1.O\LITACE~1.CZ\cenbho32.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL
O2 - BHO: aTube Toolbar - {bfc39e47-d643-4dc2-aa1d-61377501c844} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [WebcamMaxAutoRun] "C:\Program Files (x86)\WebcamMax\wcmmon.exe" -a
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [AppleIEDAV] C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Upload to Facebook - C:\Program Files (x86)\WebcamMax\share\iecontext.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Odeslat do zařízení Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Odeslat do zařízení &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{437DF307-EDD5-4A7C-B798-169505122258}: NameServer = 10.168.38.53
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NitroPDFReaderDriverCreatorReadSpool2 (NitroReaderDriverReadSpool2) - Nitro PDF Software - C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: AVG PC TuneUp Service (TuneUp.UtilitiesSvc) - AVG - C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11585 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41545534-2D56-3700-76A7-7A786E7484D7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5D9C17C6-093D-43E5-BF3D-4A13D162AB74}]
Lišta Centrum.cz - C:\PROGRA~2\CENTRU~1.O\LITACE~1.CZ\cenbho32.dll [2011-11-24 265680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-02-08 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-08-31 457712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-08-31 194504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14 1709152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}]
Advanced SystemCare Browser Protection - C:\PROGRA~2\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL [2014-02-20 669504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bfc39e47-d643-4dc2-aa1d-61377501c844}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-02-08 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-08-31 194504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer"=C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2009-11-02 103720]
"SSDMonitor"=C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [2011-12-12 103896]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2014-07-31 43816]
""= []
"DivXUpdate"=C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2014-01-10 1861968]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-08-31 4085896]
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2014-09-01 152392]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21 959176]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EA Core"=C:\Program Files (x86)\Electronic Arts\EADM\Core.exe [2009-03-28 3325952]
"WebcamMaxAutoRun"=C:\Program Files (x86)\WebcamMax\wcmmon.exe [2011-07-17 1038848]
"iCloudServices"=C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [2013-11-20 59720]
"ApplePhotoStreams"=C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [2013-11-20 59720]
"AppleIEDAV"=C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [2013-11-15 1326408]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"msacm.l3fhg"=mp3fhg.acm
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"VIDC.FFDS"=ff_vfw.dll
"VIDC.FMVC"=fmcodec.dll
"vidc.VP60"=C:\Windows\system32\vp6vfw.dll
"vidc.VP61"=C:\Windows\system32\vp6vfw.dll
"VIDC.DIVX"=divx.dll
"msacm.lameacm"=lameACM.acm

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2014-09-22 19:30:41 ----ASH---- C:\pagefile.sys
2014-09-17 20:50:31 ----D---- C:\Users\Samsung\AppData\Roaming\AVG
2014-09-17 20:50:24 ----D---- C:\Program Files (x86)\AVG
2014-09-17 20:50:14 ----D---- C:\ProgramData\AVG
2014-09-17 20:49:54 ----SHD---- C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-09-17 20:49:38 ----D---- C:\Users\Samsung\AppData\Roaming\RHEng
2014-09-17 20:49:35 ----D---- C:\Users\Samsung\AppData\Roaming\OpenCandy
2014-09-17 20:49:35 ----D---- C:\Program Files (x86)\DVDVideoSoft
2014-09-17 20:49:35 ----D---- C:\Program Files (x86)\Common Files\DVDVideoSoft
2014-09-15 19:57:45 ----SHD---- C:\$RECYCLE.BIN
2014-09-15 19:57:40 ----A---- C:\ComboFix.txt
2014-09-15 19:42:21 ----A---- C:\Windows\NIRCMD.exe
2014-09-15 19:42:15 ----D---- C:\ComboFix
2014-09-13 11:44:35 ----D---- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-11 15:41:22 ----A---- C:\Windows\SysWOW64\ieui.dll
2014-09-11 15:41:20 ----A---- C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-11 15:41:19 ----A---- C:\Windows\SysWOW64\ieUnatt.exe
2014-09-11 15:41:19 ----A---- C:\Windows\SysWOW64\dxtmsft.dll
2014-09-11 15:41:18 ----A---- C:\Windows\SysWOW64\vbscript.dll
2014-09-11 15:41:18 ----A---- C:\Windows\SysWOW64\msrating.dll
2014-09-11 15:41:18 ----A---- C:\Windows\SysWOW64\mshtmled.dll
2014-09-11 15:41:18 ----A---- C:\Windows\SysWOW64\dxtrans.dll
2014-09-11 15:41:17 ----A---- C:\Windows\SysWOW64\msfeeds.dll
2014-09-11 15:41:17 ----A---- C:\Windows\SysWOW64\jsproxy.dll
2014-09-11 15:41:17 ----A---- C:\Windows\SysWOW64\iesetup.dll
2014-09-11 15:41:17 ----A---- C:\Windows\SysWOW64\iernonce.dll
2014-09-11 15:41:17 ----A---- C:\Windows\SysWOW64\iedkcs32.dll
2014-09-11 15:41:16 ----A---- C:\Windows\SysWOW64\jscript9diag.dll
2014-09-11 15:41:16 ----A---- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-11 15:41:15 ----A---- C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-11 15:41:15 ----A---- C:\Windows\SysWOW64\ieapfltr.dll
2014-09-11 15:41:14 ----A---- C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-11 15:41:11 ----A---- C:\Windows\SysWOW64\iertutil.dll
2014-09-11 15:41:10 ----A---- C:\Windows\SysWOW64\wininet.dll
2014-09-11 15:41:09 ----A---- C:\Windows\SysWOW64\urlmon.dll
2014-09-11 15:41:09 ----A---- C:\Windows\SysWOW64\jscript9.dll
2014-09-11 15:41:07 ----A---- C:\Windows\SysWOW64\mshtml.dll
2014-09-11 15:41:06 ----A---- C:\Windows\SysWOW64\ieframe.dll
2014-09-10 14:29:51 ----A---- C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 14:29:40 ----A---- C:\Windows\SysWOW64\d3d10warp.dll
2014-09-10 13:04:06 ----A---- C:\Windows\SysWOW64\kerberos.dll
2014-09-10 13:04:04 ----A---- C:\Windows\SysWOW64\sspicli.dll
2014-09-10 13:04:04 ----A---- C:\Windows\SysWOW64\secur32.dll
2014-09-10 13:03:26 ----A---- C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-04 19:50:00 ----D---- C:\Program Files (x86)\trend micro
2014-09-01 10:19:16 ----D---- C:\ComboFixtext
2014-08-31 19:48:17 ----D---- C:\Users\Samsung\AppData\Roaming\AVAST Software
2014-08-31 19:46:33 ----D---- C:\ProgramData\Google
2014-08-31 19:45:24 ----A---- C:\Windows\avastSS.scr
2014-08-31 19:43:36 ----D---- C:\ProgramData\AVAST Software
2014-08-31 08:46:56 ----A---- C:\awh6A94.tmp
2014-08-30 17:27:27 ----A---- C:\awh8361.tmp
2014-08-30 16:23:52 ----D---- C:\Users\Samsung\AppData\Roaming\pSUxcuyV
2014-08-30 16:13:30 ----A---- C:\awh89E7.tmp
2014-08-27 21:52:38 ----A---- C:\Windows\SysWOW64\gdi32.dll
2014-08-27 21:49:08 ----A---- C:\awhC995.tmp
2014-08-24 22:05:19 ----A---- C:\awh1026.tmp

======List of files/folders modified in the last 1 month======

2014-09-23 20:15:12 ----D---- C:\Windows\Prefetch
2014-09-23 20:14:54 ----D---- C:\rsit
2014-09-23 20:03:42 ----D---- C:\Windows\temp
2014-09-23 18:12:01 ----AD---- C:\ProgramData\Temp
2014-09-23 15:54:38 ----SHD---- C:\System Volume Information
2014-09-23 15:49:19 ----A---- C:\Windows\SysWOW64\log.txt
2014-09-22 22:47:04 ----D---- C:\Users\Samsung\AppData\Roaming\Nitro PDF
2014-09-22 21:43:05 ----D---- C:\Windows\System32
2014-09-22 21:43:05 ----D---- C:\Windows\inf
2014-09-22 15:33:25 ----SHD---- C:\Windows\Installer
2014-09-22 15:33:25 ----D---- C:\Config.Msi
2014-09-22 15:32:47 ----D---- C:\Windows\SysWOW64
2014-09-21 23:26:17 ----D---- C:\Users\Samsung\AppData\Roaming\Skype
2014-09-21 16:35:31 ----SD---- C:\Users\Samsung\AppData\Roaming\Microsoft
2014-09-17 20:50:24 ----RD---- C:\Program Files (x86)
2014-09-17 20:50:14 ----D---- C:\ProgramData
2014-09-17 20:49:59 ----D---- C:\Windows
2014-09-17 20:49:40 ----RSD---- C:\Windows\assembly
2014-09-17 20:49:35 ----D---- C:\Users\Samsung\AppData\Roaming\DVDVideoSoft
2014-09-17 20:49:35 ----D---- C:\Program Files (x86)\Common Files
2014-09-15 22:43:51 ----D---- C:\Users\Samsung\AppData\Roaming\Media Player Classic
2014-09-15 22:42:00 ----D---- C:\Users\Samsung\AppData\Roaming\vlc
2014-09-15 19:57:42 ----D---- C:\Qoobox
2014-09-15 19:56:24 ----D---- C:\Windows\Tasks
2014-09-15 19:55:06 ----A---- C:\Windows\system.ini
2014-09-15 19:51:14 ----D---- C:\Windows\SysWOW64\drivers
2014-09-15 19:51:14 ----D---- C:\Windows\AppPatch
2014-09-13 11:46:43 ----D---- C:\Program Files (x86)\iTunes
2014-09-13 11:44:37 ----RD---- C:\Program Files
2014-09-13 11:44:35 ----D---- C:\Program Files (x86)\Common Files\Apple
2014-09-11 22:14:57 ----D---- C:\Windows\winsxs
2014-09-11 19:46:49 ----D---- C:\Windows\ShellNew
2014-09-11 16:26:20 ----D---- C:\Windows\Microsoft.NET
2014-09-11 16:04:36 ----D---- C:\Windows\SysWOW64\en-US
2014-09-11 16:04:36 ----D---- C:\Windows\SysWOW64\cs-CZ
2014-09-11 16:04:36 ----D---- C:\Program Files (x86)\Internet Explorer
2014-09-11 15:48:38 ----D---- C:\ProgramData\Microsoft Help
2014-09-11 15:39:47 ----A---- C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-10 15:40:36 ----D---- C:\AdwCleaner
2014-09-10 15:34:46 ----D---- C:\Program Files (x86)\Mozilla Firefox
2014-09-10 15:34:40 ----D---- C:\ProgramData\ICQ
2014-09-09 17:42:41 ----D---- C:\Program Files (x86)\WinRAR
2014-09-09 17:42:41 ----D---- C:\Program Files (x86)\Rayman Origins CZ
2014-09-09 17:42:41 ----D---- C:\Program Files (x86)\MediaCoder
2014-09-09 17:42:41 ----D---- C:\Program Files (x86)\atube
2014-09-07 18:28:45 ----A---- C:\Windows\ntbtlog.txt
2014-09-01 11:34:48 ----D---- C:\Windows\ERDNT
2014-09-01 10:14:06 ----D---- C:\Users\Samsung\AppData\Roaming\uTorrent
2014-09-01 09:46:18 ----D---- C:\Users\Samsung\AppData\Roaming\Seznam.cz
2014-08-31 20:35:41 ----D---- C:\ProgramData\ProductData
2014-08-31 19:46:44 ----D---- C:\Program Files (x86)\Google

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\Windows\SysWOW64\drivers\aswRvrt.sys []
R0 aswVmm;avast! VM Monitor; C:\Windows\SysWOW64\drivers\aswVmm.sys []
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys []
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys []
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys []
R1 SABI;SAMSUNG Kernel Driver For Windows 7; \??\C:\Windows\system32\Drivers\SABI.sys []
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys []
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys []
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys []
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys []
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl664.sys []
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys []
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys []
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys []
R3 BTWAMPFL;btwampfl; C:\Windows\system32\DRIVERS\btwampfl.sys []
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys []
R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\DRIVERS\btwavdt.sys []
R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys []
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys []
R3 clwvd;CyberLink WebCam Virtual Driver; C:\Windows\system32\DRIVERS\clwvd.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys []
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys []
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys []
R3 Impcd;Impcd; C:\Windows\system32\DRIVERS\Impcd.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys []
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys []
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys []
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys []
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [2014-02-10 14112]
R3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys []
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys []
R3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys []
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys []
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files (x86)\MediaCoder\SysInfoX64.sys []
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys []
S3 Netaapl;Apple Mobile Device Ethernet Service; C:\Windows\system32\DRIVERS\netaapl64.sys []
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsux64.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys []
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys []
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys []
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-09-04 64704]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2014-08-28 43336]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-08-31 50344]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 462184]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2010-10-22 953632]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2012-02-08 325656]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2; C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2012-04-11 204304]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-12-12 793048]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [2012-02-08 244904]
R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2014-03-22 2183992]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-02-08 2533400]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2014-09-01 640840]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-10 116648]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-10 116648]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2014-08-31 194032]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe /V []
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe []
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

#27 Příspěvek od **Márty84** » 24 zář 2014 02:57

Mate 64bit system, tak dejte log z tohoto RSIT http://images.malwareremoval.com/random/RSITx64.exe

Holicz · #28 Příspěvek od **Holicz** » 24 zář 2014 19:43

Pardon.

Logfile of random's system information tool 1.10 (written by random/random)
Run by Samsung at 2014-09-24 20:31:15
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 2 GB (1%) free of 237 GB
Total RAM: 3893 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:31:19, on 24.9.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17280)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files\trend micro\Samsung.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://search13.net/search.php?clid=486&q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Ask Toolbar BHO - {41545534-2D56-3700-76A7-7A786E7484D7} - (no file)
O2 - BHO: Lišta Centrum.cz - {5D9C17C6-093D-43E5-BF3D-4A13D162AB74} - C:\PROGRA~2\CENTRU~1.O\LITACE~1.CZ\cenbho32.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL
O2 - BHO: aTube Toolbar - {bfc39e47-d643-4dc2-aa1d-61377501c844} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [WebcamMaxAutoRun] "C:\Program Files (x86)\WebcamMax\wcmmon.exe" -a
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [AppleIEDAV] C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Upload to Facebook - C:\Program Files (x86)\WebcamMax\share\iecontext.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Odeslat do zařízení Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Odeslat do zařízení &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{437DF307-EDD5-4A7C-B798-169505122258}: NameServer = 10.168.38.53
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NitroPDFReaderDriverCreatorReadSpool2 (NitroReaderDriverReadSpool2) - Nitro PDF Software - C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: AVG PC TuneUp Service (TuneUp.UtilitiesSvc) - AVG - C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11445 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
winlogon.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\system32\WLANExt.exe 3964592
\??\C:\Windows\system32\conhost.exe "-1948086707-52038345410205262671710766496-1016814160-886918859-36626701-1848388608
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"
"C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe"
"C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe"
"C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe"
"C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe"
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-f7cb030f-abd4-46be-a1f6-3b22b40f394a -SystemEventPortName:HostProcess-1a3794eb-023b-41ee-8742-4c975271e5a2 -IoCancelEventPortName:HostProcess-37aba72b-a500-44c9-82f4-6f8b37328713 -NonStateChangingEventPortName:HostProcess-9d8827f6-bdc5-47a5-a7b8-eae7aa1f5411 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:f3841fb4-8b7b-4a47-9a13-b1a4a87685dc -DeviceGroupId:
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"

"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe" /TUStart /pid:2148
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
"C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe"
"C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe"
"C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
"C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe" -Embedding
"C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
"C:\Program Files (x86)\iTunes\iTunesHelper.exe"
C:\Windows\SysWOW64\RunDll32.exe "C:\Program Files\WIDCOMM\Bluetooth Software\SysWOW64\BtMmHook.dll",SetAndWaitBtMmHook
"C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe" -Embedding
"C:\Program Files\iPod\bin\iPodService.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe"
"C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe"
\??\C:\Windows\system32\conhost.exe "-108325957782424571-1558903581857704109-518201392-5168406607515193191727299820
taskeng.exe {3FE90A7B-A5A4-4782-AA35-9A72495EA049}
"C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
"C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\srspremiumpanel_64.exe" /h
"C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe" hide
"C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe"
C:\Windows\system32\igfxext.exe -Embedding
C:\Windows\system32\igfxsrvc.exe -Embedding
"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe"
\??\C:\Windows\system32\conhost.exe "-1358361820-622489457321626962119834541-18979723091457027884292653925593023358
"C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe"
"C:\Program Files\Internet Explorer\iexplore.exe"
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6088 CREDAT:275457 /prefetch:2
"C:\Windows\System32\MsSpellCheckingFacility.exe" -Embedding
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6088 CREDAT:603210 /prefetch:2
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-3797774814-3512501664-542543864-10002_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-3797774814-3512501664-542543864-10002 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"
"C:\Windows\system32\SearchFilterHost.exe" 0 520 524 532 65536 528
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6088 CREDAT:734265 /prefetch:2
taskeng.exe {B8F6BFDD-278B-466B-9B59-AC7DB7DB70AA}
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Users\Samsung\Downloads\RSITx64 (2).exe"

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
ExplorerWnd Helper - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-08-31 612248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-08-31 256456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14 2117216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41545534-2D56-3700-76A7-7A786E7484D7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5D9C17C6-093D-43E5-BF3D-4A13D162AB74}]
Lišta Centrum.cz - C:\PROGRA~2\CENTRU~1.O\LITACE~1.CZ\cenbho32.dll [2011-11-24 265680]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-02-08 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-08-31 457712]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-08-31 194504]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14 1709152]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}]
Advanced SystemCare Browser Protection - C:\PROGRA~2\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL [2014-02-20 669504]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bfc39e47-d643-4dc2-aa1d-61377501c844}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-02-08 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-08-31 256456]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-08-31 194504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2012-02-08 161304]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2012-02-08 386584]
"Persistence"=C:\Windows\system32\igfxpers.exe [2012-02-08 415256]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2012-02-08 11660904]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-02-08 2149160]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EA Core"=C:\Program Files (x86)\Electronic Arts\EADM\Core.exe [2009-03-28 3325952]
"WebcamMaxAutoRun"=C:\Program Files (x86)\WebcamMax\wcmmon.exe [2011-07-17 1038848]
"iCloudServices"=C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [2013-11-20 59720]
"ApplePhotoStreams"=C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [2013-11-20 59720]
"AppleIEDAV"=C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [2013-11-15 1326408]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer"=C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2009-11-02 103720]
"SSDMonitor"=C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [2011-12-12 103896]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2014-07-31 43816]
""= []
"DivXUpdate"=C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2014-01-10 1861968]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-08-31 4085896]
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2014-09-01 152392]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21 959176]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2012-02-08 271360]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2014-09-24 13:53:40 ----A---- C:\Windows\SYSWOW64\tzres.dll
2014-09-24 13:53:40 ----A---- C:\Windows\system32\tzres.dll
2014-09-22 19:30:41 ----ASH---- C:\pagefile.sys
2014-09-17 20:50:31 ----D---- C:\Users\Samsung\AppData\Roaming\AVG
2014-09-17 20:50:24 ----D---- C:\Program Files (x86)\AVG
2014-09-17 20:50:14 ----D---- C:\ProgramData\AVG
2014-09-17 20:49:54 ----SHD---- C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-09-17 20:49:38 ----D---- C:\Users\Samsung\AppData\Roaming\RHEng
2014-09-17 20:49:35 ----D---- C:\Users\Samsung\AppData\Roaming\OpenCandy
2014-09-17 20:49:35 ----D---- C:\Program Files (x86)\DVDVideoSoft
2014-09-15 19:57:45 ----SHD---- C:\$RECYCLE.BIN
2014-09-15 19:57:40 ----A---- C:\ComboFix.txt
2014-09-15 19:42:21 ----A---- C:\Windows\NIRCMD.exe
2014-09-15 19:42:15 ----D---- C:\ComboFix
2014-09-13 11:44:37 ----D---- C:\Program Files\iPod
2014-09-13 11:44:35 ----D---- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-13 11:44:34 ----D---- C:\Program Files\iTunes
2014-09-11 15:41:22 ----A---- C:\Windows\SYSWOW64\ieui.dll
2014-09-11 15:41:22 ----A---- C:\Windows\system32\ieui.dll
2014-09-11 15:41:20 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2014-09-11 15:41:20 ----A---- C:\Windows\system32\MshtmlDac.dll
2014-09-11 15:41:20 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 15:41:20 ----A---- C:\Windows\system32\iernonce.dll
2014-09-11 15:41:19 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2014-09-11 15:41:19 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2014-09-11 15:41:19 ----A---- C:\Windows\system32\jscript9diag.dll
2014-09-11 15:41:19 ----A---- C:\Windows\system32\ieUnatt.exe
2014-09-11 15:41:19 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-09-11 15:41:19 ----A---- C:\Windows\system32\dxtrans.dll
2014-09-11 15:41:19 ----A---- C:\Windows\system32\dxtmsft.dll
2014-09-11 15:41:18 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2014-09-11 15:41:18 ----A---- C:\Windows\SYSWOW64\msrating.dll
2014-09-11 15:41:18 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2014-09-11 15:41:18 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2014-09-11 15:41:18 ----A---- C:\Windows\system32\vbscript.dll
2014-09-11 15:41:18 ----A---- C:\Windows\system32\msrating.dll
2014-09-11 15:41:18 ----A---- C:\Windows\system32\mshtmled.dll
2014-09-11 15:41:17 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2014-09-11 15:41:17 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2014-09-11 15:41:17 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2014-09-11 15:41:17 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2014-09-11 15:41:17 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2014-09-11 15:41:17 ----A---- C:\Windows\system32\msfeeds.dll
2014-09-11 15:41:17 ----A---- C:\Windows\system32\jsproxy.dll
2014-09-11 15:41:17 ----A---- C:\Windows\system32\iesetup.dll
2014-09-11 15:41:17 ----A---- C:\Windows\system32\iedkcs32.dll
2014-09-11 15:41:17 ----A---- C:\Windows\system32\ie4uinit.exe
2014-09-11 15:41:16 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2014-09-11 15:41:16 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2014-09-11 15:41:15 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2014-09-11 15:41:15 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2014-09-11 15:41:15 ----A---- C:\Windows\system32\mshtml.dll
2014-09-11 15:41:14 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2014-09-11 15:41:14 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-11 15:41:14 ----A---- C:\Windows\system32\mshtmlmedia.dll
2014-09-11 15:41:14 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-09-11 15:41:14 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-09-11 15:41:14 ----A---- C:\Windows\system32\ieapfltr.dll
2014-09-11 15:41:11 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2014-09-11 15:41:11 ----A---- C:\Windows\system32\wininet.dll
2014-09-11 15:41:11 ----A---- C:\Windows\system32\iertutil.dll
2014-09-11 15:41:10 ----A---- C:\Windows\SYSWOW64\wininet.dll
2014-09-11 15:41:10 ----A---- C:\Windows\system32\jscript9.dll
2014-09-11 15:41:09 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2014-09-11 15:41:09 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2014-09-11 15:41:09 ----A---- C:\Windows\system32\urlmon.dll
2014-09-11 15:41:07 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-09-11 15:41:07 ----A---- C:\Windows\system32\ieframe.dll
2014-09-11 15:41:06 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2014-09-10 14:29:51 ----A---- C:\Windows\SYSWOW64\TSWorkspace.dll
2014-09-10 14:29:51 ----A---- C:\Windows\system32\TSWorkspace.dll
2014-09-10 14:29:40 ----A---- C:\Windows\SYSWOW64\d3d10warp.dll
2014-09-10 14:29:40 ----A---- C:\Windows\system32\d3d10warp.dll
2014-09-10 13:04:06 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2014-09-10 13:04:06 ----A---- C:\Windows\system32\kerberos.dll
2014-09-10 13:04:05 ----A---- C:\Windows\system32\lsasrv.dll
2014-09-10 13:04:04 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2014-09-10 13:04:04 ----A---- C:\Windows\SYSWOW64\secur32.dll
2014-09-10 13:03:44 ----A---- C:\Windows\system32\aepdu.dll
2014-09-10 13:03:42 ----A---- C:\Windows\system32\aeinv.dll
2014-09-10 13:03:26 ----A---- C:\Windows\SYSWOW64\msmpeg2vdec.dll
2014-09-10 13:03:26 ----A---- C:\Windows\system32\msmpeg2vdec.dll
2014-09-04 19:50:00 ----D---- C:\Program Files (x86)\trend micro
2014-09-01 10:19:16 ----D---- C:\ComboFixtext
2014-08-31 19:48:17 ----D---- C:\Users\Samsung\AppData\Roaming\AVAST Software
2014-08-31 19:46:44 ----D---- C:\Program Files\Google
2014-08-31 19:46:33 ----D---- C:\ProgramData\Google
2014-08-31 19:45:44 ----A---- C:\Windows\system32\drivers\aswVmm.sys
2014-08-31 19:45:44 ----A---- C:\Windows\system32\drivers\aswStm.sys
2014-08-31 19:45:44 ----A---- C:\Windows\system32\drivers\aswsp.sys
2014-08-31 19:45:44 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2014-08-31 19:45:44 ----A---- C:\Windows\system32\drivers\aswRvrt.sys
2014-08-31 19:45:44 ----A---- C:\Windows\system32\drivers\aswRdr2.sys
2014-08-31 19:45:44 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2014-08-31 19:45:44 ----A---- C:\Windows\system32\drivers\aswHwid.sys
2014-08-31 19:45:41 ----A---- C:\Windows\system32\aswBoot.exe
2014-08-31 19:45:24 ----A---- C:\Windows\avastSS.scr
2014-08-31 19:44:42 ----D---- C:\Program Files\AVAST Software
2014-08-31 19:43:36 ----D---- C:\ProgramData\AVAST Software
2014-08-31 08:46:56 ----A---- C:\awh6A94.tmp
2014-08-30 17:27:27 ----A---- C:\awh8361.tmp
2014-08-30 16:23:52 ----D---- C:\Users\Samsung\AppData\Roaming\pSUxcuyV
2014-08-30 16:13:30 ----A---- C:\awh89E7.tmp
2014-08-27 21:52:39 ----A---- C:\Windows\system32\win32k.sys
2014-08-27 21:52:38 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2014-08-27 21:52:38 ----A---- C:\Windows\system32\gdi32.dll
2014-08-27 21:49:08 ----A---- C:\awhC995.tmp

======List of files/folders modified in the last 1 month======

2014-09-24 20:31:19 ----D---- C:\Windows\Prefetch
2014-09-24 20:31:17 ----D---- C:\Program Files\trend micro
2014-09-24 20:26:55 ----D---- C:\Windows\temp
2014-09-24 15:56:01 ----D---- C:\Windows\system32\config
2014-09-24 15:42:38 ----A---- C:\Windows\SYSWOW64\log.txt
2014-09-24 14:17:30 ----D---- C:\Windows\winsxs
2014-09-24 14:17:23 ----D---- C:\Windows\SYSWOW64\cs-CZ
2014-09-24 14:17:23 ----D---- C:\Windows\SysWOW64
2014-09-24 14:17:21 ----D---- C:\Windows\system32\cs-CZ
2014-09-24 14:17:21 ----D---- C:\Windows\System32
2014-09-24 14:16:56 ----SHD---- C:\System Volume Information
2014-09-24 14:12:01 ----AD---- C:\ProgramData\Temp
2014-09-24 13:51:22 ----D---- C:\Windows\system32\catroot2
2014-09-24 13:51:22 ----D---- C:\Windows\system32\catroot
2014-09-23 20:14:54 ----D---- C:\rsit
2014-09-22 22:47:04 ----D---- C:\Users\Samsung\AppData\Roaming\Nitro PDF
2014-09-22 21:43:05 ----D---- C:\Windows\inf
2014-09-22 21:43:05 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-09-22 15:33:25 ----SHD---- C:\Windows\Installer
2014-09-22 15:33:25 ----D---- C:\Config.Msi
2014-09-21 23:26:17 ----D---- C:\Users\Samsung\AppData\Roaming\Skype
2014-09-21 16:35:31 ----SD---- C:\Users\Samsung\AppData\Roaming\Microsoft
2014-09-17 20:50:24 ----RD---- C:\Program Files (x86)
2014-09-17 20:50:14 ----D---- C:\ProgramData
2014-09-17 20:49:59 ----D---- C:\Windows
2014-09-17 20:49:40 ----RSD---- C:\Windows\assembly
2014-09-17 20:49:35 ----D---- C:\Users\Samsung\AppData\Roaming\DVDVideoSoft
2014-09-17 20:49:35 ----D---- C:\Program Files (x86)\Common Files
2014-09-15 22:43:51 ----D---- C:\Users\Samsung\AppData\Roaming\Media Player Classic
2014-09-15 22:42:00 ----D---- C:\Users\Samsung\AppData\Roaming\vlc
2014-09-15 19:57:42 ----D---- C:\Qoobox
2014-09-15 19:56:25 ----D---- C:\Windows\system32\Tasks
2014-09-15 19:56:24 ----D---- C:\Windows\Tasks
2014-09-15 19:55:06 ----A---- C:\Windows\system.ini
2014-09-15 19:51:14 ----D---- C:\Windows\SYSWOW64\drivers
2014-09-15 19:51:14 ----D---- C:\Windows\AppPatch
2014-09-15 19:42:12 ----D---- C:\Windows\system32\drivers
2014-09-15 09:06:02 ----N---- C:\Windows\system32\MpSigStub.exe
2014-09-13 11:46:43 ----D---- C:\Program Files (x86)\iTunes
2014-09-13 11:44:37 ----RD---- C:\Program Files
2014-09-13 11:34:10 ----D---- C:\Windows\system32\DriverStore
2014-09-11 19:46:49 ----D---- C:\Windows\ShellNew
2014-09-11 16:26:20 ----D---- C:\Windows\Microsoft.NET
2014-09-11 16:04:36 ----D---- C:\Windows\SYSWOW64\en-US
2014-09-11 16:04:36 ----D---- C:\Windows\system32\en-US
2014-09-11 16:04:36 ----D---- C:\Program Files\Internet Explorer
2014-09-11 16:04:36 ----D---- C:\Program Files (x86)\Internet Explorer
2014-09-11 15:48:38 ----D---- C:\ProgramData\Microsoft Help
2014-09-11 15:39:47 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2014-09-11 15:38:28 ----D---- C:\Windows\system32\MRT
2014-09-11 15:35:29 ----A---- C:\Windows\system32\MRT.exe
2014-09-11 15:33:59 ----SD---- C:\Windows\system32\CompatTel
2014-09-10 15:40:36 ----D---- C:\AdwCleaner
2014-09-10 15:34:46 ----D---- C:\Program Files (x86)\Mozilla Firefox
2014-09-10 15:34:40 ----D---- C:\ProgramData\ICQ
2014-09-09 17:42:41 ----D---- C:\Program Files (x86)\WinRAR
2014-09-09 17:42:41 ----D---- C:\Program Files (x86)\Rayman Origins CZ
2014-09-09 17:42:41 ----D---- C:\Program Files (x86)\MediaCoder
2014-09-09 17:42:41 ----D---- C:\Program Files (x86)\atube
2014-09-07 18:28:45 ----A---- C:\Windows\ntbtlog.txt
2014-09-01 11:59:45 ----D---- C:\Windows\system32\drivers\etc
2014-09-01 11:34:48 ----D---- C:\Windows\ERDNT
2014-09-01 10:14:06 ----D---- C:\Users\Samsung\AppData\Roaming\uTorrent
2014-09-01 09:46:18 ----D---- C:\Users\Samsung\AppData\Roaming\Seznam.cz
2014-08-31 20:35:41 ----D---- C:\ProgramData\ProductData
2014-08-31 19:46:44 ----D---- C:\Program Files (x86)\Google

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2014-08-31 65776]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2014-08-31 224896]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-04-27 540696]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2014-08-31 93568]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2014-08-31 1041168]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2014-08-31 427360]
R1 SABI;SAMSUNG Kernel Driver For Windows 7; \??\C:\Windows\system32\Drivers\SABI.sys [2009-05-28 13824]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2011-01-25 60416]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2014-08-31 29208]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2014-08-31 79184]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2014-08-31 92008]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl664.sys [2012-02-08 3065408]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
R3 BTWAMPFL;btwampfl; C:\Windows\system32\DRIVERS\btwampfl.sys [2012-02-08 348712]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2012-02-08 106536]
R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\DRIVERS\btwavdt.sys [2012-02-08 138280]
R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2012-02-08 39464]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2012-02-08 21416]
R3 clwvd;CyberLink WebCam Virtual Driver; C:\Windows\system32\DRIVERS\clwvd.sys [2010-11-10 31088]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 33240]
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2012-02-08 56344]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2012-02-08 10611552]
R3 Impcd;Impcd; C:\Windows\system32\DRIVERS\Impcd.sys [2012-02-08 158976]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2012-02-08 2647528]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2012-02-08 289280]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2012-02-08 409192]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2012-02-08 1377840]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [2014-02-10 14112]
R3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2014-07-28 54784]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2011-01-25 18432]
R3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files (x86)\MediaCoder\SysInfoX64.sys []
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys []
S3 Netaapl;Apple Mobile Device Ethernet Service; C:\Windows\system32\DRIVERS\netaapl64.sys [2013-07-25 23040]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsux64.sys [2011-08-17 171008]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2013-11-23 19456]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-11-23 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2013-11-23 30208]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2013-02-12 19968]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-09-04 64704]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2014-08-28 43336]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-08-31 50344]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 462184]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2010-10-22 953632]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2012-02-08 325656]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2; C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2012-04-11 204304]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-12-12 793048]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [2012-02-08 244904]
R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2014-03-22 2183992]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-02-08 2533400]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2014-09-01 640840]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-10 116648]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-10 116648]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2014-08-31 194032]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-08-19 111616]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-02-12 1255736]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

#29 Příspěvek od **Márty84** » 25 zář 2014 07:14

Uvolnete nejake misto na disku.

Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte na plochu.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*AntiWPA* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s

Kliknete na Prohledat
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).

Holicz · #30 Příspěvek od **Holicz** » 26 zář 2014 22:06

OTL 1/2:

OTL logfile created on: 25.9.2014 17:08:45 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Samsung\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17280)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,80 Gb Total Physical Memory | 2,14 Gb Available Physical Memory | 56,19% Memory free
7,60 Gb Paging File | 5,77 Gb Available in Paging File | 75,91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 231,00 Gb Total Space | 33,10 Gb Free Space | 14,33% Space Free | Partition Type: NTFS
Drive D: | 343,92 Gb Total Space | 20,08 Gb Free Space | 5,84% Space Free | Partition Type: NTFS

Computer Name: SAMSUNG-PC | User Name: Samsung | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014.09.25 17:05:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Samsung\Desktop\OTL.exe
PRC - [2014.09.04 14:50:02 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014.08.31 19:47:02 | 004,085,896 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014.08.31 19:45:16 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014.08.28 11:06:02 | 000,043,336 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe
PRC - [2014.07.29 14:24:46 | 000,043,336 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2014.01.10 07:26:44 | 001,861,968 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2013.11.20 16:43:26 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2013.11.20 16:43:14 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
PRC - [2013.11.20 16:43:14 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2013.11.15 13:01:12 | 001,326,408 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
PRC - [2013.09.14 03:27:52 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
PRC - [2012.02.08 14:18:34 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012.02.08 14:18:14 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011.12.12 14:07:00 | 000,793,048 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2011.12.12 14:06:58 | 000,103,896 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
PRC - [2010.11.28 20:44:42 | 000,943,984 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2010.11.28 18:09:40 | 007,053,168 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe
PRC - [2010.11.17 18:24:54 | 004,387,632 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
PRC - [2010.11.10 02:03:52 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2010.10.22 19:58:34 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2009.11.02 15:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

========== Modules (No Company Name) ==========

MOD - [2014.08.31 19:45:22 | 019,329,904 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014.08.31 19:45:19 | 000,301,152 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\aswProperty.dll
MOD - [2014.01.20 14:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014.01.20 14:16:40 | 000,237,384 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
MOD - [2014.01.20 14:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014.01.10 07:28:18 | 000,100,688 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2014.01.10 07:26:44 | 001,861,968 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2013.09.14 01:51:02 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
MOD - [2013.09.14 01:50:36 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
MOD - [2010.05.08 00:22:18 | 001,636,864 | ---- | M] () -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
MOD - [2009.11.02 15:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009.11.02 15:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2006.08.12 13:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll

========== Services (SafeList) ==========

SRV:64bit: - [2014.08.31 19:45:16 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014.08.19 00:03:37 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013.05.27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012.04.11 22:55:32 | 000,204,304 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2)
SRV:64bit: - [2010.10.22 19:58:34 | 000,953,632 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2014.09.04 14:50:02 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014.03.22 22:09:22 | 002,183,992 | ---- | M] (AVG) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2014.03.21 00:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013.09.11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012.02.08 14:18:34 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012.02.08 14:18:14 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011.12.12 14:07:00 | 000,793,048 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2014.08.31 19:47:00 | 000,427,360 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014.08.31 19:45:28 | 001,041,168 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2014.08.31 19:45:28 | 000,224,896 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014.08.31 19:45:28 | 000,092,008 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:64bit: - [2014.08.31 19:45:27 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014.08.31 19:45:27 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014.08.31 19:45:27 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014.08.31 19:45:27 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2014.07.28 14:52:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2013.11.23 16:16:59 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013.11.23 16:16:59 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2013.11.23 16:16:58 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013.07.25 16:53:46 | 000,023,040 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2013.02.12 06:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012.08.21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.08 14:20:37 | 001,377,840 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012.02.08 14:20:25 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2012.02.08 14:20:25 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2012.02.08 14:20:25 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2012.02.08 14:20:24 | 000,348,712 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2012.02.08 14:20:24 | 000,106,536 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2012.02.08 14:19:48 | 003,065,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2012.02.08 14:19:37 | 000,409,192 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012.02.08 14:18:08 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2012.02.08 14:17:47 | 000,289,280 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012.02.08 14:17:47 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2012.02.08 14:17:34 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.08.17 10:04:34 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.10 02:04:14 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010.04.27 17:57:04 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.28 16:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV - [2014.02.10 12:06:30 | 000,014,112 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\..\URLSearchHook: - No CLSID value found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3797774814-3512501664-542543864-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-3797774814-3512501664-542543864-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3797774814-3512501664-542543864-1000\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.com
IE - HKU\S-1-5-21-3797774814-3512501664-542543864-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-3797774814-3512501664-542543864-1000\..\SearchScopes,DefaultScope = {ACC65717-B225-4E7B-822C-7A5B4D403D9B}
IE - HKU\S-1-5-21-3797774814-3512501664-542543864-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-3797774814-3512501664-542543864-1000\..\SearchScopes\{1A30C4F0-BF45-4EF6-BB9B-54759C49D254}: "URL" = http://www.mapy.cz/?query={searchTerms} ... arch_16194
IE - HKU\S-1-5-21-3797774814-3512501664-542543864-1000\..\SearchScopes\{33D08916-F630-4CD3-8477-6D6A44467FB6}: "URL" = http://search.seznam.cz/?q={searchTerms ... arch_16194
IE - HKU\S-1-5-21-3797774814-3512501664-542543864-1000\..\SearchScopes\{3FB982C0-9199-4C9F-87B7-16F8B7D40330}: "URL" = http://www.firmy.cz/?q={searchTerms}&so ... arch_16194
IE - HKU\S-1-5-21-3797774814-3512501664-542543864-1000\..\SearchScopes\{49F2ECCA-DA53-4FCA-9C48-A986F9709F69}: "URL" = http://slovnik.seznam.cz/?q={searchTerm ... arch_16194
IE - HKU\S-1-5-21-3797774814-3512501664-542543864-1000\..\SearchScopes\{4EBF26D8-1EDD-4568-8BEC-9AD15EA5BD1C}: "URL" = http://www.zbozi.cz/?q={searchTerms}&r= ... arch_16194
IE - HKU\S-1-5-21-3797774814-3512501664-542543864-1000\..\SearchScopes\{5A17898D-8617-4A67-843C-54725D1F4ED6}: "URL" = http://tv.seznam.cz/hledej?w={searchTer ... arch_16194
IE - HKU\S-1-5-21-3797774814-3512501664-542543864-1000\..\SearchScopes\{73A7CDDE-EA3A-4EB2-9E93-4B39D90E1413}: "URL" = http://slovnik.seznam.cz/?q={searchTerm ... arch_16194
IE - HKU\S-1-5-21-3797774814-3512501664-542543864-1000\..\SearchScopes\{7D17E3D2-873A-486B-824C-BEAAA72DF37B}: "URL" = http://websearch.ask.com/redirect?clien ... 6E04E037B8
IE - HKU\S-1-5-21-3797774814-3512501664-542543864-1000\..\SearchScopes\{8B83DACE-EBCC-4FF5-A4EA-0B0685360EDC}: "URL" = http://www.novinky.cz/hledej?w={searchT ... arch_16194
IE - HKU\S-1-5-21-3797774814-3512501664-542543864-1000\..\SearchScopes\{9C7481F4-1109-4C18-9125-2BBA97006FAE}: "URL" = http://searchatlas.centrum.cz/?q={searc ... =searchbox
IE - HKU\S-1-5-21-3797774814-3512501664-542543864-1000\..\SearchScopes\{ACC65717-B225-4E7B-822C-7A5B4D403D9B}: "URL" = https://search.yahoo.com/search?fr=chr- ... earchTerms}
IE - HKU\S-1-5-21-3797774814-3512501664-542543864-1000\..\SearchScopes\{D4CF0EE3-C0D7-4F72-BF0A-32FE52C4CC5F}: "URL" = http://encyklopedie.seznam.cz/search?q= ... arch_16194
IE - HKU\S-1-5-21-3797774814-3512501664-542543864-1000\..\SearchScopes\search13: "URL" = http://search13.net/search.php?q={searchTerms}
IE - HKU\S-1-5-21-3797774814-3512501664-542543864-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3797774814-3512501664-542543864-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014.08.31 19:45:37 | 000,000,000 | ---D | M]

[2012.08.19 14:58:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES (X86)\BETTERSURF\BETTERSURFPLUS\FF

========== Chrome ==========

CHR - default_search_provider: (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: https://www.seznam.cz/?clid=22668
CHR - plugin: Error reading preferences file

O1 HOSTS File: ([2014.09.01 11:59:45 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll File not found
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {41545534-2D56-3700-76A7-7A786E7484D7} - No CLSID value found.
O2 - BHO: (Lišta Centrum.cz) - {5D9C17C6-093D-43E5-BF3D-4A13D162AB74} - C:\Program Files (x86)\Centrum Holdings s.r.o\Lišta Centrum.cz\cenbho32.dll (Centrum Holdings s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O2 - BHO: (no name) - {bfc39e47-d643-4dc2-aa1d-61377501c844} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKU\S-1-5-21-3797774814-3512501664-542543864-1000..\Run: [AppleIEDAV] C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe (Apple Inc.)
O4 - HKU\S-1-5-21-3797774814-3512501664-542543864-1000..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-3797774814-3512501664-542543864-1000..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKU\S-1-5-21-3797774814-3512501664-542543864-1000..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-3797774814-3512501664-542543864-1000..\Run: [WebcamMaxAutoRun] C:\Program Files (x86)\WebcamMax\wcmmon.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3797774814-3512501664-542543864-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3797774814-3512501664-542543864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3797774814-3512501664-542543864-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8:64bit: - Extra context menu item: Upload to Facebook - C:\Program Files (x86)\WebcamMax\share\iecontext.htm File not found
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Upload to Facebook - C:\Program Files (x86)\WebcamMax\share\iecontext.htm File not found
O9:64bit: - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: Odeslat do zařízení Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Odeslat do zařízení &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3797774814-3512501664-542543864-1000\..Trusted Domains: localhost ([]http in Internet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.46.172.37 213.46.172.36
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{437DF307-EDD5-4A7C-B798-169505122258}: NameServer = 10.168.38.53
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4EF6B10F-C5E4-4A42-8003-C77E18382716}: DhcpNameServer = 192.168.1.1 194.228.41.65 194.228.41.113
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59FAA54D-F3BB-4A96-8308-B6DCB3B9F0ED}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB1CD947-F8C0-47B8-B46D-3AC9AE1E17EC}: DhcpNameServer = 213.46.172.37 213.46.172.36
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (aswBoot.exe /M:18d5a07c /wow /dir:C:\Program)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3fhg - C:\Windows\SysWow64\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (http://www.mp3dev.org/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\Windows\SysWow64\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.FMVC - C:\Windows\SysWow64\fmcodec.DLL (Fox Magic Software)
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2014.09.25 17:05:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Samsung\Desktop\OTL.exe
[2014.09.17 20:50:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2014
[2014.09.17 20:50:31 | 000,000,000 | ---D | C] -- C:\Users\Samsung\AppData\Roaming\AVG
[2014.09.17 20:50:31 | 000,000,000 | ---D | C] -- C:\Users\Samsung\AppData\Local\AVG
[2014.09.17 20:50:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2014.09.17 20:50:14 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG
[2014.09.17 20:49:54 | 000,000,000 | -HSD | C] -- C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
[2014.09.17 20:49:38 | 000,000,000 | ---D | C] -- C:\Users\Samsung\AppData\Roaming\RHEng
[2014.09.17 20:49:35 | 000,000,000 | ---D | C] -- C:\Users\Samsung\AppData\Roaming\OpenCandy
[2014.09.17 20:49:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2014.09.17 20:49:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2014.09.15 19:57:45 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014.09.15 19:42:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014.09.15 19:42:15 | 000,000,000 | ---D | C] -- C:\ComboFix
[2014.09.13 11:46:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014.09.13 11:44:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014.09.13 11:44:35 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014.09.13 11:44:34 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014.09.11 15:41:22 | 000,596,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014.09.11 15:41:22 | 000,440,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014.09.11 15:41:20 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014.09.11 15:41:20 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014.09.11 15:41:20 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014.09.11 15:41:20 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014.09.11 15:41:19 | 000,758,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014.09.11 15:41:19 | 000,446,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014.09.11 15:41:19 | 000,289,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014.09.11 15:41:19 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014.09.11 15:41:19 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014.09.11 15:41:19 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014.09.11 15:41:18 | 000,547,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014.09.11 15:41:18 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014.09.11 15:41:18 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014.09.11 15:41:18 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014.09.11 15:41:18 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014.09.11 15:41:17 | 000,727,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014.09.11 15:41:17 | 000,707,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014.09.11 15:41:17 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014.09.11 15:41:17 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014.09.11 15:41:17 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014.09.11 15:41:16 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014.09.11 15:41:16 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014.09.11 15:41:15 | 000,678,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014.09.11 15:41:15 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014.09.11 15:41:14 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014.09.11 15:41:14 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014.09.11 15:41:14 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014.09.11 15:41:14 | 000,775,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014.09.11 15:41:14 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014.09.11 15:41:14 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014.09.11 15:41:10 | 005,833,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014.09.11 15:41:09 | 002,014,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014.09.11 15:41:08 | 002,104,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014.09.10 14:29:51 | 001,031,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWorkspace.dll
[2014.09.10 14:29:51 | 000,793,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TSWorkspace.dll
[2014.09.10 14:29:40 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2014.09.10 13:04:05 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014.09.10 13:03:44 | 000,578,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014.09.10 13:03:42 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014.09.10 13:03:26 | 002,777,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2014.09.10 13:03:26 | 002,285,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2014.09.04 19:50:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro
[2014.09.01 10:19:16 | 000,000,000 | ---D | C] -- C:\ComboFixtext
[2014.08.31 19:48:17 | 000,000,000 | ---D | C] -- C:\Users\Samsung\AppData\Roaming\AVAST Software
[2014.08.31 19:47:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2014.08.31 19:46:44 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2014.08.31 19:46:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2014.08.31 19:45:44 | 001,041,168 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2014.08.31 19:45:44 | 000,427,360 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys
[2014.08.31 19:45:44 | 000,093,568 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014.08.31 19:45:44 | 000,092,008 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2014.08.31 19:45:44 | 000,079,184 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014.08.31 19:45:41 | 000,307,344 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014.08.31 19:45:24 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014.08.31 19:44:42 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014.08.31 19:43:36 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2014.08.30 16:23:52 | 000,000,000 | ---D | C] -- C:\Users\Samsung\AppData\Roaming\pSUxcuyV
[2014.08.27 21:52:38 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[14 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014.09.25 17:11:50 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014.09.25 17:05:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Samsung\Desktop\OTL.exe
[2014.09.25 16:31:00 | 000,000,954 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014.09.25 15:55:09 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.09.25 15:55:09 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.09.25 15:48:09 | 000,000,950 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014.09.25 15:47:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.09.25 15:47:06 | 4081,647,616 | -HS- | M] () -- C:\hiberfil.sys
[2014.09.22 21:43:05 | 001,593,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014.09.22 21:43:05 | 000,672,424 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2014.09.22 21:43:05 | 000,657,422 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014.09.22 21:43:05 | 000,142,988 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2014.09.22 21:43:05 | 000,123,234 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014.09.17 20:50:16 | 000,001,532 | ---- | M] () -- C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
[2014.09.15 21:52:08 | 000,000,000 | ---- | M] () -- C:\Users\Samsung\Desktop\Sia Chandelier (LYRIC VIDEO).mp3
[2014.09.15 19:41:37 | 005,579,386 | R--- | M] (Swearware) -- C:\Users\Samsung\Desktop\ComboFix.exe
[2014.09.14 13:03:19 | 000,000,000 | ---- | M] () -- C:\Users\Samsung\Desktop\TIEKS Sing That Song feat Celeste .mp3
[2014.09.14 12:56:18 | 000,000,000 | ---- | M] () -- C:\Users\Samsung\Desktop\Mike Posner Falling + Lyrics.mp3
[2014.09.11 15:39:47 | 001,568,960 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014.09.10 15:31:10 | 001,370,467 | ---- | M] () -- C:\Users\Samsung\Desktop\adwcleaner_3.309.exe
[2014.09.05 04:10:43 | 000,578,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014.09.05 04:05:42 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014.09.01 11:59:45 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014.08.31 19:47:00 | 000,427,360 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys
[2014.08.31 19:45:28 | 001,041,168 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2014.08.31 19:45:28 | 000,224,896 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014.08.31 19:45:28 | 000,092,008 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2014.08.31 19:45:27 | 000,307,344 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014.08.31 19:45:27 | 000,093,568 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014.08.31 19:45:27 | 000,079,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014.08.31 19:45:27 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014.08.31 19:45:27 | 000,029,208 | ---- | M] () -- C:\Windows\SysNative\drivers\aswHwid.sys
[2014.08.31 19:45:24 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014.08.30 17:21:46 | 000,419,888 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[14 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014.09.25 17:11:50 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014.09.17 20:50:57 | 000,002,229 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2014.lnk
[2014.09.17 20:50:16 | 000,001,532 | ---- | C] () -- C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
[2014.09.15 21:52:08 | 000,000,000 | ---- | C] () -- C:\Users\Samsung\Desktop\Sia Chandelier (LYRIC VIDEO).mp3
[2014.09.14 13:03:19 | 000,000,000 | ---- | C] () -- C:\Users\Samsung\Desktop\TIEKS Sing That Song feat Celeste .mp3
[2014.09.14 12:56:18 | 000,000,000 | ---- | C] () -- C:\Users\Samsung\Desktop\Mike Posner Falling + Lyrics.mp3
[2014.09.10 15:31:10 | 001,370,467 | ---- | C] () -- C:\Users\Samsung\Desktop\adwcleaner_3.309.exe
[2014.08.31 19:45:44 | 000,224,896 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014.08.31 19:45:44 | 000,065,776 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014.08.31 19:45:44 | 000,029,208 | ---- | C] () -- C:\Windows\SysNative\drivers\aswHwid.sys
[2014.07.28 20:27:42 | 000,000,270 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014.07.20 09:20:26 | 000,007,605 | ---- | C] () -- C:\Users\Samsung\AppData\Local\Resmon.ResmonCfg
[2014.06.19 22:23:37 | 000,000,024 | ---- | C] () -- C:\Users\Samsung\AppData\Roaming\temp.ini
[2013.09.19 18:04:12 | 000,000,181 | ---- | C] () -- C:\Users\Samsung\AppData\Roaming\WB.CFG
[2013.06.14 13:12:41 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.06.14 13:12:41 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.06.14 13:12:41 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.06.14 13:12:41 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.06.14 13:12:41 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.04.03 15:41:27 | 001,568,960 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.07.13 22:11:42 | 000,005,120 | -H-- | C] () -- C:\Users\Samsung\photothumb.db
[2012.03.31 20:13:25 | 000,031,232 | ---- | C] () -- C:\Users\Samsung\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014.06.25 04:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014.06.25 03:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014.05.10 16:17:29 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit
[2014.05.10 16:17:29 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit
[2014.08.31 19:48:17 | 000,000,000 | ---D | M] -- C:\Users\Samsung\AppData\Roaming\AVAST Software
[2014.09.17 20:50:31 | 000,000,000 | ---D | M] -- C:\Users\Samsung\AppData\Roaming\AVG
[2012.06.21 18:21:12 | 000,000,000 | ---D | M] -- C:\Users\Samsung\AppData\Roaming\Broad Intelligence
[2013.10.07 19:12:55 | 000,000,000 | ---D | M] -- C:\Users\Samsung\AppData\Roaming\dll-files.com
[2014.09.17 20:49:35 | 000,000,000 | ---D | M] -- C:\Users\Samsung\AppData\Roaming\DVDVideoSoft
[2013.10.11 17:41:55 | 000,000,000 | ---D | M] -- C:\Users\Samsung\AppData\Roaming\ICQ
[2012.02.11 20:12:30 | 000,000,000 | ---D | M] -- C:\Users\Samsung\AppData\Roaming\ICQ Search
[2013.11.23 16:03:41 | 000,000,000 | ---D | M] -- C:\Users\Samsung\AppData\Roaming\IObit
[2013.08.02 12:37:17 | 000,000,000 | ---D | M] -- C:\Users\Samsung\AppData\Roaming\Nico Mak Computing
[2014.09.22 22:47:04 | 000,000,000 | ---D | M] -- C:\Users\Samsung\AppData\Roaming\Nitro PDF
[2012.02.11 20:37:34 | 000,000,000 | ---D | M] -- C:\Users\Samsung\AppData\Roaming\ooVoo Details
[2014.09.17 20:49:35 | 000,000,000 | ---D | M] -- C:\Users\Samsung\AppData\Roaming\OpenCandy
[2012.02.15 16:24:58 | 000,000,000 | ---D | M] -- C:\Users\Samsung\AppData\Roaming\PhotoFiltre
[2012.07.10 21:08:54 | 000,000,000 | ---D | M] -- C:\Users\Samsung\AppData\Roaming\PhotoScape
[2014.06.01 12:34:40 | 000,000,000 | ---D | M] -- C:\Users\Samsung\AppData\Roaming\ProductData
[2014.08.30 16:23:52 | 000,000,000 | ---D | M] -- C:\Users\Samsung\AppData\Roaming\pSUxcuyV
[2014.09.17 20:49:38 | 000,000,000 | ---D | M] -- C:\Users\Samsung\AppData\Roaming\RHEng
[2012.12.09 21:57:02 | 000,000,000 | ---D | M] -- C:\Users\Samsung\AppData\Roaming\Rovio
[2014.09.01 09:46:18 | 000,000,000 | ---D | M] -- C:\Users\Samsung\AppData\Roaming\Seznam.cz
[2012.06.29 11:23:49 | 000,000,000 | ---D | M] -- C:\Users\Samsung\AppData\Roaming\Sony
[2013.08.12 13:24:14 | 000,000,000 | ---D | M] -- C:\Users\Samsung\AppData\Roaming\TuneUp Software
[2014.09.01 10:14:06 | 000,000,000 | ---D | M] -- C:\Users\Samsung\AppData\Roaming\uTorrent
[2012.12.10 19:55:34 | 000,000,000 | ---D | M] -- C:\Users\Samsung\AppData\Roaming\WCMShare
[2012.04.23 15:15:47 | 000,000,000 | ---D | M] -- C:\Users\Samsung\AppData\Roaming\WebcamMax

========== Purity Check ==========

========== Custom Scans ==========

< >
[2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 07:08:49 | 000,032,634 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2014.08.10 20:26:26 | 000,000,950 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2014.08.10 20:26:27 | 000,000,954 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

< >

< MD5 for: AGP440.SYS >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_552ea5111ec825a6\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_3b457059383c66e6\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_3be7afc0514717fa\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2010.11.21 05:24:27 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\SysNative\autochk.exe
[2010.11.21 05:24:27 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe
[2010.11.21 05:23:53 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SysWOW64\autochk.exe
[2010.11.21 05:23:53 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: CDROM.SYS >
[2010.11.21 05:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\drivers\cdrom.sys
[2010.11.21 05:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys
[2010.11.21 05:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache86\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\ERDNT\cache64\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2012.06.02 06:52:32 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=063DD65889D21035311463337BD268E7 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22010_none_788c7cc71232cc19\cryptsvc.dll
[2012.04.24 06:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=06E771AA596B8761107AB57E99F128D7 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_77ff39f3f916c65f\cryptsvc.dll
[2010.11.21 05:24:16 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=15597883FBE9B056F276ADA3AD87D9AF -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll
[2012.04.24 06:28:22 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=21993009E0CCB9B4FA195F14D3408626 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c\cryptsvc.dll
[2013.05.10 06:49:59 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=33ADF6E0853AB39EA1723BE82842C1D3 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18150_none_77d7a417f9359661\cryptsvc.dll
[2013.05.13 06:45:55 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=3897DFF247D9ED0006190349DE264E14 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18151_none_77d8a461f934afb8\cryptsvc.dll
[2013.07.09 16:47:30 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=434CCE8E7150CD1324C5FAA088D1D061 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22380_none_d45f6e88cac8f85b\cryptsvc.dll
[2012.04.24 07:37:37 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=4F5414602E2544A4554D95517948B705 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_d41dd577b1743795\cryptsvc.dll
[2013.10.05 04:25:30 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=509D31797A4B8A3D6ED78A330B19A919 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22473_none_d46d4138cabe2596\cryptsvc.dll
[2013.07.09 07:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=6B400F211BEE880A37A1ED0368776BF4 -- C:\Windows\ERDNT\cache64\cryptsvc.dll
[2013.07.09 07:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=6B400F211BEE880A37A1ED0368776BF4 -- C:\Windows\SysNative\cryptsvc.dll
[2013.07.09 07:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=6B400F211BEE880A37A1ED0368776BF4 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18205_none_d431528fb165f7bc\cryptsvc.dll
[2013.07.09 15:57:37 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=6DB499DEFCC827317C5371164A7CDB27 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22380_none_7840d305126b8725\cryptsvc.dll
[2013.07.09 06:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=7CA1BECEA5DE2643ADDAD32670E7A4C9 -- C:\Windows\ERDNT\cache86\cryptsvc.dll
[2013.07.09 06:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=7CA1BECEA5DE2643ADDAD32670E7A4C9 -- C:\Windows\SysWOW64\cryptsvc.dll
[2013.07.09 06:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=7CA1BECEA5DE2643ADDAD32670E7A4C9 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18205_none_7812b70bf9088686\cryptsvc.dll
[2012.06.04 09:52:35 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=7E7D2DACF65D750D466F36BD3D09AE20 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22010_none_d4ab184aca903d4f\cryptsvc.dll
[2013.05.10 07:49:28 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=7FDC4626B01106A8EF328C88C7C0DEE3 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18150_none_d3f63f9bb1930797\cryptsvc.dll
[2013.05.11 07:18:23 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=8122252F0A4ACFA92FA0C1D50D18493B -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22322_none_d4a24ea4ca968363\cryptsvc.dll
[2012.06.02 06:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=96C0E38905CFD788313BE8E11DAE3F2F -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17856_none_77ddc9e5f93000db\cryptsvc.dll
[2012.06.02 07:41:28 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=9C01375BE382E834CC26D1B7EAF2C4FE -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17856_none_d3fc6569b18d7211\cryptsvc.dll
[2010.11.21 05:24:32 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
[2013.05.11 06:59:05 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=AC04D05309BB2C418D0D80B9FB014642 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22322_none_7883b3211239122d\cryptsvc.dll
[2012.04.24 07:22:32 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=B7337E9C9E5936355BB700AA33E0936E -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_d473633acab895c2\cryptsvc.dll
[2013.05.10 07:18:53 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=CA13C4F92BEE66DB48E58AB3223DDF6E -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22321_none_d4a14e5aca976a0c\cryptsvc.dll
[2013.05.13 07:51:01 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=D8129C49798CBBFB2E4351D4B7B8EF9C -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18151_none_d3f73fe5b19220ee\cryptsvc.dll
[2013.05.10 07:06:21 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=E122AA1C9A3CC46FF9DDDE46E5EB0C58 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22321_none_7882b2d71239f8d6\cryptsvc.dll
[2013.10.05 03:52:03 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=F2D9242C3BBD1C36467FCAE1AE01733F -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22473_none_784ea5b51260b460\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.06.06 15:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll

< MD5 for: EXPLORER.EXE >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.21 05:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: HAL.DLL >
[2010.11.21 05:24:08 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\SysNative\hal.dll
[2010.11.21 05:24:08 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_094ef8137049c196\hal.dll

< MD5 for: IASTOR.SYS >
[2010.04.27 17:57:04 | 000,540,696 | ---- | M] (Intel Corporation) MD5=A5F72BB0D024E7E463344105BE613AE4 -- C:\Windows\SysNative\drivers\iaStor.sys
[2010.04.27 17:57:04 | 000,540,696 | ---- | M] (Intel Corporation) MD5=A5F72BB0D024E7E463344105BE613AE4 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_c62e28b241ae90ea\iaStor.sys

< MD5 for: IASTORV.SYS >
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2009.07.14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\SysNative\drivers\isapnp.sys
[2009.07.14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\isapnp.sys
[2009.07.14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\isapnp.sys

< MD5 for: LSASS.EXE >
[2014.05.30 10:00:12 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=04F6C08B30C599D301CE8530A6F6A703 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22705_none_0505e8508c7f766f\lsass.exe
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe
[2011.11.17 08:20:34 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0A10B74FBB437FF9A23F1D5DE4446A83 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_04c1204e8cb39c3f\lsass.exe
[2014.04.12 04:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=204F3F58212B3E422C90BD9691A2DF28 -- C:\Windows\ERDNT\cache64\lsass.exe
[2014.04.12 04:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=204F3F58212B3E422C90BD9691A2DF28 -- C:\Windows\SysNative\lsass.exe
[2014.04.12 04:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=204F3F58212B3E422C90BD9691A2DF28 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18443_none_044f07757384196d\lsass.exe
[2014.04.12 04:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=204F3F58212B3E422C90BD9691A2DF28 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18496_none_041bf8b773a9f127\lsass.exe
[2014.04.12 04:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=204F3F58212B3E422C90BD9691A2DF28 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18526_none_0467aa1173712ab7\lsass.exe
[2013.09.25 03:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=4D71227301DD8D09097B9E4CC6527E5A -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18270_none_042b9307739f26ed\lsass.exe
[2014.04.12 04:31:33 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=6598EBC4D209318EBD81F76833ECBEDB -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22653_none_04cdd63a8ca9d24f\lsass.exe
[2014.04.12 04:31:33 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=6598EBC4D209318EBD81F76833ECBEDB -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22712_none_04f817868c8a465b\lsass.exe
[2014.04.12 04:31:33 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=6598EBC4D209318EBD81F76833ECBEDB -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22736_none_04e678d68c96e399\lsass.exe
[2013.11.23 16:16:08 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=77119F1F9B492B260030C34F9BE327FA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22099_none_04a88ce28cc4eb33\lsass.exe
[2012.06.04 09:51:10 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=79C908CAA6F43021EB05F4C733A927D1 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22010_none_04f609a88c8c279c\lsass.exe
[2011.11.17 08:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_0466c45b7371f20d\lsass.exe
[2011.11.17 08:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17856_none_044756c773895c5e\lsass.exe
[2011.11.17 08:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17940_none_044c26dd7386a58a\lsass.exe
[2013.09.25 03:08:17 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=F021DAFB1F87616FCEBA159C2ED7042F -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22465_none_04c503168cb026a0\lsass.exe
[2014.05.30 10:07:57 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=F23812F9F7B130854E4BC0389F7C688C -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18489_none_0429c981739f213b\lsass.exe

< MD5 for: NDIS.SYS >
[2010.12.29 12:33:33 | 000,950,656 | ---- | M] (Microsoft Corporation) MD5=303310C91F8C0740ED1C76851C759874 -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.21628_none_066fff3d4bd0b870\ndis.sys
[2012.08.22 20:06:07 | 000,950,128 | ---- | M] (Microsoft Corporation) MD5=5E74508FCB5820B29EEAFE24E6035BCF -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.22097_none_06232d534c0a8d67\ndis.sys
[2012.08.22 20:12:40 | 000,950,128 | ---- | M] (Microsoft Corporation) MD5=760E38053BF56E501D562B70AD796B88 -- C:\Windows\ERDNT\cache64\ndis.sys
[2012.08.22 20:12:40 | 000,950,128 | ---- | M] (Microsoft Corporation) MD5=760E38053BF56E501D562B70AD796B88 -- C:\Windows\SysNative\drivers\ndis.sys
[2012.08.22 20:12:40 | 000,950,128 | ---- | M] (Microsoft Corporation) MD5=760E38053BF56E501D562B70AD796B88 -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17939_none_05dc9a6832ba428a\ndis.sys
[2010.11.21 05:23:55 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=79B47FD40D9A817E932F9D26FAC0A81C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_05ed313632ae9759\ndis.sys
[2010.12.29 12:57:55 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=C38B8AE57F78915905064A9A24DC1586 -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17530_none_05d3903632c269df\ndis.sys

< MD5 for: NETLOGON.DLL >
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\ERDNT\cache64\netlogon.dll
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\ERDNT\cache86\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

< MD5 for: NVRAID.SYS >
[2011.03.11 08:41:34 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=0A92CB65770442ED0DC44834632F66AD -- C:\Windows\SysNative\drivers\nvraid.sys
[2011.03.11 08:41:34 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=0A92CB65770442ED0DC44834632F66AD -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvraid.sys
[2011.03.11 08:41:34 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=0A92CB65770442ED0DC44834632F66AD -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvraid.sys
[2010.11.21 05:23:47 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=5D9FD91F3D38DC9DA01E3CB5FA89CD48 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvraid.sys
[2010.11.21 05:23:47 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=5D9FD91F3D38DC9DA01E3CB5FA89CD48 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvraid.sys
[2011.03.11 08:19:21 | 000,148,352 | ---- | M] (NVIDIA Corporation) MD5=666CA16F17914C1CD3616CF16DE0A6EA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\ERDNT\cache86\scecli.dll
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\ERDNT\cache64\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< MD5 for: SMSS.EXE >
[2009.07.14 03:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_082f99a432e2a661\smss.exe
[2014.04.12 04:31:44 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=3442A918386D4716D74C661543151746 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22653_none_0abdf375491039d3\smss.exe
[2013.03.19 04:57:17 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=498E2A20E145199709CD100CDBA8603D -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22280_none_0a9a7b3b492b4d05\smss.exe
[2013.08.29 03:04:30 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=B2B31D4C79EFD883097FA24D02E79C12 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22436_none_0ad6905f48fd53a8\smss.exe
[2013.08.02 07:06:34 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=CB5DA3E44456D1084BCD87F5B1B3152B -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22411_none_0ae72ec548f19d13\smss.exe
[2013.07.08 04:50:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=E65601CF4BC0CF3718AFBE56A9AD846F -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22379_none_0aae4fa7491b124a\smss.exe
[2013.03.19 05:06:33 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=F0371DE302FFFF8F086661611BE60848 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18113_none_0a5f8ec22fd235a9\smss.exe
[2013.08.02 02:59:09 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=F0970A4BC8395659C22BF53D0FADF16F -- C:\Windows\SysNative\smss.exe
[2013.08.02 02:59:09 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=F0970A4BC8395659C22BF53D0FADF16F -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18229_none_0a5ac2782fd4e6cb\smss.exe

< MD5 for: SVCHOST.EXE >
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2014.04.05 04:47:20 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=04ADD18EE5CC9FBEDAEC1DD1CD0CB45E -- C:\Windows\ERDNT\cache64\tcpip.sys
[2014.04.05 04:47:20 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=04ADD18EE5CC9FBEDAEC1DD1CD0CB45E -- C:\Windows\SysNative\drivers\tcpip.sys
[2014.04.05 04:47:20 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=04ADD18EE5CC9FBEDAEC1DD1CD0CB45E -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18438_none_113260637d1284ef\tcpip.sys
[2012.10.03 19:56:54 | 001,914,248 | ---- | M] (Microsoft Corporation) MD5=37608401DFDB388CAF66917F6B2D6FB0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_110e0fbd7d2e4b88\tcpip.sys
[2011.09.29 19:41:37 | 001,912,176 | ---- | M] (Microsoft Corporation) MD5=3810F06A4D74A7D62641EE73D6B3C660 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69c\tcpip.sys
[2013.05.08 08:14:42 | 001,900,392 | ---- | M] (Microsoft Corporation) MD5=3E94650745D4DAB67E161F5F32CEA597 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22319_none_11d29984961f0be0\tcpip.sys
[2013.09.08 04:30:37 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=40AF23633D197905F03AB5628C558C51 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18254_none_1118bb977d265d27\tcpip.sys
[2014.04.05 04:37:43 | 001,897,408 | ---- | M] (Microsoft Corporation) MD5=4F80944B03112F486212DC20BE166079 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22648_none_11b12f2896383dd1\tcpip.sys
[2010.11.21 05:24:08 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2013.09.07 04:27:48 | 001,896,896 | ---- | M] (Microsoft Corporation) MD5=75F9106B74585D38C8FF6BB5CAD262D7 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22444_none_11ad2a34963bde27\tcpip.sys
[2012.08.22 20:06:13 | 001,901,936 | ---- | M] (Microsoft Corporation) MD5=7880A26B7D3B96FDA8EFD9F985036B1D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22097_none_117a13de9661c145\tcpip.sys
[2012.03.30 12:26:36 | 001,901,424 | ---- | M] (Microsoft Corporation) MD5=885B202006EE17AE99B9FBCEC9AF88C9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23a\tcpip.sys
[2011.04.25 07:33:51 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys
[2013.05.08 08:39:01 | 001,910,632 | ---- | M] (Microsoft Corporation) MD5=9849EA3843A2ADBDD1497E97A85D8CAE -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18148_none_11278ac57d1aa96b\tcpip.sys
[2012.03.30 13:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740d\tcpip.sys
[2013.07.06 07:20:38 | 001,900,992 | ---- | M] (Microsoft Corporation) MD5=B27F13153343BC37A27EAE01634D94E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22378_none_1190b9b296509a2f\tcpip.sys
[2013.01.03 08:00:54 | 001,913,192 | ---- | M] (Microsoft Corporation) MD5=B62A953F2BF3922C8764A29C34A22899 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18042_none_112187237d20143a\tcpip.sys
[2011.04.25 08:16:34 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=B77977AEB2FF159D01DB08A309989C5F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys
[2013.01.04 07:47:43 | 001,901,416 | ---- | M] (Microsoft Corporation) MD5=B8C1AAC0523E1C33AEB0EF7572144BA2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22209_none_11dd678a9616f2c8\tcpip.sys
[2012.10.03 19:44:29 | 001,902,472 | ---- | M] (Microsoft Corporation) MD5=D5707FC2300AA5B04B7BFE86D40C0133 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_11c2c45a962baed0\tcpip.sys
[2013.07.06 08:03:53 | 001,910,208 | ---- | M] (Microsoft Corporation) MD5=DB74544B75566C974815E79A62433F29 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18203_none_114dcae97cfeb81b\tcpip.sys
[2013.11.26 13:34:34 | 001,897,408 | ---- | M] (Microsoft Corporation) MD5=F55B41AA6114568AC558ADBABDA85620 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22525_none_11c3cc3c962abcc3\tcpip.sys
[2012.08.22 20:12:50 | 001,913,200 | ---- | M] (Microsoft Corporation) MD5=F782CAD3CEDBB3F9FFE3BF2775D92DDC -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17939_none_113380f37d117668\tcpip.sys
[2011.09.29 18:29:28 | 001,923,952 | ---- | M] (Microsoft Corporation) MD5=FC62769E7BFF2896035AEED399108162 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f09b257d43f3eb\tcpip.sys

< MD5 for: USERINIT.EXE >
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2014.03.04 13:08:14 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=6CE2AE073BD21C542FC2C707CAE944CC -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce748d1d04acf24f\winlogon.exe
[2014.03.04 11:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\ERDNT\cache64\winlogon.exe
[2014.03.04 11:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\SysNative\winlogon.exe
[2014.03.04 11:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe

< MD5 for: WS2_32.DLL >
[2010.11.21 05:24:28 | 000,297,984 | ---- | M] (Microsoft Corporation) MD5=4BBFA57F594F7E8A8EDC8F377184C3F0 -- C:\Windows\ERDNT\cache64\ws2_32.dll
[2010.11.21 05:24:28 | 000,297,984 | ---- | M] (Microsoft Corporation) MD5=4BBFA57F594F7E8A8EDC8F377184C3F0 -- C:\Windows\SysNative\ws2_32.dll
[2010.11.21 05:24:28 | 000,297,984 | ---- | M] (Microsoft Corporation) MD5=4BBFA57F594F7E8A8EDC8F377184C3F0 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_50ddb631e4f59005\ws2_32.dll
[2010.11.21 05:23:55 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\ERDNT\cache86\ws2_32.dll
[2010.11.21 05:23:55 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\SysWOW64\ws2_32.dll
[2010.11.21 05:23:55 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_f4bf1aae2c981ecf\ws2_32.dll

< >

< %systemroot%*.* /U /s >
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[8 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[17 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[12 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\eaa795cd64634c07dbf7097850badcd0\*.tmp files -> C:\Windows\SoftwareDistribution\Download\eaa795cd64634c07dbf7097850badcd0\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2012.02.08 15:01:03 | 000,000,000 | ---D | M] -- C:\Users\Samsung\AppData\Roaming\Adobe
[2013.10.13 14:11:41 | 000,000,000 | ---D | M] -- C:\Users\Samsung\AppData\Roaming\Apple Computer
[2014.08.31 19:48:17 | 000,000,000 | ---D | M] -- C:\Users\Samsung\AppData\Roaming\AVAST Software
[2014.09.17 20:50:31 | 000,000,000 | ---D | M] -- C:\Users\Samsung\AppData\Roaming\AVG
[2012.06.21 18:21:12 | 000,000,000 | ---D | M] -- C:\Users\Samsung\AppData\Roaming\Broad Intelligence
[2012.10.13 19:34:02 | 000,000,000 | ---D | M] -- C:\Users\Samsung\AppData\Roaming\CyberLink
[2013.10.07 19:12:55 | 000,000,000 | ---D | M] -- C:\Users\Samsung\AppData\Roaming\dll-files.com
[2012.08.05 15:17:05 | 000,000,000 | ---D | M] -- C:\Users\Samsung\AppData\Roaming\dvdcss
[2014.09.17 20:49:35 | 000,000,000 | ---D | M] -- C:\Users\Samsung\AppData\Roaming\DVDVideoSoft
[2013.10.11 17:41:55 | 000,000,000 | ---D | M] -- C:\Users\Samsung\AppData\Roaming\ICQ
[2012.02.11 20:12:30 | 000,000,000 | ---D | M] -- C:\Users\Samsung\AppData\Roaming\ICQ Search
[2012.02.08 13:07:44 | 000,000,000 | ---D | M] -- C:\Users\Samsung\AppData\Roaming\Identities
[2012.02.08 14:21:13 | 000,000,000 | ---D | M] -- C:\Users\Samsung\AppData\Roaming\InstallShield
[2013.11.23 16:03:41 | 000,000,000 | ---D | M] -- C:\Users\Samsung\AppData\Roaming\IObit
[2012.02.08 14:57:59 | 000,000,000 | ---D | M] -- C:\Users\Samsung\AppData\Roaming\Macromedia
[2010.11.21 09:16:41 | 000,000,000 | ---D | M] -- C:\Users\Samsung\AppData\Roaming\Media Center Programs
[2014.09.15 22:43:51 | 000,000,000 | ---D | M] -- C:\Users\Samsung\AppData\Roaming\Media Player Classic
[2014.09.21 16:35:31 | 000,000,000 | --SD | M] -- C:\Users\Samsung\AppData\Roaming\Microsoft
[2012.02.11 20:11:02 | 000,000,000 | ---D | M] -- C:\Users\Samsung\AppData\Roaming\Mozilla
[2013.08.02 12:37:17 | 000,000,000 | ---D | M] -- C:\Users\Samsung\AppData\Roaming\Nico Mak Computing
[2014.09.22 22:47:04 | 000,000,000 | ---D | M] -- C:\Users\Samsung\AppData\Roaming\Nitro PDF
[2012.02.11 20:37:34 | 000,000,000 | ---D | M] -- C:\Users\Samsung\AppData\Roaming\ooVoo Details
[2014.09.17 20:49:35 | 000,000,000 | ---D | M] -- C:\Users\Samsung\AppData\Roaming\OpenCandy
[2012.02.15 16:24:58 | 000,000,000 | ---D | M] -- C:\Users\Samsung\AppData\Roaming\PhotoFiltre
[2012.07.10 21:08:54 | 000,000,000 | ---D | M] -- C:\Users\Samsung\AppData\Roaming\PhotoScape
[2014.06.01 12:34:40 | 000,000,000 | ---D | M] -- C:\Users\Samsung\AppData\Roaming\ProductData
[2014.08.30 16:23:52 | 000,000,000 | ---D | M] -- C:\Users\Samsung\AppData\Roaming\pSUxcuyV
[2014.09.17 20:49:38 | 000,000,000 | ---D | M] -- C:\Users\Samsung\AppData\Roaming\RHEng
[2012.12.09 21:57:02 | 000,000,000 | ---D | M] -- C:\Users\Samsung\AppData\Roaming\Rovio
[2014.09.01 09:46:18 | 000,000,000 | ---D | M] -- C:\Users\Samsung\AppData\Roaming\Seznam.cz
[2014.09.21 23:26:17 | 000,000,000 | ---D | M] -- C:\Users\Samsung\AppData\Roaming\Skype
[2012.06.29 11:23:49 | 000,000,000 | ---D | M] -- C:\Users\Samsung\AppData\Roaming\Sony
[2013.08.12 13:24:14 | 000,000,000 | ---D | M] -- C:\Users\Samsung\AppData\Roaming\TuneUp Software
[2014.09.01 10:14:06 | 000,000,000 | ---D | M] -- C:\Users\Samsung\AppData\Roaming\uTorrent
[2014.09.15 22:42:00 | 000,000,000 | ---D | M] -- C:\Users\Samsung\AppData\Roaming\vlc
[2012.12.10 19:55:34 | 000,000,000 | ---D | M] -- C:\Users\Samsung\AppData\Roaming\WCMShare
[2012.04.23 15:15:47 | 000,000,000 | ---D | M] -- C:\Users\Samsung\AppData\Roaming\WebcamMax
[2012.02.15 19:13:59 | 000,000,000 | ---D | M] -- C:\Users\Samsung\AppData\Roaming\WinRAR

< %APPDATA%\*.exe /s >
[2014.06.01 12:33:32 | 000,588,608 | ---- | M] () -- C:\Users\Samsung\AppData\Roaming\IObit\IObit Uninstaller\Install_PintoStartMenutemp.exe
[2014.06.01 12:33:32 | 000,629,568 | ---- | M] () -- C:\Users\Samsung\AppData\Roaming\IObit\IObit Uninstaller\UninstallDisplaytemp.exe
[2014.02.28 14:25:32 | 002,130,720 | ---- | M] (IObit) -- C:\Users\Samsung\AppData\Roaming\IObit\IObit Uninstaller\UninstallPromotetemp.exe
[2012.02.26 16:05:52 | 000,010,134 | R--- | M] () -- C:\Users\Samsung\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2014.09.17 20:49:47 | 027,826,600 | ---- | M] (AVG) -- C:\Users\Samsung\AppData\Roaming\RHEng\1B0C40F24E2C41FA8621189901A2043E\AVG-PC-TuneUp2014-cz-CZ-p4v1.exe
[2013.05.16 15:25:04 | 001,062,472 | ---- | M] () -- C:\Users\Samsung\AppData\Roaming\Seznam.cz\szninstall.exe
[2013.05.16 15:26:24 | 002,589,256 | ---- | M] () -- C:\Users\Samsung\AppData\Roaming\Seznam.cz\sznsetup.exe
[2013.04.29 12:53:34 | 000,045,560 | ---- | M] () -- C:\Users\Samsung\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
[2013.04.12 10:13:24 | 000,457,208 | ---- | M] () -- C:\Users\Samsung\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
[2013.04.12 10:10:22 | 000,092,664 | ---- | M] () -- C:\Users\Samsung\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe
[2013.04.16 13:52:34 | 000,055,808 | ---- | M] () -- C:\Users\Samsung\AppData\Roaming\Seznam.cz\data\ffinstall\ffkill.exe
[2011.12.19 11:04:28 | 000,020,480 | ---- | M] (Microsoft Corporation) --

VIRY.CZ

Chrome nelze spustit

Chrome nelze spustit

Re: Chrome nelze spustit

Re: Chrome nelze spustit

Re: Chrome nelze spustit

Re: Chrome nelze spustit

Re: Chrome nelze spustit

Re: Chrome nelze spustit

Re: Chrome nelze spustit

Re: Chrome nelze spustit

Re: Chrome nelze spustit

Re: Chrome nelze spustit

Re: Chrome nelze spustit

Re: Chrome nelze spustit

Re: Chrome nelze spustit

Re: Chrome nelze spustit