nelze spustit aplikace + iexplore.exe - chyba aplikace

Zpráva

petran · #1 Příspěvek od **petran** » 28 pro 2014 23:11

Dobry den,

mohli by jste mi prosím poradit? Na noťasu (windows 7 64x) se mi začala objevovat chyba:
iexplore.exe - chyba aplikace. Instrukce na adrese 0x76460cb3 odkazovala na adresu paměti 0x00000008. S pamětí nelze provést operaci: read.

Nejdou spouštět skoro žádné aplikace. Nejde spustit Odinstalování programu v ovládacích panelech.

Stejný problém jsem našla v příspěvku: http://forum.viry.cz/viewtopic.php?f=13 ... 48&start=0
ale jak píšete v pravidlech, nechci spouštět uvedené utility.

Dekuju
Petra

RSIT (mohlo to vzniknout 25. - 26. 12.):
Logfile of random's system information tool 1.10 (written by random/random)
Run by petra at 2014-12-28 23:06:12
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 155 GB (65%) free of 239 GB
Total RAM: 3996 MB (39% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:06:20, on 28.12.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17496)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Smart PDF Creator\SmartSoft PDF Printer Agent.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\SysWOW64\regsvr32.exe
C:\windows\SysWOW64\regsvr32.exe
C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
C:\Users\petra\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\AVG Web TuneUp\avgcefrend.exe
C:\Users\petra\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\petra\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\petra\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe
C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe
C:\Users\petra\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\petra\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\petra\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\petra\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\petra\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\petra\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\petra\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\petra\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\AVG Web TuneUp\avgcefrend.exe
C:\Users\petra\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\petra\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\petra.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.seznam.cz/?clid=22668
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.seznam.cz/?sourceid=quick ... earchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.seznam.cz/?clid=22668
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.seznam.cz/?sourceid=quick ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/?clid=22668
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Lync add-on BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Web TuneUp - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Web TuneUp\4.0.0.19\AVG Web TuneUp.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [NortonOnlineBackup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HTC Sync] "C:\Program Files (x86)\HTC\HTC Sync for BrewMP\AutoDetect.exe"
O4 - HKLM\..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start
O4 - HKLM\..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Redirector] "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware"
O4 - HKCU\..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Google Update] "C:\Users\petra\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [IPWsoft] C:\Windows\SysWOW64\regsvr32.exe C:\Users\petra\AppData\Local\ASworks\ndppydljdabngna.dll
O4 - HKCU\..\Run: [YpzPack] regsvr32.exe C:\Users\petra\AppData\Local\YpzPack\Gameshell.dll
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Global Startup: Citrix Access Gateway.lnk = C:\Program Files\Citrix\Secure Access Client\nsload.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: XMLSpy_EditWith_IESupport - C:\Program Files (x86)\Altova\XMLSpy2015\spy.htm
O9 - Extra button: XMLSpy_EditWith_IESupport - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files (x86)\Altova\XMLSpy2015\spy.htm
O9 - Extra 'Tools' menuitem: XMLSpy_EditWith_IESupport - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files (x86)\Altova\XMLSpy2015\spy.htm
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Doplněk aplikace Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
O9 - Extra 'Tools' menuitem: Doplněk aplikace Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.mcafee.com (HKLM)
O15 - Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://www.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.10\ViProtocol.dll
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O20 - AppInit_DLLs: C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
O23 - Service: Bluetooth Device Manager - Motorola, Inc. - C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
O23 - Service: Bluetooth Media Service - Motorola, Inc. - C:\Program Files\Motorola\Bluetooth\audiosrv.exe
O23 - Service: Bluetooth OBEX Service - Motorola, Inc. - C:\Program Files\Motorola\Bluetooth\obexsrv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Hotkey Monitor (hpHotkeyMonitor) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: Citrix Secure Access Client Service (nsverctl) - Citrix Systems, Inc - C:\Program Files\Citrix\Secure Access Client\nsverctl.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10122 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater18.1.10 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 21687 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
c:\PROGRA~2\AVG\AVG2015\avgrsa.exe /boot
C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe /pipeName=c2feea3f-0200-0000-fa6b-c31acfbb8365 /binaryPath="C:\Program Files (x86)\AVG\AVG2015\"
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\windows\system32\services.exe
winlogon.exe
C:\windows\system32\lsass.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
"C:\Program Files\IDT\WDM\STacSV64.exe"
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\IDT\WDM\AESTSr64.exe"
"C:\Program Files\LSI SoftModem\agr64svc.exe"
"C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe"
"C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe"
"C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe"
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe"
"C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
"C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" service
"C:\Program Files\Citrix\Secure Access Client\nsverctl.exe"
"C:\Program Files (x86)\PDF Complete\pdfsvc.exe" /startedbyscm:66B66708-40E2BE4D-pdfcService
"taskhost.exe"
"C:\windows\system32\Dwm.exe"
"c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe"
C:\windows\Explorer.EXE
"C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe"
"C:\Program Files (x86)\AVG\AVG2015\avgemca.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe" /starttray
"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
C:\windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\ToolbarUpdater.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\loggingserver.exe" 72648 "C:\ProgramData\AVG Secure Search\Logger\logger.properties"
\??\C:\windows\system32\conhost.exe "-1721338093-18652169049060677511054898296207784086433048894-3359478281321087624
"C:\Program Files\Motorola\Bluetooth\obexsrv.exe"
"C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe"
C:\windows\system32\SearchIndexer.exe /Embedding
C:\windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe"
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
WLIDSvcM.exe 2504
C:\windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe"
"C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Windows\System32\rundll32.exe" "C:\Program Files\Motorola\Bluetooth\btmshell.dll",TrayApp
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\Smart PDF Creator\SmartSoft PDF Printer Agent.exe"
C:\windows\system32\igfxsrvc.exe -Embedding
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" -hidden
"C:\Windows\SysWOW64\regsvr32.exe" C:\Users\petra\AppData\Local\ASworks\ndppydljdabngna.dll
"C:\Windows\System32\regsvr32.exe" C:\Users\petra\AppData\Local\YpzPack\Gameshell.dll
C:\Users\petra\AppData\Local\YpzPack\Gameshell.dll
"C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
"C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" /start
"C:\Program Files\Motorola\Bluetooth\audiosrv.exe"
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe" -Embedding
C:\windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
"C:\windows\system32\wuauclt.exe"
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4480 CREDAT:275457 /prefetch:2
"C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"
"C:\Users\petra\AppData\Local\Google\Chrome\Application\chrome.exe" -- "http://go.microsoft.com/fwlink/?LinkID=142337"
"C:\Program Files (x86)\AVG Web TuneUp\avgcefrend.exe" --type=renderer --no-sandbox --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" --lang=en-US --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --lang=en-US --uncaught-exception-stack-size=1024 --disable-pepper-3d --disable-accelerated-compositing --disable-accelerated-video-decode --disable-webrtc-hw-encoding --enable-software-compositing --disable-gpu-compositing --disable-pepper-3d --channel="6416.2.740598694\841836018" /prefetch:673131151
"C:\Users\petra\AppData\Local\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="6860.4.354448860\585659946" --disable-d3d11 --use-gl=swiftshader --supports-dual-gpus=false --swiftshader-path="C:\Users\petra\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159" --gpu-driver-bug-workarounds=1,6,17,38 --gpu-vendor-id=0x8086 --gpu-device-id=0x2a42 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=8.15.10.2057 --ignored=" --type=renderer " /prefetch:822062411
"C:\Users\petra\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group5 pct:10e stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/NewProfileManagement/OldAvatarMenu/OmniboxBundledExperimentV1/StableBookmarksIndexURLsControl/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/RapporRollout/Enabled/RememberCertificateErrorDecisions/Default/SPDY/DefaultSpdy31Enabled/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_06/UMA-Uniformity-Trial-1-Percent/group_36/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_02/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --enable-gpu-rasterization --disable-gpu-compositing --channel="6860.7.463576611\2104006740" /prefetch:673131151
"C:\Users\petra\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll" --lang=cs --channel="6860.14.1939540768\1316929013" /prefetch:-390060480
"C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe" -Embedding
"C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
"C:\Program Files (x86)\Citrix\Receiver\Receiver.exe" -autoupdate -startplugins
"C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe"
"C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe"
"C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe"
"C:\Users\petra\AppData\Local\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="6860.36.108118329\917142721" --ppapi-flash-args=enable_hw_video_decode=1 --lang=cs --ignored=" --type=renderer " /prefetch:-632637702
"C:\Users\petra\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group5 pct:10e stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/NewProfileManagement/OldAvatarMenu/OmniboxBundledExperimentV1/StableBookmarksIndexURLsControl/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/RapporRollout/Enabled/RememberCertificateErrorDecisions/Default/SPDY/DefaultSpdy31Enabled/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_06/UMA-Uniformity-Trial-1-Percent/group_36/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_02/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --enable-gpu-rasterization --disable-gpu-compositing --channel="6860.39.165650931\1485783525" /prefetch:673131151
"C:\Users\petra\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group5 pct:10e stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/NewProfileManagement/OldAvatarMenu/OmniboxBundledExperimentV1/StableBookmarksIndexURLsControl/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/RapporRollout/Enabled/RememberCertificateErrorDecisions/Default/SPDY/DefaultSpdy31Enabled/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_06/UMA-Uniformity-Trial-1-Percent/group_36/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_02/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --enable-gpu-rasterization --disable-gpu-compositing --channel="6860.43.443959004\367475778" /prefetch:673131151
"C:\Users\petra\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group5 pct:10e stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/NewProfileManagement/OldAvatarMenu/OmniboxBundledExperimentV1/StableBookmarksIndexURLsControl/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/RapporRollout/Enabled/RememberCertificateErrorDecisions/Default/SPDY/DefaultSpdy31Enabled/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_06/UMA-Uniformity-Trial-1-Percent/group_36/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_02/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --enable-gpu-rasterization --disable-gpu-compositing --channel="6860.48.635964687\617939485" /prefetch:673131151
"C:\Users\petra\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group5 pct:10e stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/NewProfileManagement/OldAvatarMenu/OmniboxBundledExperimentV1/StableBookmarksIndexURLsControl/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/RapporRollout/Enabled/RememberCertificateErrorDecisions/Default/SPDY/DefaultSpdy31Enabled/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_06/UMA-Uniformity-Trial-1-Percent/group_36/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_02/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --enable-gpu-rasterization --disable-gpu-compositing --channel="6860.49.2146661951\1742395971" /prefetch:673131151
"C:\Users\petra\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group5 pct:10e stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/NewProfileManagement/OldAvatarMenu/OmniboxBundledExperimentV1/StableBookmarksIndexURLsControl/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/RapporRollout/Enabled/RememberCertificateErrorDecisions/Default/SPDY/DefaultSpdy31Enabled/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_06/UMA-Uniformity-Trial-1-Percent/group_36/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_02/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --enable-gpu-rasterization --disable-gpu-compositing --channel="6860.50.517449923\1037486657" /prefetch:673131151
"C:\Users\petra\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group5 pct:10e stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/NewProfileManagement/OldAvatarMenu/OmniboxBundledExperimentV1/StableBookmarksIndexURLsControl/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/RapporRollout/Enabled/RememberCertificateErrorDecisions/Default/SPDY/DefaultSpdy31Enabled/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_06/UMA-Uniformity-Trial-1-Percent/group_36/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_02/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --enable-gpu-rasterization --disable-gpu-compositing --channel="6860.53.460065481\401672468" /prefetch:673131151
"C:\Users\petra\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group5 pct:10e stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/NewProfileManagement/OldAvatarMenu/OmniboxBundledExperimentV1/StableBookmarksIndexURLsControl/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/RapporRollout/Enabled/RememberCertificateErrorDecisions/Default/SPDY/DefaultSpdy31Enabled/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_06/UMA-Uniformity-Trial-1-Percent/group_36/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_02/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --enable-gpu-rasterization --disable-gpu-compositing --channel="6860.56.1290776984\1860350529" /prefetch:673131151
"C:\Program Files (x86)\AVG Web TuneUp\avgcefrend.exe" --type=renderer --no-sandbox --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" --lang=en-US --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --lang=en-US --uncaught-exception-stack-size=1024 --disable-pepper-3d --disable-accelerated-compositing --disable-accelerated-video-decode --disable-webrtc-hw-encoding --enable-software-compositing --disable-gpu-compositing --disable-pepper-3d --channel="6416.3.1465304548\257190646" /prefetch:673131151
"C:\Users\petra\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group5 pct:10e stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/NewProfileManagement/OldAvatarMenu/OmniboxBundledExperimentV1/StableBookmarksIndexURLsControl/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/RapporRollout/Enabled/RememberCertificateErrorDecisions/Default/SPDY/DefaultSpdy31Enabled/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_06/UMA-Uniformity-Trial-1-Percent/group_36/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_02/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --enable-gpu-rasterization --disable-gpu-compositing --channel="6860.62.684508512\1917045299" /prefetch:673131151
"taskhost.exe"
"C:\Users\petra\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group5 pct:10e stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/NewProfileManagement/OldAvatarMenu/OmniboxBundledExperimentV1/StableBookmarksIndexURLsControl/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/RapporRollout/Enabled/RememberCertificateErrorDecisions/Default/SPDY/DefaultSpdy31Enabled/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_06/UMA-Uniformity-Trial-1-Percent/group_36/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_02/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --enable-gpu-rasterization --disable-gpu-compositing --channel="6860.63.1173475403\861383177" /prefetch:673131151

"C:\windows\system32\notepad.exe"
C:\windows\System32\svchost.exe -k WerSvcGroup
"D:\download\RSITx64.exe"
C:\windows\system32\wbem\wmiprvse.exe
"C:\windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe10_ Global\UsGthrCtrlFltPipeMssGthrPipe10 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\windows\system32\SearchFilterHost.exe" 0 508 512 520 65536 516

======Scheduled tasks folder======

C:\windows\tasks\Adobe Flash Player Updater.job - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1537954393-1589409457-3668467252-1002Core.job - C:\Users\petra\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1537954393-1589409457-3668467252-1002UA.job - C:\Users\petra\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\windows\tasks\HPCeeScheduleForpetra.job - C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForpetra (null)

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28 303416]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08 77424]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll [2010-11-03 211720]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll [2012-07-05 453544]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
AVG Web TuneUp - C:\Program Files (x86)\AVG Web TuneUp\4.0.0.19\AVG Web TuneUp.dll [2014-12-09 2369560]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Plug-In - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22 1242504]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-07-05 157616]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28 286520]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"=C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [2010-01-08 186904]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-01-22 2028328]
"BTMTrayAgent"=C:\Program Files\Motorola\Bluetooth\btmshell.dll [2010-06-10 24783624]
"IgfxTray"=C:\windows\system32\igfxtray.exe [2010-03-25 166424]
"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2010-03-25 390680]
"Persistence"=C:\windows\system32\igfxpers.exe [2010-03-25 410136]
"SmartSoft PDF Printer Agent"=C:\Program Files\Smart PDF Creator\SmartSoft PDF Printer Agent.exe [2011-05-17 50560]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2013-06-21 489472]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"=C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [2014-12-02 21720]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"=C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [2010-02-10 1712184]
"LightScribe Control Panel"=C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2010-01-22 2363392]
"Google Update"=C:\Users\petra\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-17 107912]
""= []
"IPWsoft"=C:\Windows\SysWOW64\regsvr32.exe [2009-07-14 14848]
"YpzPack"=regsvr32.exe C:\Users\petra\AppData\Local\YpzPack\Gameshell.dll []
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2014-12-12 7394584]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"=C:\Program Files (x86)\PDF Complete\pdfsty.exe [2010-01-12 563736]
"WirelessAssistant"=C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2009-09-01 499768]
"NortonOnlineBackup"=C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2010-05-03 1110360]
"WinampAgent"=C:\Program Files (x86)\Winamp\winampa.exe [2010-12-09 74752]
"VirtualCloneDrive"=C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2013-03-10 88984]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
"HTC Sync"=C:\Program Files (x86)\HTC\HTC Sync for BrewMP\AutoDetect.exe [2010-04-16 180224]
"PDFPrint"=C:\Program Files (x86)\PDF24\pdf24.exe [2011-04-28 220552]
"NokiaMServer"=C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-01-17 252296]
"ConnectionCenter"=C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [2013-10-01 395656]
"QLBController"=C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [2010-10-01 256056]
"Nikon Message Center 2"=C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [2013-12-27 570880]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2013-05-08 41056]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]
""= []
"Redirector"=C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [2013-10-01 153992]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS5ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]
"Communicator"=C:\Program Files (x86)\Microsoft Lync\communicator.exe [2014-05-01 12117312]
"AVG_UI"=C:\Program Files (x86)\AVG\AVG2015\avgui.exe [2014-11-09 3653136]
"vProt"=C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2014-12-09 3060248]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware (cleanup)"=C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [2014-11-21 54072]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Citrix Access Gateway.lnk - C:\Program Files\Citrix\Secure Access Client\nsload.exe
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgwlx64]
avgwlx64.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2010-01-25 268800]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux1"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-12-28 23:03:26 ----A---- C:\windows\system32\drivers\nhqt.sys
2014-12-28 22:31:21 ----D---- C:\windows\LastGood
2014-12-28 22:28:13 ----SHD---- C:\Config.Msi
2014-12-28 10:55:41 ----A---- C:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-28 10:53:30 ----D---- C:\ProgramData\Malwarebytes
2014-12-28 10:53:30 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-28 10:53:30 ----A---- C:\windows\system32\drivers\mwac.sys
2014-12-28 10:53:30 ----A---- C:\windows\system32\drivers\mbamchameleon.sys
2014-12-28 10:53:30 ----A---- C:\windows\system32\drivers\mbam.sys
2014-12-28 10:27:14 ----D---- C:\Program Files\CCleaner
2014-12-28 10:20:51 ----D---- C:\Program Files\trend micro
2014-12-28 10:20:49 ----D---- C:\rsit
2014-12-18 06:13:23 ----A---- C:\windows\SYSWOW64\ieUnatt.exe
2014-12-18 06:13:23 ----A---- C:\windows\system32\ieUnatt.exe
2014-12-10 06:34:09 ----A---- C:\windows\SYSWOW64\WindowsCodecs.dll
2014-12-10 06:34:09 ----A---- C:\windows\system32\WindowsCodecs.dll
2014-12-10 06:34:00 ----A---- C:\windows\SYSWOW64\iernonce.dll
2014-12-10 06:34:00 ----A---- C:\windows\SYSWOW64\ieetwproxystub.dll
2014-12-10 06:33:59 ----A---- C:\windows\SYSWOW64\urlmon.dll
2014-12-10 06:33:59 ----A---- C:\windows\SYSWOW64\mshtmled.dll
2014-12-10 06:33:59 ----A---- C:\windows\SYSWOW64\iedkcs32.dll
2014-12-10 06:33:59 ----A---- C:\windows\system32\iernonce.dll
2014-12-10 06:33:59 ----A---- C:\windows\system32\ieetwproxystub.dll
2014-12-10 06:33:59 ----A---- C:\windows\system32\ieetwcollector.exe
2014-12-10 06:33:59 ----A---- C:\windows\system32\ie4uinit.exe
2014-12-10 06:33:58 ----A---- C:\windows\SYSWOW64\JavaScriptCollectionAgent.dll
2014-12-10 06:33:57 ----A---- C:\windows\SYSWOW64\mshtml.dll
2014-12-10 06:33:57 ----A---- C:\windows\SYSWOW64\msfeeds.dll
2014-12-10 06:33:57 ----A---- C:\windows\SYSWOW64\dxtrans.dll
2014-12-10 06:33:57 ----A---- C:\windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 06:33:56 ----A---- C:\windows\SYSWOW64\iesetup.dll
2014-12-10 06:33:56 ----A---- C:\windows\SYSWOW64\ieapfltr.dll
2014-12-10 06:33:55 ----A---- C:\windows\SYSWOW64\jsproxy.dll
2014-12-10 06:33:55 ----A---- C:\windows\SYSWOW64\jscript9diag.dll
2014-12-10 06:33:55 ----A---- C:\windows\SYSWOW64\iertutil.dll
2014-12-10 06:33:55 ----A---- C:\windows\system32\urlmon.dll
2014-12-10 06:33:55 ----A---- C:\windows\system32\ieetwcollectorres.dll
2014-12-10 06:33:55 ----A---- C:\windows\system32\iedkcs32.dll
2014-12-10 06:33:54 ----A---- C:\windows\system32\MsSpellCheckingFacility.exe
2014-12-10 06:33:53 ----A---- C:\windows\SYSWOW64\ieui.dll
2014-12-10 06:33:53 ----A---- C:\windows\SYSWOW64\ieframe.dll
2014-12-10 06:33:53 ----A---- C:\windows\SYSWOW64\dxtmsft.dll
2014-12-10 06:33:53 ----A---- C:\windows\system32\msfeeds.dll
2014-12-10 06:33:53 ----A---- C:\windows\system32\dxtrans.dll
2014-12-10 06:33:52 ----A---- C:\windows\system32\iesetup.dll
2014-12-10 06:33:52 ----A---- C:\windows\system32\ieapfltr.dll
2014-12-10 06:33:51 ----A---- C:\windows\system32\iertutil.dll
2014-12-10 06:33:50 ----A---- C:\windows\SYSWOW64\mshtmlmedia.dll
2014-12-10 06:33:50 ----A---- C:\windows\SYSWOW64\jscript9.dll
2014-12-10 06:33:49 ----A---- C:\windows\SYSWOW64\wininet.dll
2014-12-10 06:33:49 ----A---- C:\windows\SYSWOW64\vbscript.dll
2014-12-10 06:33:49 ----A---- C:\windows\system32\jsproxy.dll
2014-12-10 06:33:47 ----A---- C:\windows\SYSWOW64\msrating.dll
2014-12-10 06:33:47 ----A---- C:\windows\SYSWOW64\MshtmlDac.dll
2014-12-10 06:33:46 ----A---- C:\windows\system32\dxtmsft.dll
2014-12-10 06:33:45 ----A---- C:\windows\system32\ieui.dll
2014-12-10 06:33:45 ----A---- C:\windows\system32\ieframe.dll
2014-12-10 06:33:44 ----A---- C:\windows\system32\mshtmlmedia.dll
2014-12-10 06:33:44 ----A---- C:\windows\system32\mshtmled.dll
2014-12-10 06:33:44 ----A---- C:\windows\system32\jscript9diag.dll
2014-12-10 06:33:43 ----A---- C:\windows\system32\wininet.dll
2014-12-10 06:33:43 ----A---- C:\windows\system32\vbscript.dll
2014-12-10 06:33:43 ----A---- C:\windows\system32\jscript9.dll
2014-12-10 06:33:42 ----A---- C:\windows\system32\MshtmlDac.dll
2014-12-10 06:33:41 ----A---- C:\windows\system32\msrating.dll
2014-12-10 06:33:40 ----A---- C:\windows\system32\mshtml.dll
2014-12-09 09:45:41 ----D---- C:\ProgramData\AVG Security Toolbar
2014-12-09 09:45:22 ----A---- C:\windows\system32\drivers\avgtpx64.sys
2014-12-09 09:45:18 ----D---- C:\ProgramData\AVG Secure Search
2014-12-09 09:45:16 ----D---- C:\ProgramData\AVG Web TuneUp
2014-12-09 09:45:14 ----D---- C:\Program Files (x86)\AVG Web TuneUp
2014-12-08 20:10:20 ----D---- C:\Users\petra\AppData\Roaming\AVG2015
2014-12-08 20:09:11 ----D---- C:\Users\petra\AppData\Roaming\TuneUp Software
2014-12-08 20:07:56 ----HD---- C:\$AVG
2014-12-08 20:07:56 ----D---- C:\ProgramData\AVG2015
2014-12-08 20:06:17 ----D---- C:\Program Files (x86)\AVG
2014-12-08 19:15:29 ----D---- C:\ProgramData\MFAData
2014-12-07 17:37:50 ----SD---- C:\windows\SYSWOW64\Microsoft
2014-12-05 01:59:51 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2014-12-05 01:59:47 ----D---- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-12-05 01:58:54 ----D---- C:\Program Files\Application Verifier
2014-12-05 01:58:54 ----D---- C:\Program Files (x86)\Application Verifier
2014-12-05 01:58:45 ----D---- C:\ProgramData\Windows App Certification Kit
2014-12-05 01:57:00 ----D---- C:\ProgramData\PreEmptive Solutions
2014-12-05 01:54:25 ----D---- C:\Program Files (x86)\Microsoft ASP.NET
2014-12-05 01:53:52 ----D---- C:\Program Files (x86)\Microsoft Web Tools
2014-12-05 01:53:29 ----D---- C:\Program Files\Microsoft
2014-12-05 01:52:59 ----D---- C:\Program Files\IIS Express
2014-12-05 01:52:59 ----D---- C:\Program Files (x86)\IIS Express
2014-12-05 01:52:32 ----D---- C:\Program Files (x86)\NuGet
2014-12-05 01:52:25 ----D---- C:\Program Files (x86)\Microsoft WCF Data Services
2014-12-05 01:50:27 ----A---- C:\windows\SYSWOW64\D3DX9_43.dll
2014-12-05 01:49:33 ----D---- C:\Program Files (x86)\Windows Kits
2014-12-05 01:44:06 ----D---- C:\Program Files (x86)\HTML Help Workshop
2014-12-05 01:43:32 ----D---- C:\Program Files (x86)\Microsoft Help Viewer
2014-12-05 01:41:58 ----D---- C:\windows\SYSWOW64\1033
2014-12-05 01:41:44 ----D---- C:\Program Files (x86)\Microsoft SQL Server
2014-12-05 01:41:43 ----D---- C:\Program Files\Microsoft SQL Server
2014-12-05 01:36:42 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 11.0
2014-12-05 01:36:40 ----D---- C:\windows\system32\1033
2014-12-05 01:36:33 ----D---- C:\windows\symbols
2014-12-05 01:36:32 ----D---- C:\Program Files\Microsoft Visual Studio 11.0
2014-12-05 01:36:32 ----D---- C:\Program Files (x86)\Microsoft SDKs
2014-12-05 01:17:39 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2014-12-05 01:17:39 ----D---- C:\ProgramData\Package Cache
2014-12-04 13:51:24 ----D---- C:\ProgramData\Applications
2014-12-04 13:50:27 ----D---- C:\Program Files\Microsoft Lync
2014-12-04 13:50:19 ----D---- C:\Program Files (x86)\Microsoft Lync
2014-12-04 13:49:49 ----D---- C:\Program Files (x86)\OCSetup

======List of files/folders modified in the last 1 month======

2014-12-28 23:03:27 ----D---- C:\windows\Temp
2014-12-28 23:03:26 ----D---- C:\windows\system32\drivers
2014-12-28 23:03:26 ----D---- C:\windows\Microsoft.NET
2014-12-28 22:46:41 ----D---- C:\windows\system32\Tasks
2014-12-28 22:31:21 ----D---- C:\Windows
2014-12-28 22:31:20 ----D---- C:\windows\inf
2014-12-28 22:31:14 ----D---- C:\windows\system32\DriverStore
2014-12-28 22:31:04 ----SHD---- C:\System Volume Information
2014-12-28 22:28:18 ----SHD---- C:\windows\Installer
2014-12-28 22:27:08 ----D---- C:\windows\Prefetch
2014-12-28 22:12:23 ----D---- C:\windows\SysWOW64
2014-12-28 21:42:16 ----D---- C:\windows\system32\config
2014-12-28 11:40:34 ----D---- C:\windows\ServiceProfiles
2014-12-28 10:53:30 ----RD---- C:\Program Files (x86)
2014-12-28 10:53:30 ----HD---- C:\ProgramData
2014-12-28 10:34:13 ----D---- C:\Users\petra\AppData\Roaming\Media Player Classic
2014-12-28 10:34:10 ----D---- C:\Users\petra\AppData\Roaming\uTorrent
2014-12-28 10:34:10 ----D---- C:\Program Files (x86)\PDFCreator
2014-12-28 10:30:21 ----D---- C:\windows\Panther
2014-12-28 10:30:19 ----D---- C:\windows\Logs
2014-12-28 10:30:19 ----D---- C:\windows\debug
2014-12-28 10:27:14 ----D---- C:\Program Files
2014-12-28 10:12:29 ----D---- C:\windows\winsxs
2014-12-28 05:25:47 ----D---- C:\ProgramData\PDFC
2014-12-26 17:02:49 ----D---- C:\windows\Tasks
2014-12-26 17:02:01 ----A---- C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-12-26 09:21:37 ----D---- C:\windows\System32
2014-12-26 09:21:37 ----A---- C:\windows\system32\PerfStringBackup.INI
2014-12-25 19:19:47 ----SD---- C:\ProgramData\Microsoft
2014-12-18 06:09:34 ----D---- C:\windows\system32\catroot2
2014-12-12 18:06:35 ----D---- C:\windows\rescache
2014-12-12 16:53:06 ----D---- C:\Program Files\Internet Explorer
2014-12-12 16:53:05 ----D---- C:\windows\SYSWOW64\en-US
2014-12-12 16:53:05 ----D---- C:\windows\SYSWOW64\cs-CZ
2014-12-12 16:53:04 ----D---- C:\windows\system32\en-US
2014-12-12 16:53:04 ----D---- C:\windows\system32\cs-CZ
2014-12-12 16:53:04 ----D---- C:\windows\PolicyDefinitions
2014-12-12 16:53:03 ----D---- C:\Program Files (x86)\Internet Explorer
2014-12-12 16:36:16 ----D---- C:\ProgramData\Microsoft Help
2014-12-12 16:34:59 ----D---- C:\windows\system32\MRT
2014-12-12 16:18:44 ----A---- C:\windows\system32\MRT.exe
2014-12-09 20:07:18 ----A---- C:\windows\SYSWOW64\FlashPlayerApp.exe
2014-12-09 09:45:16 ----D---- C:\Program Files (x86)\Common Files
2014-12-07 18:29:29 ----D---- C:\Users\petra\AppData\Roaming\vlc
2014-12-06 09:04:49 ----RSD---- C:\windows\assembly
2014-12-06 08:19:22 ----A---- C:\windows\SYSWOW64\PerfStringBackup.INI
2014-12-06 07:59:48 ----D---- C:\Program Files\Common Files\Microsoft Shared
2014-12-05 02:04:48 ----SD---- C:\Users\petra\AppData\Roaming\Microsoft
2014-12-05 01:56:43 ----D---- C:\Program Files\MSBuild
2014-12-05 01:49:39 ----RSD---- C:\windows\Fonts
2014-12-05 01:43:40 ----D---- C:\Program Files (x86)\MSBuild

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSHA;AVGIDSHA; C:\windows\system32\DRIVERS\avgidsha.sys [2014-06-18 190744]
R0 Avgloga;AVG Logging Driver; C:\windows\system32\DRIVERS\avgloga.sys [2014-07-18 313624]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\windows\system32\DRIVERS\avgmfx64.sys [2014-10-05 124184]
R0 Avgrkx64;AVG Anti-Rootkit Driver; C:\windows\system32\DRIVERS\avgrkx64.sys [2014-06-18 31512]
R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2010-01-08 409112]
R0 PxHlpa64;PxHlpa64; C:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 Avgdiska;AVG Disk Driver; C:\windows\system32\DRIVERS\avgdiska.sys [2014-06-18 153368]
R1 AVGIDSDriver;AVGIDSDriver; C:\windows\system32\DRIVERS\avgidsdrivera.sys [2014-10-29 263960]
R1 Avgldx64;AVG AVI Loader Driver; C:\windows\system32\DRIVERS\avgldx64.sys [2014-08-28 243480]
R1 Avgtdia;AVG TDI Driver; C:\windows\system32\DRIVERS\avgtdia.sys [2014-10-10 274200]
R1 avgtp;avgtp; \??\C:\windows\system32\drivers\avgtpx64.sys [2014-12-09 50976]
R1 ctxusbm;Citrix USB Monitor Driver; C:\windows\system32\DRIVERS\ctxusbm.sys [2013-09-24 97768]
R1 DNE;DNE LightWeight Filter; C:\windows\system32\DRIVERS\dnelwf64.sys [2013-02-20 119120]
R1 ElbyCDIO;ElbyCDIO Driver; C:\windows\System32\Drivers\ElbyCDIO.sys [2013-03-04 40344]
R1 truecrypt;truecrypt; C:\windows\System32\drivers\truecrypt.sys [2012-08-20 231376]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 cag;Citrix cag plugin for Access Gateway; \??\C:\Program Files\Common Files\Deterministic Networks\Common Files\cag.sys [2013-04-01 102160]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\windows\system32\DRIVERS\agrsm64.sys [2009-11-02 1209856]
R3 ctxva51;Citrix Virtual Adapter; C:\windows\system32\DRIVERS\ctxva51.sys [2014-01-10 46640]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\windows\system32\DRIVERS\HpqKbFiltr.sys [2010-02-16 25912]
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2010-01-25 7842272]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI; C:\windows\system32\drivers\IntcHdmi.sys [2010-03-15 145408]
R3 MBAMProtector;MBAMProtector; \??\C:\windows\system32\drivers\mbam.sys [2014-11-21 25816]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\windows\system32\drivers\MBAMSwissArmy.sys [2014-12-28 129752]
R3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\windows\system32\drivers\mwac.sys [2014-11-21 63704]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver; C:\windows\system32\DRIVERS\netr28x.sys [2010-06-29 931168]
R3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt64win7.sys [2010-05-03 331880]
R3 rtsuvc;HP Webcam [2 MP Fixed]; C:\windows\system32\DRIVERS\rtsuvc.sys [2010-05-21 96384]
R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10322; C:\windows\system32\DRIVERS\stwrt64.sys [2013-06-21 515584]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2010-01-22 305200]
R3 VClone;VClone; C:\windows\system32\DRIVERS\VClone.sys [2013-07-24 34816]
S0 bgbjdiu;bgbjdiu; C:\windows\System32\drivers\nhqt.sys [2014-12-28 79064]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2011-04-28 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 btmaudio;Motorola Bluetooth Audio Service; C:\windows\system32\drivers\btmaud.sys [2010-05-20 42496]
S3 BTMCOM;Bluetooth Serial Port; C:\windows\System32\Drivers\btmcom.sys [2010-04-10 52736]
S3 BTMNET;Motorola Bluetooth Network Adapter Service; C:\windows\system32\DRIVERS\btmnet.sys [2010-06-18 28672]
S3 BTMUSB;Motorola Bluetooth Radio Service; C:\windows\System32\Drivers\btmusb.sys [2010-07-08 3232768]
S3 HtcVCom32;HTC Diagnostic Port; C:\windows\system32\DRIVERS\HtcVComV64.sys [2009-07-30 118872]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\windows\system32\drivers\ccdcmbx64.sys [2011-05-18 19968]
S3 nmwcdc;Nokia USB Communication Driver; C:\windows\system32\drivers\ccdcmbox64.sys [2011-05-18 27136]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\windows\system32\DRIVERS\pccsmcfdx64.sys [2008-08-28 25600]
S3 pciide;pciide; C:\windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 sdbus;sdbus; C:\windows\system32\drivers\sdbus.sys [2010-11-20 109056]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\windows\system32\DRIVERS\ss_bus.sys [2009-09-21 127488]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\windows\system32\DRIVERS\ss_mdfl.sys [2009-09-21 18944]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\windows\system32\DRIVERS\ss_mdm.sys [2009-09-21 161280]
S3 TPM;TPM; C:\windows\system32\drivers\tpm.sys [2009-07-14 38400]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\windows\System32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 upperdev;upperdev; C:\windows\system32\DRIVERS\usbser_lowerfltx64.sys [2011-05-18 9216]
S3 usbser;USB Modem Driver; C:\windows\system32\drivers\usbser.sys [2013-08-29 33280]
S3 UsbserFilt;UsbserFilt; C:\windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2011-05-18 9216]
S3 VSPerfDrv110;Performance Tools Driver 11.0; \??\C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [2012-07-13 70264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AESTFilters;Andrea ST Filters Service; C:\Program Files\IDT\WDM\AESTSr64.exe [2013-06-21 89600]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agr64svc.exe [2009-11-02 16896]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [2014-11-09 3488784]
R2 avgwd;AVG WatchDog; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [2014-11-09 298080]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service; C:\Program Files\Motorola\Bluetooth\obexsrv.exe [2010-05-20 677128]
R2 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2013-11-04 92160]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service; C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2013-05-13 270624]
R2 hpHotkeyMonitor;HP Hotkey Monitor; C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2010-10-01 280120]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2010-01-08 354840]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2010-01-22 73728]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-11-21 969016]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-11-21 1871160]
R2 NOBU;Norton Online Backup; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-05-03 2782552]
R2 nsverctl;Citrix Secure Access Client Service; C:\Program Files\Citrix\Secure Access Client\nsverctl.exe [2014-01-10 157744]
R2 pdfcDispatcher;PDF Document Manager; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-01-12 635416]
R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2012-02-11 129624]
R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10122; C:\Program Files\IDT\WDM\STacSV64.exe [2013-06-21 271360]
R2 vToolbarUpdater18.1.10;vToolbarUpdater18.1.10; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\ToolbarUpdater.exe [2014-12-09 1849368]
R3 Bluetooth Device Manager;Bluetooth Device Manager; C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe [2010-06-29 4181256]
R3 Bluetooth Media Service;Bluetooth Media Service; C:\Program Files\Motorola\Bluetooth\audiosrv.exe [2010-05-20 1096968]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-09-27 1028096]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2013-05-13 1129760]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-07-09 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09 267440]
S3 aspnet_state;Stavová služba ASP.NET; C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2012-07-08 51648]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-09-27 647680]
S3 fussvc;Windows App Certification Kit Fast User Switching Utility Service; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [2012-07-25 139776]
S3 gusvc;Google Updater Service; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-05-09 136120]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\windows\system32\IEEtwCollector.exe [2014-11-22 114688]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2011-06-08 633856]
S3 stllssvr;stllssvr; c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe [2009-10-16 74392]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 Te.Service;Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-07-25 126976]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2010-12-19 1255736]
S4 NetMsmqActivator;@c:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; c:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139680]
S4 NetPipeActivator;@c:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; c:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139680]
S4 NetTcpActivator;@c:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; c:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139680]

-----------------EOF-----------------

#2 Příspěvek od **altrok** » 29 pro 2014 02:44

Zdravim

Pro jistotu zalohujte vsechna data - vypada to na peknou mrchu.

Pouzijte pak tuto utilitu

vyosek píše: Stahnete si TDSSKiller http://media.kaspersky.com/utilities/Vi ... killer.exe
Po spusteni odsouhlaste licencni podminky (klik na Accept)

Kliknete na volbu Change parametrs

V okne Additional Option zakliknete vsechny moznosti

Kliknete na OK

Utilite prikazte, at skenuje - klik na Start Scan

Po dokonceni skenu se objevi okno, zkontrolujte, zda-li je vsude moznost Skip

Pokud moznost Skip nebude primarne nastavena, prekliknete ji na Skip

Pokud mate vsude Skip, kliknete na Continue

Na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt bude log - jeho obsah sem vlozte

petran · #3 Příspěvek od **petran** » 29 pro 2014 15:57

Zálohováno.
TDSSKiller spuštěn, ale ve kroku
- "Po dokonceni skenu se objevi okno, zkontrolujte, zda-li je vsude moznost Skip"
se zadne okno se neobjevilo viz priloha

Log:
15:27:24.0445 0x32a0 TDSS rootkit removing tool 3.0.0.42 Dec 12 2014 00:35:20
15:27:41.0812 0x32a0 ============================================================
15:27:41.0812 0x32a0 Current date / time: 2014/12/29 15:27:41.0812
15:27:41.0812 0x32a0 SystemInfo:
15:27:41.0813 0x32a0
15:27:41.0813 0x32a0 OS Version: 6.1.7601 ServicePack: 1.0
15:27:41.0813 0x32a0 Product type: Workstation
15:27:41.0813 0x32a0 ComputerName: PETRA-HP
15:27:41.0813 0x32a0 UserName: petra
15:27:41.0813 0x32a0 Windows directory: C:\windows
15:27:41.0813 0x32a0 System windows directory: C:\windows
15:27:41.0813 0x32a0 Running under WOW64
15:27:41.0813 0x32a0 Processor architecture: Intel x64
15:27:41.0813 0x32a0 Number of processors: 2
15:27:41.0813 0x32a0 Page size: 0x1000
15:27:41.0813 0x32a0 Boot type: Normal boot
15:27:41.0813 0x32a0 ============================================================
15:27:42.0195 0x32a0 KLMD registered as C:\windows\system32\drivers\96566890.sys
15:27:43.0062 0x32a0 System UUID: {047E67AE-6275-1377-5B78-A8C668E0F627}
15:27:44.0552 0x32a0 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:27:44.0560 0x32a0 ============================================================
15:27:44.0560 0x32a0 \Device\Harddisk0\DR0:
15:27:44.0560 0x32a0 MBR partitions:
15:27:44.0560 0x32a0 Initialize success
15:27:44.0560 0x32a0 ============================================================
15:50:37.0330 0x0b10 ============================================================
15:50:37.0330 0x0b10 Scan started
15:50:37.0330 0x0b10 Mode: Manual; SigCheck; TDLFS;
15:50:37.0330 0x0b10 ============================================================
15:50:37.0330 0x0b10 KSN ping started
15:50:40.0758 0x0b10 KSN ping finished: true
15:50:41.0365 0x0b10 ================ Scan system memory ========================
15:50:41.0365 0x0b10 System memory - ok
15:50:41.0366 0x0b10 ================ Scan services =============================
15:50:41.0452 0x0b10 1394ohci - ok
15:50:41.0466 0x0b10 ACPI - ok
15:50:41.0475 0x0b10 AcpiPmi - ok
15:50:41.0534 0x0b10 AdobeFlashPlayerUpdateSvc - ok
15:50:41.0543 0x0b10 adp94xx - ok
15:50:41.0554 0x0b10 adpahci - ok
15:50:41.0567 0x0b10 adpu320 - ok
15:50:41.0585 0x0b10 AeLookupSvc - ok
15:50:41.0601 0x0b10 AESTFilters - ok
15:50:41.0608 0x0b10 AFD - ok
15:50:41.0624 0x0b10 AgereModemAudio - ok
15:50:41.0634 0x0b10 AgereSoftModem - ok
15:50:41.0646 0x0b10 agp440 - ok
15:50:41.0658 0x0b10 ALG - ok
15:50:41.0683 0x0b10 aliide - ok
15:50:41.0690 0x0b10 amdide - ok
15:50:41.0707 0x0b10 AmdK8 - ok
15:50:41.0717 0x0b10 AmdPPM - ok
15:50:41.0729 0x0b10 amdsata - ok
15:50:41.0742 0x0b10 amdsbs - ok
15:50:41.0755 0x0b10 amdxata - ok
15:50:41.0775 0x0b10 AppID - ok
15:50:41.0786 0x0b10 AppIDSvc - ok
15:50:41.0795 0x0b10 Appinfo - ok
15:50:41.0806 0x0b10 arc - ok
15:50:41.0817 0x0b10 arcsas - ok
15:50:41.0843 0x0b10 aspnet_state - ok
15:50:41.0854 0x0b10 AsyncMac - ok
15:50:41.0868 0x0b10 atapi - ok
15:50:41.0879 0x0b10 AudioEndpointBuilder - ok
15:50:41.0887 0x0b10 AudioSrv - ok
15:50:41.0914 0x0b10 Avgdiska - ok
15:50:41.0936 0x0b10 AVGIDSAgent - ok
15:50:41.0943 0x0b10 AVGIDSDriver - ok
15:50:41.0955 0x0b10 AVGIDSHA - ok
15:50:41.0975 0x0b10 Avgldx64 - ok
15:50:42.0001 0x0b10 Avgloga - ok
15:50:42.0035 0x0b10 Avgmfx64 - ok
15:50:42.0047 0x0b10 Avgrkx64 - ok
15:50:42.0060 0x0b10 Avgtdia - ok
15:50:42.0106 0x0b10 avgtp - ok
15:50:42.0114 0x0b10 avgwd - ok
15:50:42.0138 0x0b10 AxInstSV - ok
15:50:42.0158 0x0b10 b06bdrv - ok
15:50:42.0236 0x0b10 b57nd60a - ok
15:50:42.0274 0x0b10 BDESVC - ok
15:50:42.0293 0x0b10 Beep - ok
15:50:42.0321 0x0b10 BFE - ok
15:50:42.0355 0x0b10 bgbjdiu - ok
15:50:42.0375 0x0b10 BITS - ok
15:50:42.0387 0x0b10 blbdrive - ok
15:50:42.0404 0x0b10 Bluetooth Device Manager - ok
15:50:42.0412 0x0b10 Bluetooth Media Service - ok
15:50:42.0421 0x0b10 Bluetooth OBEX Service - ok
15:50:42.0431 0x0b10 bowser - ok
15:50:42.0441 0x0b10 BrFiltLo - ok
15:50:42.0454 0x0b10 BrFiltUp - ok
15:50:42.0472 0x0b10 Browser - ok
15:50:42.0481 0x0b10 Brserid - ok
15:50:42.0491 0x0b10 BrSerWdm - ok
15:50:42.0525 0x0b10 BrUsbMdm - ok
15:50:42.0535 0x0b10 BrUsbSer - ok
15:50:42.0564 0x0b10 BthEnum - ok
15:50:42.0581 0x0b10 BTHMODEM - ok
15:50:42.0606 0x0b10 BthPan - ok
15:50:42.0617 0x0b10 BTHPORT - ok
15:50:42.0630 0x0b10 bthserv - ok
15:50:42.0646 0x0b10 BTHUSB - ok
15:50:42.0684 0x0b10 btmaudio - ok
15:50:42.0708 0x0b10 BTMCOM - ok
15:50:42.0723 0x0b10 BTMNET - ok
15:50:42.0730 0x0b10 BTMUSB - ok
15:50:42.0756 0x0b10 cag - ok
15:50:42.0776 0x0b10 cdfs - ok
15:50:42.0806 0x0b10 cdrom - ok
15:50:42.0818 0x0b10 CertPropSvc - ok
15:50:42.0835 0x0b10 circlass - ok
15:50:42.0847 0x0b10 CLFS - ok
15:50:42.0864 0x0b10 clr_optimization_v2.0.50727_32 - ok
15:50:42.0870 0x0b10 clr_optimization_v2.0.50727_64 - ok
15:50:42.0891 0x0b10 clr_optimization_v4.0.30319_32 - ok
15:50:42.0901 0x0b10 clr_optimization_v4.0.30319_64 - ok
15:50:42.0917 0x0b10 CmBatt - ok
15:50:42.0942 0x0b10 cmdide - ok
15:50:42.0950 0x0b10 CNG - ok
15:50:42.0976 0x0b10 Compbatt - ok
15:50:42.0987 0x0b10 CompositeBus - ok
15:50:42.0999 0x0b10 COMSysApp - ok
15:50:43.0025 0x0b10 crcdisk - ok
15:50:43.0050 0x0b10 CryptSvc - ok
15:50:43.0088 0x0b10 ctxusbm - ok
15:50:43.0133 0x0b10 ctxva51 - ok
15:50:43.0156 0x0b10 DcomLaunch - ok
15:50:43.0172 0x0b10 defragsvc - ok
15:50:43.0186 0x0b10 DfsC - ok
15:50:43.0226 0x0b10 Dhcp - ok
15:50:43.0235 0x0b10 discache - ok
15:50:43.0264 0x0b10 Disk - ok
15:50:43.0332 0x0b10 DNE - ok
15:50:43.0344 0x0b10 Dnscache - ok
15:50:43.0403 0x0b10 dot3svc - ok
15:50:43.0411 0x0b10 DPS - ok
15:50:43.0427 0x0b10 drmkaud - ok
15:50:43.0437 0x0b10 DXGKrnl - ok
15:50:43.0457 0x0b10 EapHost - ok
15:50:43.0466 0x0b10 ebdrv - ok
15:50:43.0479 0x0b10 EFS - ok
15:50:43.0488 0x0b10 ehRecvr - ok
15:50:43.0500 0x0b10 ehSched - ok
15:50:43.0512 0x0b10 ElbyCDIO - ok
15:50:43.0539 0x0b10 elxstor - ok
15:50:43.0566 0x0b10 ErrDev - ok
15:50:43.0605 0x0b10 EventSystem - ok
15:50:43.0624 0x0b10 exfat - ok
15:50:43.0632 0x0b10 fastfat - ok
15:50:43.0647 0x0b10 Fax - ok
15:50:43.0656 0x0b10 fdc - ok
15:50:43.0665 0x0b10 fdPHost - ok
15:50:43.0679 0x0b10 FDResPub - ok
15:50:43.0686 0x0b10 FileInfo - ok
15:50:43.0697 0x0b10 Filetrace - ok
15:50:43.0714 0x0b10 FLEXnet Licensing Service - ok
15:50:43.0723 0x0b10 FLEXnet Licensing Service 64 - ok
15:50:43.0732 0x0b10 flpydisk - ok
15:50:43.0742 0x0b10 FltMgr - ok
15:50:43.0754 0x0b10 FontCache - ok
15:50:43.0765 0x0b10 FontCache3.0.0.0 - ok
15:50:43.0779 0x0b10 FsDepends - ok
15:50:43.0787 0x0b10 Fs_Rec - ok
15:50:43.0800 0x0b10 fussvc - ok
15:50:43.0810 0x0b10 fvevol - ok
15:50:43.0823 0x0b10 gagp30kx - ok
15:50:43.0838 0x0b10 gpsvc - ok
15:50:43.0889 0x0b10 gusvc - ok
15:50:43.0900 0x0b10 hcw85cir - ok
15:50:43.0918 0x0b10 HdAudAddService - ok
15:50:43.0935 0x0b10 HDAudBus - ok
15:50:43.0942 0x0b10 HidBatt - ok
15:50:43.0958 0x0b10 HidBth - ok
15:50:43.0968 0x0b10 HidIr - ok
15:50:43.0982 0x0b10 hidserv - ok
15:50:44.0014 0x0b10 HidUsb - ok
15:50:44.0023 0x0b10 hkmsvc - ok
15:50:44.0038 0x0b10 HomeGroupListener - ok
15:50:44.0048 0x0b10 HomeGroupProvider - ok
15:50:44.0140 0x0b10 HP Support Assistant Service - ok
15:50:44.0171 0x0b10 HPDrvMntSvc.exe - ok
15:50:44.0189 0x0b10 hpHotkeyMonitor - ok
15:50:44.0201 0x0b10 HpqKbFiltr - ok
15:50:44.0218 0x0b10 hpqwmiex - ok
15:50:44.0249 0x0b10 HpSAMD - ok
15:50:44.0260 0x0b10 HtcVCom32 - ok
15:50:44.0277 0x0b10 HTTP - ok
15:50:44.0286 0x0b10 hwpolicy - ok
15:50:44.0296 0x0b10 i8042prt - ok
15:50:44.0316 0x0b10 IAANTMON - ok
15:50:44.0337 0x0b10 iaStor - ok
15:50:44.0357 0x0b10 iaStorV - ok
15:50:44.0367 0x0b10 idsvc - ok
15:50:44.0434 0x0b10 IEEtwCollectorService - ok
15:50:44.0461 0x0b10 igfx - ok
15:50:44.0478 0x0b10 iirsp - ok
15:50:44.0502 0x0b10 IKEEXT - ok
15:50:44.0527 0x0b10 IntcHdmiAddService - ok
15:50:44.0537 0x0b10 intelide - ok
15:50:44.0555 0x0b10 intelppm - ok
15:50:44.0569 0x0b10 IPBusEnum - ok
15:50:44.0586 0x0b10 IpFilterDriver - ok
15:50:44.0597 0x0b10 iphlpsvc - ok
15:50:44.0612 0x0b10 IPMIDRV - ok
15:50:44.0621 0x0b10 IPNAT - ok
15:50:44.0639 0x0b10 IRENUM - ok
15:50:44.0646 0x0b10 isapnp - ok
15:50:44.0656 0x0b10 iScsiPrt - ok
15:50:44.0671 0x0b10 kbdclass - ok
15:50:44.0686 0x0b10 kbdhid - ok
15:50:44.0696 0x0b10 KeyIso - ok
15:50:44.0704 0x0b10 KSecDD - ok
15:50:44.0712 0x0b10 KSecPkg - ok
15:50:44.0727 0x0b10 ksthunk - ok
15:50:44.0738 0x0b10 KtmRm - ok
15:50:44.0748 0x0b10 LanmanServer - ok
15:50:44.0758 0x0b10 LanmanWorkstation - ok
15:50:44.0789 0x0b10 LightScribeService - ok
15:50:44.0810 0x0b10 lltdio - ok
15:50:44.0823 0x0b10 lltdsvc - ok
15:50:44.0840 0x0b10 lmhosts - ok
15:50:44.0861 0x0b10 LSI_FC - ok
15:50:44.0870 0x0b10 LSI_SAS - ok
15:50:44.0888 0x0b10 LSI_SAS2 - ok
15:50:44.0899 0x0b10 LSI_SCSI - ok
15:50:44.0908 0x0b10 luafv - ok
15:50:44.0940 0x0b10 MBAMProtector - ok
15:50:44.0954 0x0b10 MBAMScheduler - ok
15:50:44.0974 0x0b10 MBAMService - ok
15:50:45.0021 0x0b10 MBAMSwissArmy - ok
15:50:45.0031 0x0b10 MBAMWebAccessControl - ok
15:50:45.0092 0x0b10 Mcx2Svc - ok
15:50:45.0106 0x0b10 megasas - ok
15:50:45.0122 0x0b10 MegaSR - ok
15:50:45.0140 0x0b10 Microsoft Office Groove Audit Service - ok
15:50:45.0158 0x0b10 MMCSS - ok
15:50:45.0167 0x0b10 Modem - ok
15:50:45.0174 0x0b10 monitor - ok
15:50:45.0189 0x0b10 mouclass - ok
15:50:45.0198 0x0b10 mouhid - ok
15:50:45.0208 0x0b10 mountmgr - ok
15:50:45.0216 0x0b10 mpio - ok
15:50:45.0225 0x0b10 mpsdrv - ok
15:50:45.0249 0x0b10 MpsSvc - ok
15:50:45.0258 0x0b10 MRxDAV - ok
15:50:45.0274 0x0b10 mrxsmb - ok
15:50:45.0282 0x0b10 mrxsmb10 - ok
15:50:45.0291 0x0b10 mrxsmb20 - ok
15:50:45.0299 0x0b10 msahci - ok
15:50:45.0308 0x0b10 msdsm - ok
15:50:45.0319 0x0b10 MSDTC - ok
15:50:45.0340 0x0b10 Msfs - ok
15:50:45.0346 0x0b10 mshidkmdf - ok
15:50:45.0357 0x0b10 msisadrv - ok
15:50:45.0364 0x0b10 MSiSCSI - ok
15:50:45.0373 0x0b10 msiserver - ok
15:50:45.0397 0x0b10 MSKSSRV - ok
15:50:45.0408 0x0b10 MSPCLOCK - ok
15:50:45.0414 0x0b10 MSPQM - ok
15:50:45.0424 0x0b10 MsRPC - ok
15:50:45.0444 0x0b10 mssmbios - ok
15:50:45.0457 0x0b10 MSTEE - ok
15:50:45.0476 0x0b10 MTConfig - ok
15:50:45.0494 0x0b10 Mup - ok
15:50:45.0508 0x0b10 napagent - ok
15:50:45.0533 0x0b10 NativeWifiP - ok
15:50:45.0542 0x0b10 NDIS - ok
15:50:45.0557 0x0b10 NdisCap - ok
15:50:45.0576 0x0b10 NdisTapi - ok
15:50:45.0584 0x0b10 Ndisuio - ok
15:50:45.0599 0x0b10 NdisWan - ok
15:50:45.0609 0x0b10 NDProxy - ok
15:50:45.0621 0x0b10 NetBIOS - ok
15:50:45.0632 0x0b10 NetBT - ok
15:50:45.0642 0x0b10 Netlogon - ok
15:50:45.0649 0x0b10 Netman - ok
15:50:45.0660 0x0b10 NetMsmqActivator - ok
15:50:45.0669 0x0b10 NetPipeActivator - ok
15:50:45.0679 0x0b10 netprofm - ok
15:50:45.0698 0x0b10 netr28x - ok
15:50:45.0726 0x0b10 NetTcpActivator - ok
15:50:45.0736 0x0b10 NetTcpPortSharing - ok
15:50:45.0753 0x0b10 nfrd960 - ok
15:50:45.0765 0x0b10 NlaSvc - ok
15:50:45.0778 0x0b10 nmwcd - ok
15:50:45.0787 0x0b10 nmwcdc - ok
15:50:45.0816 0x0b10 NOBU - ok
15:50:45.0825 0x0b10 Npfs - ok
15:50:45.0843 0x0b10 nsi - ok
15:50:45.0852 0x0b10 nsiproxy - ok
15:50:45.0880 0x0b10 nsverctl - ok
15:50:45.0895 0x0b10 Ntfs - ok
15:50:45.0905 0x0b10 Null - ok
15:50:45.0918 0x0b10 nvraid - ok
15:50:45.0931 0x0b10 nvstor - ok
15:50:45.0947 0x0b10 nv_agp - ok
15:50:45.0960 0x0b10 odserv - ok
15:50:45.0978 0x0b10 ohci1394 - ok
15:50:46.0061 0x0b10 ose - ok
15:50:46.0073 0x0b10 p2pimsvc - ok
15:50:46.0086 0x0b10 p2psvc - ok
15:50:46.0095 0x0b10 Parport - ok
15:50:46.0105 0x0b10 partmgr - ok
15:50:46.0115 0x0b10 PcaSvc - ok
15:50:46.0165 0x0b10 pccsmcfd - ok
15:50:46.0181 0x0b10 pci - ok
15:50:46.0190 0x0b10 pciide - ok
15:50:46.0201 0x0b10 pcmcia - ok
15:50:46.0218 0x0b10 pcw - ok
15:50:46.0230 0x0b10 pdfcDispatcher - ok
15:50:46.0239 0x0b10 PEAUTH - ok
15:50:46.0267 0x0b10 PerfHost - ok
15:50:46.0298 0x0b10 pla - ok
15:50:46.0315 0x0b10 PlugPlay - ok
15:50:46.0324 0x0b10 PNRPAutoReg - ok
15:50:46.0341 0x0b10 PNRPsvc - ok
15:50:46.0354 0x0b10 PolicyAgent - ok
15:50:46.0369 0x0b10 Power - ok
15:50:46.0386 0x0b10 PptpMiniport - ok
15:50:46.0396 0x0b10 Processor - ok
15:50:46.0404 0x0b10 ProfSvc - ok
15:50:46.0414 0x0b10 ProtectedStorage - ok
15:50:46.0424 0x0b10 Psched - ok
15:50:46.0441 0x0b10 PSI_SVC_2 - ok
15:50:46.0450 0x0b10 PxHlpa64 - ok
15:50:46.0458 0x0b10 ql2300 - ok
15:50:46.0469 0x0b10 ql40xx - ok
15:50:46.0482 0x0b10 QWAVE - ok
15:50:46.0492 0x0b10 QWAVEdrv - ok
15:50:46.0506 0x0b10 RasAcd - ok
15:50:46.0535 0x0b10 RasAgileVpn - ok
15:50:46.0547 0x0b10 RasAuto - ok
15:50:46.0557 0x0b10 Rasl2tp - ok
15:50:46.0566 0x0b10 RasMan - ok
15:50:46.0575 0x0b10 RasPppoe - ok
15:50:46.0586 0x0b10 RasSstp - ok
15:50:46.0597 0x0b10 rdbss - ok
15:50:46.0606 0x0b10 rdpbus - ok
15:50:46.0627 0x0b10 RDPCDD - ok
15:50:46.0643 0x0b10 RDPENCDD - ok
15:50:46.0669 0x0b10 RDPREFMP - ok
15:50:46.0678 0x0b10 RDPWD - ok
15:50:46.0697 0x0b10 rdyboost - ok
15:50:46.0704 0x0b10 RemoteAccess - ok
15:50:46.0714 0x0b10 RemoteRegistry - ok
15:50:46.0749 0x0b10 RFCOMM - ok
15:50:46.0770 0x0b10 RpcEptMapper - ok
15:50:46.0778 0x0b10 RpcLocator - ok
15:50:46.0788 0x0b10 RpcSs - ok
15:50:46.0798 0x0b10 rspndr - ok
15:50:46.0805 0x0b10 RTL8167 - ok
15:50:46.0821 0x0b10 rtsuvc - ok
15:50:46.0832 0x0b10 SamSs - ok
15:50:46.0839 0x0b10 sbp2port - ok
15:50:46.0860 0x0b10 SCardSvr - ok
15:50:46.0866 0x0b10 scfilter - ok
15:50:46.0876 0x0b10 Schedule - ok
15:50:46.0887 0x0b10 SCPolicySvc - ok
15:50:46.0934 0x0b10 sdbus - ok
15:50:46.0942 0x0b10 SDRSVC - ok
15:50:46.0961 0x0b10 secdrv - ok
15:50:46.0972 0x0b10 seclogon - ok
15:50:46.0985 0x0b10 SENS - ok
15:50:47.0002 0x0b10 SensrSvc - ok
15:50:47.0013 0x0b10 Serenum - ok
15:50:47.0028 0x0b10 Serial - ok
15:50:47.0040 0x0b10 sermouse - ok
15:50:47.0100 0x0b10 ServiceLayer - ok
15:50:47.0125 0x0b10 SessionEnv - ok
15:50:47.0135 0x0b10 sffdisk - ok
15:50:47.0144 0x0b10 sffp_mmc - ok
15:50:47.0153 0x0b10 sffp_sd - ok
15:50:47.0161 0x0b10 sfloppy - ok
15:50:47.0172 0x0b10 SharedAccess - ok
15:50:47.0184 0x0b10 ShellHWDetection - ok
15:50:47.0212 0x0b10 SiSRaid2 - ok
15:50:47.0228 0x0b10 SiSRaid4 - ok
15:50:47.0260 0x0b10 SkypeUpdate - ok
15:50:47.0286 0x0b10 Smb - ok
15:50:47.0329 0x0b10 SNMPTRAP - ok
15:50:47.0341 0x0b10 spldr - ok
15:50:47.0355 0x0b10 Spooler - ok
15:50:47.0365 0x0b10 sppsvc - ok
15:50:47.0393 0x0b10 sppuinotify - ok
15:50:47.0409 0x0b10 SQLWriter - ok
15:50:47.0419 0x0b10 srv - ok
15:50:47.0429 0x0b10 srv2 - ok
15:50:47.0443 0x0b10 srvnet - ok
15:50:47.0458 0x0b10 SSDPSRV - ok
15:50:47.0471 0x0b10 SstpSvc - ok
15:50:47.0486 0x0b10 ss_bus - ok
15:50:47.0503 0x0b10 ss_mdfl - ok
15:50:47.0515 0x0b10 ss_mdm - ok
15:50:47.0544 0x0b10 STacSV - ok
15:50:47.0557 0x0b10 stexstor - ok
15:50:47.0577 0x0b10 STHDA - ok
15:50:47.0592 0x0b10 stisvc - ok
15:50:47.0601 0x0b10 stllssvr - ok
15:50:47.0612 0x0b10 swenum - ok
15:50:47.0679 0x0b10 SwitchBoard - ok
15:50:47.0707 0x0b10 swprv - ok
15:50:47.0734 0x0b10 SynTP - ok
15:50:47.0744 0x0b10 SysMain - ok
15:50:47.0768 0x0b10 TabletInputService - ok
15:50:47.0825 0x0b10 TapiSrv - ok
15:50:47.0838 0x0b10 TBS - ok
15:50:47.0845 0x0b10 Tcpip - ok
15:50:47.0861 0x0b10 TCPIP6 - ok
15:50:47.0881 0x0b10 tcpipreg - ok
15:50:47.0898 0x0b10 TDPIPE - ok
15:50:47.0914 0x0b10 TDTCP - ok
15:50:47.0951 0x0b10 tdx - ok
15:50:47.0959 0x0b10 Te.Service - ok
15:50:47.0972 0x0b10 TermDD - ok
15:50:47.0981 0x0b10 TermService - ok
15:50:47.0989 0x0b10 Themes - ok
15:50:48.0006 0x0b10 THREADORDER - ok
15:50:48.0018 0x0b10 TPM - ok
15:50:48.0028 0x0b10 TrkWks - ok
15:50:48.0074 0x0b10 truecrypt - ok
15:50:48.0083 0x0b10 TrustedInstaller - ok
15:50:48.0098 0x0b10 tssecsrv - ok
15:50:48.0113 0x0b10 TsUsbFlt - ok
15:50:48.0135 0x0b10 tunnel - ok
15:50:48.0144 0x0b10 uagp35 - ok
15:50:48.0153 0x0b10 udfs - ok
15:50:48.0173 0x0b10 UI0Detect - ok
15:50:48.0192 0x0b10 uliagpkx - ok
15:50:48.0219 0x0b10 umbus - ok
15:50:48.0228 0x0b10 UmPass - ok
15:50:48.0236 0x0b10 upnphost - ok
15:50:48.0286 0x0b10 upperdev - ok
15:50:48.0317 0x0b10 usbaudio - ok
15:50:48.0326 0x0b10 usbccgp - ok
15:50:48.0344 0x0b10 usbcir - ok
15:50:48.0352 0x0b10 usbehci - ok
15:50:48.0361 0x0b10 usbhub - ok
15:50:48.0387 0x0b10 usbohci - ok
15:50:48.0398 0x0b10 usbprint - ok
15:50:48.0415 0x0b10 usbser - ok
15:50:48.0429 0x0b10 UsbserFilt - ok
15:50:48.0444 0x0b10 USBSTOR - ok
15:50:48.0462 0x0b10 usbuhci - ok
15:50:48.0477 0x0b10 usbvideo - ok
15:50:48.0485 0x0b10 UxSms - ok
15:50:48.0494 0x0b10 VaultSvc - ok
15:50:48.0525 0x0b10 VClone - ok
15:50:48.0542 0x0b10 vdrvroot - ok
15:50:48.0583 0x0b10 vds - ok
15:50:48.0596 0x0b10 vga - ok
15:50:48.0611 0x0b10 VgaSave - ok
15:50:48.0616 0x0b10 vhdmp - ok
15:50:48.0627 0x0b10 viaide - ok
15:50:48.0638 0x0b10 volmgr - ok
15:50:48.0649 0x0b10 volmgrx - ok
15:50:48.0660 0x0b10 volsnap - ok
15:50:48.0681 0x0b10 vsmraid - ok
15:50:48.0695 0x0b10 VSPerfDrv110 - ok
15:50:48.0705 0x0b10 VSS - ok
15:50:48.0748 0x0b10 vToolbarUpdater18.1.10 - ok
15:50:48.0754 0x0b10 vwifibus - ok
15:50:48.0777 0x0b10 vwififlt - ok
15:50:48.0786 0x0b10 W32Time - ok
15:50:48.0804 0x0b10 WacomPen - ok
15:50:48.0814 0x0b10 WANARP - ok
15:50:48.0824 0x0b10 Wanarpv6 - ok
15:50:48.0843 0x0b10 WatAdminSvc - ok
15:50:48.0856 0x0b10 wbengine - ok
15:50:48.0865 0x0b10 WbioSrvc - ok
15:50:48.0873 0x0b10 wcncsvc - ok
15:50:48.0884 0x0b10 WcsPlugInService - ok
15:50:48.0894 0x0b10 Wd - ok
15:50:48.0902 0x0b10 Wdf01000 - ok
15:50:48.0912 0x0b10 WdiServiceHost - ok
15:50:48.0920 0x0b10 WdiSystemHost - ok
15:50:48.0932 0x0b10 WebClient - ok
15:50:48.0939 0x0b10 Wecsvc - ok
15:50:48.0950 0x0b10 wercplsupport - ok
15:50:48.0974 0x0b10 WerSvc - ok
15:50:48.0999 0x0b10 WfpLwf - ok
15:50:49.0014 0x0b10 WIMMount - ok
15:50:49.0029 0x0b10 WinDefend - ok
15:50:49.0083 0x0b10 WinHttpAutoProxySvc - ok
15:50:49.0097 0x0b10 Winmgmt - ok
15:50:49.0112 0x0b10 WinRM - ok
15:50:49.0137 0x0b10 WinUsb - ok
15:50:49.0147 0x0b10 Wlansvc - ok
15:50:49.0157 0x0b10 wlidsvc - ok
15:50:49.0435 0x0b10 WmiAcpi - ok
15:50:49.0449 0x0b10 wmiApSrv - ok
15:50:49.0459 0x0b10 WMPNetworkSvc - ok
15:50:49.0474 0x0b10 WPCSvc - ok
15:50:49.0486 0x0b10 WPDBusEnum - ok
15:50:49.0499 0x0b10 ws2ifsl - ok
15:50:49.0509 0x0b10 wscsvc - ok
15:50:49.0518 0x0b10 WSearch - ok
15:50:49.0534 0x0b10 wuauserv - ok
15:50:49.0549 0x0b10 WudfPf - ok
15:50:49.0581 0x0b10 WUDFRd - ok
15:50:49.0592 0x0b10 wudfsvc - ok
15:50:49.0610 0x0b10 WwanSvc - ok
15:50:49.0673 0x0b10 ================ Scan global ===============================
15:50:49.0674 0x0b10 [ Global ] - ok
15:50:49.0678 0x0b10 ================ Scan MBR ==================================
15:50:49.0699 0x0b10 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:50:50.0062 0x0b10 \Device\Harddisk0\DR0 - ok
15:50:50.0063 0x0b10 ================ Scan VBR ==================================
15:50:50.0063 0x0b10 ================ Scan generic autorun ======================
15:50:50.0063 0x0b10 IAAnotif - ok
15:50:50.0069 0x0b10 SynTPEnh - ok
15:50:50.0071 0x0b10 BTMTrayAgent - ok
15:50:50.0078 0x0b10 IgfxTray - ok
15:50:50.0082 0x0b10 HotKeysCmds - ok
15:50:50.0085 0x0b10 Persistence - ok
15:50:50.0092 0x0b10 SmartSoft PDF Printer Agent - ok
15:50:50.0097 0x0b10 SysTrayApp - ok
15:50:50.0101 0x0b10 AdobeAAMUpdater-1.0 - ok
15:50:50.0107 0x0b10 NCPluginUpdater - ok
15:50:50.0111 0x0b10 PDF Complete - ok
15:50:50.0118 0x0b10 WirelessAssistant - ok
15:50:50.0120 0x0b10 NortonOnlineBackup - ok
15:50:50.0126 0x0b10 WinampAgent - ok
15:50:50.0131 0x0b10 VirtualCloneDrive - ok
15:50:50.0139 0x0b10 GrooveMonitor - ok
15:50:50.0155 0x0b10 HTC Sync - ok
15:50:50.0160 0x0b10 PDFPrint - ok
15:50:50.0171 0x0b10 NokiaMServer - ok
15:50:50.0171 0x0b10 SunJavaUpdateSched - ok
15:50:50.0189 0x0b10 ConnectionCenter - ok
15:50:50.0193 0x0b10 QLBController - ok
15:50:50.0197 0x0b10 Nikon Message Center 2 - ok
15:50:50.0205 0x0b10 Adobe Reader Speed Launcher - ok
15:50:50.0205 0x0b10 Adobe ARM - ok
15:50:50.0217 0x0b10 Malwarebytes Anti-Malware (cleanup) - ok
15:50:50.0221 0x0b10 Sidebar - ok
15:50:50.0225 0x0b10 mctadmin - ok
15:50:50.0231 0x0b10 Sidebar - ok
15:50:50.0236 0x0b10 mctadmin - ok
15:50:50.0244 0x0b10 HPAdvisorDock - ok
15:50:50.0248 0x0b10 LightScribe Control Panel - ok
15:50:50.0254 0x0b10 Google Update - ok
15:50:51.0519 0x0b10 AV detected via SS2: AVG AntiVirus Free Edition 2015, C:\Program Files (x86)\AVG\AVG2015\avgwsc.exe ( 15.0.0.5577 ), 0x41000 ( enabled : updated )
15:50:51.0730 0x0b10 Win FW state via NFP2: enabled
15:50:54.0660 0x0b10 ============================================================
15:50:54.0660 0x0b10 Scan finished
15:50:54.0660 0x0b10 ============================================================
15:50:54.0680 0x07d0 Detected object count: 0
15:50:54.0680 0x07d0 Actual detected object count: 0
15:51:41.0855 0x2f68 ============================================================
15:51:41.0855 0x2f68 Scan started
15:51:41.0855 0x2f68 Mode: Manual; SigCheck; TDLFS;
15:51:41.0855 0x2f68 ============================================================
15:51:41.0855 0x2f68 KSN ping started
15:51:44.0661 0x2f68 KSN ping finished: true
15:51:44.0910 0x2f68 ================ Scan system memory ========================
15:51:44.0910 0x2f68 System memory - ok
15:51:44.0911 0x2f68 ================ Scan services =============================
15:51:44.0947 0x2f68 1394ohci - ok
15:51:44.0957 0x2f68 ACPI - ok
15:51:44.0966 0x2f68 AcpiPmi - ok
15:51:44.0977 0x2f68 AdobeFlashPlayerUpdateSvc - ok
15:51:44.0985 0x2f68 adp94xx - ok
15:51:44.0997 0x2f68 adpahci - ok
15:51:45.0006 0x2f68 adpu320 - ok
15:51:45.0017 0x2f68 AeLookupSvc - ok
15:51:45.0027 0x2f68 AESTFilters - ok
15:51:45.0044 0x2f68 AFD - ok
15:51:45.0061 0x2f68 AgereModemAudio - ok
15:51:45.0069 0x2f68 AgereSoftModem - ok
15:51:45.0087 0x2f68 agp440 - ok
15:51:45.0097 0x2f68 ALG - ok
15:51:45.0106 0x2f68 aliide - ok
15:51:45.0112 0x2f68 amdide - ok
15:51:45.0120 0x2f68 AmdK8 - ok
15:51:45.0132 0x2f68 AmdPPM - ok
15:51:45.0141 0x2f68 amdsata - ok
15:51:45.0149 0x2f68 amdsbs - ok
15:51:45.0158 0x2f68 amdxata - ok
15:51:45.0166 0x2f68 AppID - ok
15:51:45.0177 0x2f68 AppIDSvc - ok
15:51:45.0189 0x2f68 Appinfo - ok
15:51:45.0199 0x2f68 arc - ok
15:51:45.0213 0x2f68 arcsas - ok
15:51:45.0235 0x2f68 aspnet_state - ok
15:51:45.0248 0x2f68 AsyncMac - ok
15:51:45.0256 0x2f68 atapi - ok
15:51:45.0267 0x2f68 AudioEndpointBuilder - ok
15:51:45.0277 0x2f68 AudioSrv - ok
15:51:45.0296 0x2f68 Avgdiska - ok
15:51:45.0305 0x2f68 AVGIDSAgent - ok
15:51:45.0316 0x2f68 AVGIDSDriver - ok
15:51:45.0328 0x2f68 AVGIDSHA - ok
15:51:45.0338 0x2f68 Avgldx64 - ok
15:51:45.0350 0x2f68 Avgloga - ok
15:51:45.0363 0x2f68 Avgmfx64 - ok
15:51:45.0373 0x2f68 Avgrkx64 - ok
15:51:45.0384 0x2f68 Avgtdia - ok
15:51:45.0394 0x2f68 avgtp - ok
15:51:45.0402 0x2f68 avgwd - ok
15:51:45.0410 0x2f68 AxInstSV - ok
15:51:45.0417 0x2f68 b06bdrv - ok
15:51:45.0427 0x2f68 b57nd60a - ok
15:51:45.0442 0x2f68 BDESVC - ok
15:51:45.0449 0x2f68 Beep - ok
15:51:45.0458 0x2f68 BFE - ok
15:51:45.0467 0x2f68 bgbjdiu - ok
15:51:45.0478 0x2f68 BITS - ok
15:51:45.0488 0x2f68 blbdrive - ok
15:51:45.0496 0x2f68 Bluetooth Device Manager - ok
15:51:45.0504 0x2f68 Bluetooth Media Service - ok
15:51:45.0513 0x2f68 Bluetooth OBEX Service - ok
15:51:45.0521 0x2f68 bowser - ok
15:51:45.0533 0x2f68 BrFiltLo - ok
15:51:45.0543 0x2f68 BrFiltUp - ok
15:51:45.0553 0x2f68 Browser - ok
15:51:45.0562 0x2f68 Brserid - ok
15:51:45.0572 0x2f68 BrSerWdm - ok
15:51:45.0581 0x2f68 BrUsbMdm - ok
15:51:45.0589 0x2f68 BrUsbSer - ok
15:51:45.0597 0x2f68 BthEnum - ok
15:51:45.0605 0x2f68 BTHMODEM - ok
15:51:45.0614 0x2f68 BthPan - ok
15:51:45.0622 0x2f68 BTHPORT - ok
15:51:45.0634 0x2f68 bthserv - ok
15:51:45.0649 0x2f68 BTHUSB - ok
15:51:45.0669 0x2f68 btmaudio - ok
15:51:45.0685 0x2f68 BTMCOM - ok
15:51:45.0699 0x2f68 BTMNET - ok
15:51:45.0707 0x2f68 BTMUSB - ok
15:51:45.0716 0x2f68 cag - ok
15:51:45.0723 0x2f68 cdfs - ok
15:51:45.0736 0x2f68 cdrom - ok
15:51:45.0749 0x2f68 CertPropSvc - ok
15:51:45.0756 0x2f68 circlass - ok
15:51:45.0770 0x2f68 CLFS - ok
15:51:45.0780 0x2f68 clr_optimization_v2.0.50727_32 - ok
15:51:45.0789 0x2f68 clr_optimization_v2.0.50727_64 - ok
15:51:45.0798 0x2f68 clr_optimization_v4.0.30319_32 - ok
15:51:45.0806 0x2f68 clr_optimization_v4.0.30319_64 - ok
15:51:45.0815 0x2f68 CmBatt - ok
15:51:45.0824 0x2f68 cmdide - ok
15:51:45.0835 0x2f68 CNG - ok
15:51:45.0849 0x2f68 Compbatt - ok
15:51:45.0860 0x2f68 CompositeBus - ok
15:51:45.0875 0x2f68 COMSysApp - ok
15:51:45.0884 0x2f68 crcdisk - ok
15:51:45.0899 0x2f68 CryptSvc - ok
15:51:45.0909 0x2f68 ctxusbm - ok
15:51:45.0918 0x2f68 ctxva51 - ok
15:51:45.0932 0x2f68 DcomLaunch - ok
15:51:45.0944 0x2f68 defragsvc - ok
15:51:45.0961 0x2f68 DfsC - ok
15:51:45.0969 0x2f68 Dhcp - ok
15:51:45.0978 0x2f68 discache - ok
15:51:45.0992 0x2f68 Disk - ok
15:51:46.0002 0x2f68 DNE - ok
15:51:46.0010 0x2f68 Dnscache - ok
15:51:46.0021 0x2f68 dot3svc - ok
15:51:46.0031 0x2f68 DPS - ok
15:51:46.0041 0x2f68 drmkaud - ok
15:51:46.0053 0x2f68 DXGKrnl - ok
15:51:46.0062 0x2f68 EapHost - ok
15:51:46.0075 0x2f68 ebdrv - ok
15:51:46.0083 0x2f68 EFS - ok
15:51:46.0091 0x2f68 ehRecvr - ok
15:51:46.0100 0x2f68 ehSched - ok
15:51:46.0108 0x2f68 ElbyCDIO - ok
15:51:46.0116 0x2f68 elxstor - ok
15:51:46.0125 0x2f68 ErrDev - ok
15:51:46.0147 0x2f68 EventSystem - ok
15:51:46.0156 0x2f68 exfat - ok
15:51:46.0168 0x2f68 fastfat - ok
15:51:46.0177 0x2f68 Fax - ok
15:51:46.0187 0x2f68 fdc - ok
15:51:46.0196 0x2f68 fdPHost - ok
15:51:46.0204 0x2f68 FDResPub - ok
15:51:46.0213 0x2f68 FileInfo - ok
15:51:46.0222 0x2f68 Filetrace - ok
15:51:46.0232 0x2f68 FLEXnet Licensing Service - ok
15:51:46.0244 0x2f68 FLEXnet Licensing Service 64 - ok
15:51:46.0257 0x2f68 flpydisk - ok
15:51:46.0270 0x2f68 FltMgr - ok
15:51:46.0284 0x2f68 FontCache - ok
15:51:46.0296 0x2f68 FontCache3.0.0.0 - ok
15:51:46.0309 0x2f68 FsDepends - ok
15:51:46.0320 0x2f68 Fs_Rec - ok
15:51:46.0331 0x2f68 fussvc - ok
15:51:46.0343 0x2f68 fvevol - ok
15:51:46.0355 0x2f68 gagp30kx - ok
15:51:46.0367 0x2f68 gpsvc - ok
15:51:46.0377 0x2f68 gusvc - ok
15:51:46.0389 0x2f68 hcw85cir - ok
15:51:46.0398 0x2f68 HdAudAddService - ok
15:51:46.0406 0x2f68 HDAudBus - ok
15:51:46.0414 0x2f68 HidBatt - ok
15:51:46.0422 0x2f68 HidBth - ok
15:51:46.0433 0x2f68 HidIr - ok
15:51:46.0444 0x2f68 hidserv - ok
15:51:46.0456 0x2f68 HidUsb - ok
15:51:46.0468 0x2f68 hkmsvc - ok
15:51:46.0478 0x2f68 HomeGroupListener - ok
15:51:46.0486 0x2f68 HomeGroupProvider - ok
15:51:46.0494 0x2f68 HP Support Assistant Service - ok
15:51:46.0503 0x2f68 HPDrvMntSvc.exe - ok
15:51:46.0512 0x2f68 hpHotkeyMonitor - ok
15:51:46.0520 0x2f68 HpqKbFiltr - ok
15:51:46.0534 0x2f68 hpqwmiex - ok
15:51:46.0546 0x2f68 HpSAMD - ok
15:51:46.0560 0x2f68 HtcVCom32 - ok
15:51:46.0574 0x2f68 HTTP - ok
15:51:46.0584 0x2f68 hwpolicy - ok
15:51:46.0596 0x2f68 i8042prt - ok
15:51:46.0605 0x2f68 IAANTMON - ok
15:51:46.0618 0x2f68 iaStor - ok
15:51:46.0627 0x2f68 iaStorV - ok
15:51:46.0641 0x2f68 idsvc - ok
15:51:46.0650 0x2f68 IEEtwCollectorService - ok
15:51:46.0662 0x2f68 igfx - ok
15:51:46.0675 0x2f68 iirsp - ok
15:51:46.0688 0x2f68 IKEEXT - ok
15:51:46.0701 0x2f68 IntcHdmiAddService - ok
15:51:46.0710 0x2f68 intelide - ok
15:51:46.0719 0x2f68 intelppm - ok
15:51:46.0728 0x2f68 IPBusEnum - ok
15:51:46.0739 0x2f68 IpFilterDriver - ok
15:51:46.0750 0x2f68 iphlpsvc - ok
15:51:46.0763 0x2f68 IPMIDRV - ok
15:51:46.0770 0x2f68 IPNAT - ok
15:51:46.0780 0x2f68 IRENUM - ok
15:51:46.0788 0x2f68 isapnp - ok
15:51:46.0795 0x2f68 iScsiPrt - ok
15:51:46.0807 0x2f68 kbdclass - ok
15:51:46.0816 0x2f68 kbdhid - ok
15:51:46.0824 0x2f68 KeyIso - ok
15:51:46.0836 0x2f68 KSecDD - ok
15:51:46.0846 0x2f68 KSecPkg - ok
15:51:46.0868 0x2f68 ksthunk - ok
15:51:46.0883 0x2f68 KtmRm - ok
15:51:46.0892 0x2f68 LanmanServer - ok
15:51:46.0902 0x2f68 LanmanWorkstation - ok
15:51:46.0915 0x2f68 LightScribeService - ok
15:51:46.0924 0x2f68 lltdio - ok
15:51:46.0935 0x2f68 lltdsvc - ok
15:51:46.0946 0x2f68 lmhosts - ok
15:51:46.0960 0x2f68 LSI_FC - ok
15:51:46.0968 0x2f68 LSI_SAS - ok
15:51:46.0977 0x2f68 LSI_SAS2 - ok
15:51:46.0989 0x2f68 LSI_SCSI - ok
15:51:46.0998 0x2f68 luafv - ok
15:51:47.0009 0x2f68 MBAMProtector - ok
15:51:47.0019 0x2f68 MBAMScheduler - ok
15:51:47.0030 0x2f68 MBAMService - ok
15:51:47.0041 0x2f68 MBAMSwissArmy - ok
15:51:47.0052 0x2f68 MBAMWebAccessControl - ok
15:51:47.0061 0x2f68 Mcx2Svc - ok
15:51:47.0073 0x2f68 megasas - ok
15:51:47.0082 0x2f68 MegaSR - ok
15:51:47.0090 0x2f68 Microsoft Office Groove Audit Service - ok
15:51:47.0098 0x2f68 MMCSS - ok
15:51:47.0109 0x2f68 Modem - ok
15:51:47.0118 0x2f68 monitor - ok
15:51:47.0127 0x2f68 mouclass - ok
15:51:47.0139 0x2f68 mouhid - ok
15:51:47.0147 0x2f68 mountmgr - ok
15:51:47.0167 0x2f68 mpio - ok
15:51:47.0185 0x2f68 mpsdrv - ok
15:51:47.0197 0x2f68 MpsSvc - ok
15:51:47.0206 0x2f68 MRxDAV - ok
15:51:47.0214 0x2f68 mrxsmb - ok
15:51:47.0224 0x2f68 mrxsmb10 - ok
15:51:47.0232 0x2f68 mrxsmb20 - ok
15:51:47.0246 0x2f68 msahci - ok
15:51:47.0261 0x2f68 msdsm - ok
15:51:47.0276 0x2f68 MSDTC - ok
15:51:47.0304 0x2f68 Msfs - ok
15:51:47.0321 0x2f68 mshidkmdf - ok
15:51:47.0335 0x2f68 msisadrv - ok
15:51:47.0341 0x2f68 MSiSCSI - ok
15:51:47.0354 0x2f68 msiserver - ok
15:51:47.0365 0x2f68 MSKSSRV - ok
15:51:47.0388 0x2f68 MSPCLOCK - ok
15:51:47.0401 0x2f68 MSPQM - ok
15:51:47.0418 0x2f68 MsRPC - ok
15:51:47.0435 0x2f68 mssmbios - ok
15:51:47.0444 0x2f68 MSTEE - ok
15:51:47.0455 0x2f68 MTConfig - ok
15:51:47.0465 0x2f68 Mup - ok
15:51:47.0483 0x2f68 napagent - ok
15:51:47.0492 0x2f68 NativeWifiP - ok
15:51:47.0510 0x2f68 NDIS - ok
15:51:47.0524 0x2f68 NdisCap - ok
15:51:47.0541 0x2f68 NdisTapi - ok
15:51:47.0556 0x2f68 Ndisuio - ok
15:51:47.0569 0x2f68 NdisWan - ok
15:51:47.0578 0x2f68 NDProxy - ok
15:51:47.0590 0x2f68 NetBIOS - ok
15:51:47.0601 0x2f68 NetBT - ok
15:51:47.0610 0x2f68 Netlogon - ok
15:51:47.0622 0x2f68 Netman - ok
15:51:47.0632 0x2f68 NetMsmqActivator - ok
15:51:47.0645 0x2f68 NetPipeActivator - ok
15:51:47.0655 0x2f68 netprofm - ok
15:51:47.0664 0x2f68 netr28x - ok
15:51:47.0674 0x2f68 NetTcpActivator - ok
15:51:47.0685 0x2f68 NetTcpPortSharing - ok
15:51:47.0696 0x2f68 nfrd960 - ok
15:51:47.0709 0x2f68 NlaSvc - ok
15:51:47.0720 0x2f68 nmwcd - ok
15:51:47.0729 0x2f68 nmwcdc - ok
15:51:47.0741 0x2f68 NOBU - ok
15:51:47.0754 0x2f68 Npfs - ok
15:51:47.0769 0x2f68 nsi - ok
15:51:47.0781 0x2f68 nsiproxy - ok
15:51:47.0790 0x2f68 nsverctl - ok
15:51:47.0814 0x2f68 Ntfs - ok
15:51:47.0826 0x2f68 Null - ok
15:51:47.0834 0x2f68 nvraid - ok
15:51:47.0844 0x2f68 nvstor - ok
15:51:47.0852 0x2f68 nv_agp - ok
15:51:47.0860 0x2f68 odserv - ok
15:51:47.0868 0x2f68 ohci1394 - ok
15:51:47.0880 0x2f68 ose - ok
15:51:47.0895 0x2f68 p2pimsvc - ok
15:51:47.0903 0x2f68 p2psvc - ok
15:51:47.0912 0x2f68 Parport - ok
15:51:47.0919 0x2f68 partmgr - ok
15:51:47.0929 0x2f68 PcaSvc - ok
15:51:47.0937 0x2f68 pccsmcfd - ok
15:51:47.0949 0x2f68 pci - ok
15:51:47.0961 0x2f68 pciide - ok
15:51:47.0968 0x2f68 pcmcia - ok
15:51:47.0982 0x2f68 pcw - ok
15:51:47.0993 0x2f68 pdfcDispatcher - ok
15:51:48.0001 0x2f68 PEAUTH - ok
15:51:48.0016 0x2f68 PerfHost - ok
15:51:48.0046 0x2f68 pla - ok
15:51:48.0057 0x2f68 PlugPlay - ok
15:51:48.0065 0x2f68 PNRPAutoReg - ok
15:51:48.0075 0x2f68 PNRPsvc - ok
15:51:48.0089 0x2f68 PolicyAgent - ok
15:51:48.0109 0x2f68 Power - ok
15:51:48.0116 0x2f68 PptpMiniport - ok
15:51:48.0128 0x2f68 Processor - ok
15:51:48.0138 0x2f68 ProfSvc - ok
15:51:48.0146 0x2f68 ProtectedStorage - ok
15:51:48.0152 0x2f68 Psched - ok
15:51:48.0164 0x2f68 PSI_SVC_2 - ok
15:51:48.0172 0x2f68 PxHlpa64 - ok
15:51:48.0183 0x2f68 ql2300 - ok
15:51:48.0192 0x2f68 ql40xx - ok
15:51:48.0206 0x2f68 QWAVE - ok
15:51:48.0213 0x2f68 QWAVEdrv - ok
15:51:48.0221 0x2f68 RasAcd - ok
15:51:48.0235 0x2f68 RasAgileVpn - ok
15:51:48.0245 0x2f68 RasAuto - ok
15:51:48.0253 0x2f68 Rasl2tp - ok
15:51:48.0264 0x2f68 RasMan - ok
15:51:48.0271 0x2f68 RasPppoe - ok
15:51:48.0283 0x2f68 RasSstp - ok
15:51:48.0292 0x2f68 rdbss - ok
15:51:48.0299 0x2f68 rdpbus - ok
15:51:48.0310 0x2f68 RDPCDD - ok
15:51:48.0321 0x2f68 RDPENCDD - ok
15:51:48.0340 0x2f68 RDPREFMP - ok
15:51:48.0355 0x2f68 RDPWD - ok
15:51:48.0366 0x2f68 rdyboost - ok
15:51:48.0379 0x2f68 RemoteAccess - ok
15:51:48.0398 0x2f68 RemoteRegistry - ok
15:51:48.0409 0x2f68 RFCOMM - ok
15:51:48.0414 0x2f68 RpcEptMapper - ok
15:51:48.0422 0x2f68 RpcLocator - ok
15:51:48.0434 0x2f68 RpcSs - ok
15:51:48.0447 0x2f68 rspndr - ok
15:51:48.0455 0x2f68 RTL8167 - ok
15:51:48.0466 0x2f68 rtsuvc - ok
15:51:48.0477 0x2f68 SamSs - ok
15:51:48.0487 0x2f68 sbp2port - ok
15:51:48.0496 0x2f68 SCardSvr - ok
15:51:48.0507 0x2f68 scfilter - ok
15:51:48.0517 0x2f68 Schedule - ok
15:51:48.0527 0x2f68 SCPolicySvc - ok
15:51:48.0537 0x2f68 sdbus - ok
15:51:48.0546 0x2f68 SDRSVC - ok
15:51:48.0553 0x2f68 secdrv - ok
15:51:48.0565 0x2f68 seclogon - ok
15:51:48.0576 0x2f68 SENS - ok
15:51:48.0585 0x2f68 SensrSvc - ok
15:51:48.0600 0x2f68 Serenum - ok
15:51:48.0611 0x2f68 Serial - ok
15:51:48.0619 0x2f68 sermouse - ok
15:51:48.0631 0x2f68 ServiceLayer - ok
15:51:48.0661 0x2f68 SessionEnv - ok
15:51:48.0666 0x2f68 sffdisk - ok
15:51:48.0673 0x2f68 sffp_mmc - ok
15:51:48.0689 0x2f68 sffp_sd - ok
15:51:48.0702 0x2f68 sfloppy - ok
15:51:48.0713 0x2f68 SharedAccess - ok
15:51:48.0720 0x2f68 ShellHWDetection - ok
15:51:48.0734 0x2f68 SiSRaid2 - ok
15:51:48.0745 0x2f68 SiSRaid4 - ok
15:51:48.0752 0x2f68 SkypeUpdate - ok
15:51:48.0765 0x2f68 Smb - ok
15:51:48.0785 0x2f68 SNMPTRAP - ok
15:51:48.0795 0x2f68 spldr - ok
15:51:48.0806 0x2f68 Spooler - ok
15:51:48.0815 0x2f68 sppsvc - ok
15:51:48.0823 0x2f68 sppuinotify - ok
15:51:48.0835 0x2f68 SQLWriter - ok
15:51:48.0844 0x2f68 srv - ok
15:51:48.0852 0x2f68 srv2 - ok
15:51:48.0862 0x2f68 srvnet - ok
15:51:48.0877 0x2f68 SSDPSRV - ok
15:51:48.0888 0x2f68 SstpSvc - ok
15:51:48.0901 0x2f68 ss_bus - ok
15:51:48.0912 0x2f68 ss_mdfl - ok
15:51:48.0917 0x2f68 ss_mdm - ok
15:51:48.0927 0x2f68 STacSV - ok
15:51:48.0936 0x2f68 stexstor - ok
15:51:48.0948 0x2f68 STHDA - ok
15:51:48.0963 0x2f68 stisvc - ok
15:51:48.0978 0x2f68 stllssvr - ok
15:51:48.0992 0x2f68 swenum - ok
15:51:49.0006 0x2f68 SwitchBoard - ok
15:51:49.0017 0x2f68 swprv - ok
15:51:49.0028 0x2f68 SynTP - ok
15:51:49.0038 0x2f68 SysMain - ok
15:51:49.0048 0x2f68 TabletInputService - ok
15:51:49.0058 0x2f68 TapiSrv - ok
15:51:49.0069 0x2f68 TBS - ok
15:51:49.0081 0x2f68 Tcpip - ok
15:51:49.0089 0x2f68 TCPIP6 - ok
15:51:49.0104 0x2f68 tcpipreg - ok
15:51:49.0117 0x2f68 TDPIPE - ok
15:51:49.0126 0x2f68 TDTCP - ok
15:51:49.0137 0x2f68 tdx - ok
15:51:49.0153 0x2f68 Te.Service - ok
15:51:49.0165 0x2f68 TermDD - ok
15:51:49.0172 0x2f68 TermService - ok
15:51:49.0182 0x2f68 Themes - ok
15:51:49.0195 0x2f68 THREADORDER - ok
15:51:49.0203 0x2f68 TPM - ok
15:51:49.0211 0x2f68 TrkWks - ok
15:51:49.0221 0x2f68 truecrypt - ok
15:51:49.0233 0x2f68 TrustedInstaller - ok
15:51:49.0250 0x2f68 tssecsrv - ok
15:51:49.0268 0x2f68 TsUsbFlt - ok
15:51:49.0279 0x2f68 tunnel - ok
15:51:49.0291 0x2f68 uagp35 - ok
15:51:49.0303 0x2f68 udfs - ok
15:51:49.0328 0x2f68 UI0Detect - ok
15:51:49.0338 0x2f68 uliagpkx - ok
15:51:49.0350 0x2f68 umbus - ok
15:51:49.0358 0x2f68 UmPass - ok
15:51:49.0370 0x2f68 upnphost - ok
15:51:49.0386 0x2f68 upperdev - ok
15:51:49.0398 0x2f68 usbaudio - ok
15:51:49.0415 0x2f68 usbccgp - ok
15:51:49.0420 0x2f68 usbcir - ok
15:51:49.0432 0x2f68 usbehci - ok
15:51:49.0445 0x2f68 usbhub - ok
15:51:49.0458 0x2f68 usbohci - ok
15:51:49.0472 0x2f68 usbprint - ok
15:51:49.0483 0x2f68 usbser - ok
15:51:49.0495 0x2f68 UsbserFilt - ok
15:51:49.0506 0x2f68 USBSTOR - ok
15:51:49.0516 0x2f68 usbuhci - ok
15:51:49.0525 0x2f68 usbvideo - ok
15:51:49.0541 0x2f68 UxSms - ok
15:51:49.0555 0x2f68 VaultSvc - ok
15:51:49.0567 0x2f68 VClone - ok
15:51:49.0584 0x2f68 vdrvroot - ok
15:51:49.0600 0x2f68 vds - ok
15:51:49.0607 0x2f68 vga - ok
15:51:49.0617 0x2f68 VgaSave - ok
15:51:49.0633 0x2f68 vhdmp - ok
15:51:49.0643 0x2f68 viaide - ok
15:51:49.0659 0x2f68 volmgr - ok
15:51:49.0667 0x2f68 volmgrx - ok
15:51:49.0673 0x2f68 volsnap - ok
15:51:49.0683 0x2f68 vsmraid - ok
15:51:49.0693 0x2f68 VSPerfDrv110 - ok
15:51:49.0702 0x2f68 VSS - ok
15:51:49.0710 0x2f68 vToolbarUpdater18.1.10 - ok
15:51:49.0722 0x2f68 vwifibus - ok
15:51:49.0734 0x2f68 vwififlt - ok
15:51:49.0747 0x2f68 W32Time - ok
15:51:49.0761 0x2f68 WacomPen - ok
15:51:49.0774 0x2f68 WANARP - ok
15:51:49.0786 0x2f68 Wanarpv6 - ok
15:51:49.0795 0x2f68 WatAdminSvc - ok
15:51:49.0804 0x2f68 wbengine - ok
15:51:49.0814 0x2f68 WbioSrvc - ok
15:51:49.0823 0x2f68 wcncsvc - ok
15:51:49.0835 0x2f68 WcsPlugInService - ok
15:51:49.0855 0x2f68 Wd - ok
15:51:49.0871 0x2f68 Wdf01000 - ok
15:51:49.0889 0x2f68 WdiServiceHost - ok
15:51:49.0896 0x2f68 WdiSystemHost - ok
15:51:49.0905 0x2f68 WebClient - ok
15:51:49.0915 0x2f68 Wecsvc - ok
15:51:49.0922 0x2f68 wercplsupport - ok
15:51:49.0928 0x2f68 WerSvc - ok
15:51:49.0939 0x2f68 WfpLwf - ok
15:51:49.0946 0x2f68 WIMMount - ok
15:51:49.0959 0x2f68 WinDefend - ok
15:51:49.0978 0x2f68 WinHttpAutoProxySvc - ok
15:51:49.0991 0x2f68 Winmgmt - ok
15:51:50.0000 0x2f68 WinRM - ok
15:51:50.0019 0x2f68 WinUsb - ok
15:51:50.0032 0x2f68 Wlansvc - ok
15:51:50.0044 0x2f68 wlidsvc - ok
15:51:50.0054 0x2f68 WmiAcpi - ok
15:51:50.0068 0x2f68 wmiApSrv - ok
15:51:50.0080 0x2f68 WMPNetworkSvc - ok
15:51:50.0091 0x2f68 WPCSvc - ok
15:51:50.0098 0x2f68 WPDBusEnum - ok
15:51:50.0111 0x2f68 ws2ifsl - ok
15:51:50.0127 0x2f68 wscsvc - ok
15:51:50.0137 0x2f68 WSearch - ok
15:51:50.0154 0x2f68 wuauserv - ok
15:51:50.0177 0x2f68 WudfPf - ok
15:51:50.0183 0x2f68 WUDFRd - ok
15:51:50.0198 0x2f68 wudfsvc - ok
15:51:50.0209 0x2f68 WwanSvc - ok
15:51:50.0246 0x2f68 ================ Scan global ===============================
15:51:50.0247 0x2f68 [ Global ] - ok
15:51:50.0253 0x2f68 ================ Scan MBR ==================================
15:51:50.0290 0x2f68 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:51:50.0580 0x2f68 \Device\Harddisk0\DR0 - ok
15:51:50.0580 0x2f68 ================ Scan VBR ==================================
15:51:50.0580 0x2f68 ================ Scan generic autorun ======================
15:51:50.0581 0x2f68 IAAnotif - ok
15:51:50.0585 0x2f68 SynTPEnh - ok
15:51:50.0591 0x2f68 BTMTrayAgent - ok
15:51:50.0595 0x2f68 IgfxTray - ok
15:51:50.0599 0x2f68 HotKeysCmds - ok
15:51:50.0605 0x2f68 Persistence - ok
15:51:50.0609 0x2f68 SmartSoft PDF Printer Agent - ok
15:51:50.0613 0x2f68 SysTrayApp - ok
15:51:50.0616 0x2f68 AdobeAAMUpdater-1.0 - ok
15:51:50.0621 0x2f68 NCPluginUpdater - ok
15:51:50.0625 0x2f68 PDF Complete - ok
15:51:50.0629 0x2f68 WirelessAssistant - ok
15:51:50.0633 0x2f68 NortonOnlineBackup - ok
15:51:50.0639 0x2f68 WinampAgent - ok
15:51:50.0643 0x2f68 VirtualCloneDrive - ok
15:51:50.0646 0x2f68 GrooveMonitor - ok
15:51:50.0650 0x2f68 HTC Sync - ok
15:51:50.0653 0x2f68 PDFPrint - ok
15:51:50.0658 0x2f68 NokiaMServer - ok
15:51:50.0661 0x2f68 SunJavaUpdateSched - ok
15:51:50.0664 0x2f68 ConnectionCenter - ok
15:51:50.0668 0x2f68 QLBController - ok
15:51:50.0673 0x2f68 Nikon Message Center 2 - ok
15:51:50.0677 0x2f68 Adobe Reader Speed Launcher - ok
15:51:50.0678 0x2f68 Adobe ARM - ok
15:51:50.0681 0x2f68 Malwarebytes Anti-Malware (cleanup) - ok
15:51:50.0685 0x2f68 Sidebar - ok
15:51:50.0692 0x2f68 mctadmin - ok
15:51:50.0697 0x2f68 Sidebar - ok
15:51:50.0701 0x2f68 mctadmin - ok
15:51:50.0705 0x2f68 HPAdvisorDock - ok
15:51:50.0712 0x2f68 LightScribe Control Panel - ok
15:51:50.0715 0x2f68 Google Update - ok
15:51:50.0745 0x2f68 AV detected via SS2: AVG AntiVirus Free Edition 2015, C:\Program Files (x86)\AVG\AVG2015\avgwsc.exe ( 15.0.0.5577 ), 0x41000 ( enabled : updated )
15:51:50.0749 0x2f68 Win FW state via NFP2: enabled
15:51:53.0609 0x2f68 ============================================================
15:51:53.0609 0x2f68 Scan finished
15:51:53.0609 0x2f68 ============================================================
15:51:53.0623 0x27e8 Detected object count: 0
15:51:53.0624 0x27e8 Actual detected object count: 0

#4 Příspěvek od **altrok** » 29 pro 2014 16:26

Oukej, tak mu zkusime zlehka domluvit.

Ulozte na plochu OTM - http://oldtimer.geekstogo.com/OTM.exe
ukoncete vsechny programy
kliknete pravym na ikonu OTM.exe a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
obsah bileho pole zkopirujte do leveho okna OTM a kliknete na MoveIt!
po restartu vlozte log, ktery bude v C:\_OTM\MovedFiles\mmddyyyy_hhmmss.log
Dejte pak novy log FRST.txt, prilozte i Addition.txt (do zipu/raru a do prilohy) - http://forum.viry.cz/viewtopic.php?f=30&t=133101

Kód: Vybrat vše

:commands
[Purity]
[EmptyTemp]
[EmptyFlash]
[EmptyJava]
[CreateRestorePoint]

:services
bgbjdiu

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp /s
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
C:\windows\system32\drivers\nhqt.sys

:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
""=-
"IPWsoft"=-
"YpzPack"=-

petran · #5 Příspěvek od **petran** » 29 pro 2014 17:32

OMT jsem ulozila na plochu a stiskla Movelt, ale aplikace se zavrela a zmizela z plochy. Zkousela jsem to vickrat a nekdy aplikace zmizela hned ani se neotevrela.

Na plose se vytvori soubor desktop.ini, ktery obsahuje:
[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769
IconResource=%SystemRoot%\system32\imageres.dll,-183

OMT log se nevytvoril.

Zkousim vytvorit FRST log, ale nevim jak obejit to, ze pri stahovani FRSTLauncheru mi chrome zablokuje stahovani s hlaskou "Soubor FRSTLauncher.exe je skodlivy a prohlizec chrome jej zablokoval". Prohlizec IE nejde spustit.
Dekuju

#6 Příspěvek od **altrok** » 29 pro 2014 17:39

To se dalo cekat

FRSTLauncher tedy nestahujte... postaci mi logy ze samotneho FRST.exe/FRST64.exe (i Addition.txt)

petran · #7 Příspěvek od **petran** » 29 pro 2014 17:54

LOG FRST:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by petra (administrator) on PETRA-HP on 29-12-2014 17:50:13
Running from C:\Users\petra\Desktop
Loaded Profile: petra (Available profiles: petra)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Citrix Systems, Inc) C:\Program Files\Citrix\Secure Access Client\nsverctl.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\ToolbarUpdater.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\loggingserver.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\Smart PDF Creator\SmartSoft PDF Printer Agent.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\audiosrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Users\petra\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\petra\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\petra\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\petra\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\petra\AppData\Local\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Google Inc.) C:\Users\petra\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\petra\AppData\Local\Google\Chrome\Application\chrome.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfica32.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Farbar) C:\Users\petra\Desktop\FRST64 (1).exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2010-01-08] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2028328 2010-01-22] (Synaptics Incorporated)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files\Motorola\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [SmartSoft PDF Printer Agent] => C:\Program Files\Smart PDF Creator\SmartSoft PDF Printer Agent.exe [50560 2011-05-17] ()
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [489472 2013-06-21] (IDT, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [563736 2010-01-12] (PDF Complete Inc)
HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [499768 2009-09-01] (Hewlett-Packard)
HKLM-x32\...\Run: [NortonOnlineBackup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1110360 2010-05-03] (Symantec Corporation)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2010-12-09] (Nullsoft, Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [HTC Sync] => C:\Program Files (x86)\HTC\HTC Sync for BrewMP\AutoDetect.exe [180224 2010-04-16] (FutureDial Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [220552 2011-04-28] (Geek Software GmbH)
HKLM-x32\...\Run: [NokiaMServer] => C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [256056 2010-10-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [570880 2013-12-27] (Nikon Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Communicator] => C:\Program Files (x86)\Microsoft Lync\communicator.exe [12117312 2014-05-01] (Microsoft Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3653136 2014-11-09] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [3060248 2014-12-09] ()
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-02] (Hewlett-Packard)
Winlogon\Notify\avgwlx64: avgwlx64.dll [X]
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1537954393-1589409457-3668467252-1002\...\Run: [HPAdvisorDock] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-10] ()
HKU\S-1-5-21-1537954393-1589409457-3668467252-1002\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2010-01-22] (Hewlett-Packard Company)
HKU\S-1-5-21-1537954393-1589409457-3668467252-1002\...\Run: [Google Update] => C:\Users\petra\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-17] (Google Inc.)
HKU\S-1-5-21-1537954393-1589409457-3668467252-1002\...\Run: [] => [X]
HKU\S-1-5-21-1537954393-1589409457-3668467252-1002\...\Run: [IPWsoft] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\petra\AppData\Local\ASworks\ndppydljdabngna.dll
HKU\S-1-5-21-1537954393-1589409457-3668467252-1002\...\Run: [YpzPack] => regsvr32.exe C:\Users\petra\AppData\Local\YpzPack\Gameshell.dll <===== ATTENTION
HKU\S-1-5-21-1537954393-1589409457-3668467252-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-1537954393-1589409457-3668467252-1002\...\MountPoints2: {0e3978c8-be1d-11e2-95e6-70f395a5c5af} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1537954393-1589409457-3668467252-1002\...\MountPoints2: {a6e0cbba-2273-11e0-9a49-1cc1dead56f6} - H:\vs_premium.exe
HKU\S-1-5-21-1537954393-1589409457-3668467252-1002\...\MountPoints2: {d1051d4a-ca83-11df-a41c-806e6f6e6963} - G:\setup.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [301568 2013-03-21] (Microsoft Corporation)
AppInit_DLLs-x32: C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll => C:\Program Files (x86)\Citrix\ICA Client\RSHook.dll [256568 2012-12-14] (Citrix Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Citrix Access Gateway.lnk
ShortcutTarget: Citrix Access Gateway.lnk -> C:\Program Files\Citrix\Secure Access Client\nsload.exe (Citrix Systems, Inc)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (No File)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll ()
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/?clid=22668
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://search.seznam.cz/?sourceid=quick ... earchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1537954393-1589409457-3668467252-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://cag.autocont.cz/
HKU\S-1-5-21-1537954393-1589409457-3668467252-1002\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.seznam.cz/?sourceid=quick ... earchTerms}
HKU\S-1-5-21-1537954393-1589409457-3668467252-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.seznam.cz/?clid=22668
SearchScopes: HKLM -> {EFD90A5C-C40F-45D9-92AB-A3DAE671237A} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKLM-x32 -> {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = http://search.seznam.cz/?sourceid=quick ... earchTerms}
SearchScopes: HKLM-x32 -> {EFD90A5C-C40F-45D9-92AB-A3DAE671237A} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKU\S-1-5-21-1537954393-1589409457-3668467252-1002 -> DefaultScope {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = http://www.bing.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1537954393-1589409457-3668467252-1002 -> {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = http://www.bing.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1537954393-1589409457-3668467252-1002 -> {4C9CBA0D-2FB5-4A52-B2F2-309B981A6D34} URL = http://search.yahoo.com/search?fr=chr-g ... earchTerms}
SearchScopes: HKU\S-1-5-21-1537954393-1589409457-3668467252-1002 -> {737B82B4-4313-442A-B155-9D7CEABE955A} URL = http://search.findwide.com/serp?guid={2 ... earchTerms}
SearchScopes: HKU\S-1-5-21-1537954393-1589409457-3668467252-1002 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={92 ... 2014-12-09 09:45:25&v=4.0.0.19&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1537954393-1589409457-3668467252-1002 -> {A3C94BE3-88E5-49A7-8E8F-4118A4DDA8BD} URL = http://search.yahoo.com/search?fr=chr-g ... earchTerms}
SearchScopes: HKU\S-1-5-21-1537954393-1589409457-3668467252-1002 -> {C6C13DEC-BE6A-4253-B87E-5B76BA964E8C} URL = http://search.findwide.com/rt?guid={5E1 ... earchTerms}
SearchScopes: HKU\S-1-5-21-1537954393-1589409457-3668467252-1002 -> {C7CD73CA-3327-4E63-911E-C23C78A3C332} URL = http://search.yahoo.com/search?p={searc ... type=10809
SearchScopes: HKU\S-1-5-21-1537954393-1589409457-3668467252-1002 -> {EFD90A5C-C40F-45D9-92AB-A3DAE671237A} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.0.0.19\AVG Web TuneUp.dll (AVG)
BHO-x32: Skype Plug-In -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKU\S-1-5-21-1537954393-1589409457-3668467252-1002 -> No Name - {F533918A-A8C5-4CB0-B704-1CDF6E16E34A} - No File
Toolbar: HKU\S-1-5-21-1537954393-1589409457-3668467252-1002 -> No Name - {7BF9DE01-F60A-41F0-B158-ACF52E5F99B8} - No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.10\ViProtocol.dll (AVG Secure Search)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @Citrix.com/npagee64,version=10.1.123.9 -> C:\Program Files\Citrix\Secure Access Client\npagee64.dll (Citrix Systems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.10\\npsitesafety.dll No File
FF Plugin-x32: @Citrix.com/npagee,version=10.1.123.9 -> C:\Program Files\Citrix\Secure Access Client\npagee.dll (Citrix Systems, Inc.)
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 -> C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.5.1 -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1537954393-1589409457-3668467252-1002: @tools.google.com/Google Update;version=3 -> C:\Users\petra\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1537954393-1589409457-3668467252-1002: @tools.google.com/Google Update;version=9 -> C:\Users\petra\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\petra\AppData\Roaming\mozilla\plugins\npagee.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\petra\AppData\Roaming\mozilla\plugins\npagee64.dll (Citrix Systems, Inc.)
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011-02-16]
FF HKLM-x32\...\Firefox\Extensions: [{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}] - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF Extension: Firefox Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension [2011-07-03]
FF HKLM-x32\...\Thunderbird\Extensions: [{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}] - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension [2011-07-03]

Chrome:
=======
CHR HomePage: Default -> https://www.seznam.cz/?clid=22668
CHR StartupUrls: Default -> "hxxp://www.seznam.cz/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\petra\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-14]
CHR Extension: (AVG Secure Search) - C:\Users\petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2014-12-09]
CHR Extension: (VyhledÃƒÆ’Ã‚Â¡vÃƒÆ’Ã‚Â¡nÃƒÆ’Ã‚Â Google) - C:\Users\petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-14]
CHR Extension: (Skype Click to Call) - C:\Users\petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2010-12-27]
CHR Extension: (PenÃƒâ€žÃ¢â‚¬ÂºÃƒâ€¦Ã‚Â¾enka Google) - C:\Users\petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-03]
CHR Extension: (Gmail) - C:\Users\petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-14]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2010-11-22]
CHR StartMenuInternet: Google Chrome - C:\Users\petra\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3488784 2014-11-09] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-11-09] (AVG Technologies CZ, s.r.o.)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [647680 2010-09-27] (Macrovision Europe Ltd.) [File not signed]
R3 FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [1028096 2010-09-27] (Macrovision Europe Ltd.) [File not signed]
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [280120 2010-10-01] (Hewlett-Packard Company)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-01-22] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2782552 2010-05-03] (Symantec Corporation)
R2 nsverctl; C:\Program Files\Citrix\Secure Access Client\nsverctl.exe [157744 2014-01-10] (Citrix Systems, Inc)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2010-01-12] (PDF Complete Inc)
S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [633856 2011-06-08] (Nokia) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed]
R2 vToolbarUpdater18.1.10; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\ToolbarUpdater.exe [1849368 2014-12-09] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [263960 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [50976 2014-12-09] (AVG Technologies)
S3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [42496 2010-05-20] (Motorola, Inc.)
S3 BTMNET; C:\Windows\System32\DRIVERS\btmnet.sys [28672 2010-06-18] (Motorola, Inc.)
R2 cag; C:\Program Files\Common Files\Deterministic Networks\Common Files\cag.sys [102160 2013-04-01] (Citrix Systems, Inc.)
R3 ctxva51; C:\Windows\System32\DRIVERS\ctxva51.sys [46640 2014-01-10] (Citrix Systems, Inc.)
R1 DNE; C:\Windows\System32\DRIVERS\dnelwf64.sys [119120 2013-02-20] (Citrix Systems, Inc.)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [118872 2009-07-30] (QUALCOMM Incorporated)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-29] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [96384 2010-05-21] (Realtek Semiconductor Corp.)
S3 VSPerfDrv110; C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-29 17:50 - 2014-12-29 17:50 - 00032421 _____ () C:\Users\petra\Desktop\FRST.txt
2014-12-29 17:49 - 2014-12-29 17:50 - 00000000 ____D () C:\FRST
2014-12-29 17:29 - 2014-12-29 17:29 - 00112640 _____ (forum.viry.cz) C:\Users\petra\Desktop\Nepotvrzeno 897907.crdownload
2014-12-29 17:27 - 2014-12-29 17:27 - 02123264 _____ (Farbar) C:\Users\petra\Desktop\FRST64 (1).exe
2014-12-29 17:27 - 2014-12-29 17:27 - 00112640 _____ (forum.viry.cz) C:\Users\petra\Desktop\Nepotvrzeno 724053.crdownload
2014-12-29 17:20 - 2014-12-29 17:20 - 00522240 _____ (OldTimer Tools) C:\Users\petra\Documents\OTM (1).exe
2014-12-29 17:17 - 2014-12-29 17:18 - 00522240 _____ (OldTimer Tools) C:\Users\petra\Documents\OTM.exe
2014-12-29 17:12 - 2014-12-29 17:12 - 00000000 ____D () C:\_OTM
2014-12-29 16:11 - 2014-12-29 16:11 - 00000394 _____ () C:\windows\PFRO.log
2014-12-29 16:05 - 2014-12-29 16:05 - 00002020 _____ () C:\Users\petra\Desktop\Windows Compatibility Report.htm
2014-12-29 16:01 - 2014-12-29 17:14 - 00001141 _____ () C:\windows\setupact.log
2014-12-29 16:01 - 2014-12-29 16:15 - 00000000 _____ () C:\windows\setuperr.log
2014-12-29 15:26 - 2014-12-29 15:26 - 00015392 _____ () C:\Users\petra\Documents\cc_20141229_152623.reg
2014-12-28 23:04 - 2014-12-28 23:04 - 00000507 _____ () C:\Users\petra\Desktop\viry.txt
2014-12-28 10:55 - 2014-12-29 17:31 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-28 10:53 - 2014-12-28 10:53 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-28 10:53 - 2014-12-28 10:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-28 10:53 - 2014-12-28 10:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-28 10:53 - 2014-12-28 10:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-28 10:53 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-12-28 10:53 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-12-28 10:53 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-12-28 10:49 - 2014-12-28 10:50 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\petra\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-28 10:38 - 2014-12-28 10:38 - 00331552 _____ () C:\Users\petra\Documents\zaloha registru.reg
2014-12-28 10:27 - 2014-12-28 10:27 - 00002772 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC
2014-12-28 10:27 - 2014-12-28 10:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-12-28 10:27 - 2014-12-28 10:27 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-28 10:26 - 2014-12-28 10:26 - 05317104 _____ (Piriform Ltd) C:\Users\petra\Downloads\ccsetup501.exe
2014-12-28 10:20 - 2014-12-28 23:06 - 00000000 ____D () C:\Program Files\trend micro
2014-12-28 10:20 - 2014-12-28 10:21 - 00000000 ____D () C:\rsit
2014-12-28 10:20 - 2014-12-28 10:20 - 01222144 _____ () C:\Users\petra\Downloads\RSITx64.exe
2014-12-27 20:02 - 2014-12-27 20:02 - 00001715 _____ () C:\Users\petra\Desktop\Computer.lnk
2014-12-27 20:02 - 2014-12-27 20:02 - 00000288 _____ () C:\Users\petra\AppData\Roaming\4E90F1F3.reg
2014-12-26 23:04 - 2014-12-26 23:04 - 00002146 _____ () C:\Users\petra\Downloads\eKomunikace.ClientACV (3).application
2014-12-26 23:04 - 2014-12-26 23:04 - 00000370 _____ () C:\Users\petra\Desktop\eTesty - klient (ACV).appref-ms
2014-12-26 23:04 - 2014-12-26 23:04 - 00000000 ____D () C:\Users\petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ministerstvo dopravy
2014-12-26 23:03 - 2014-12-26 23:03 - 00002146 _____ () C:\Users\petra\Downloads\eKomunikace.ClientACV (2).application
2014-12-26 11:45 - 2014-12-29 17:12 - 00066752 _____ () C:\windows\SysWOW64\debug.log
2014-12-26 11:45 - 2014-12-29 16:34 - 00004268 _____ () C:\Users\petra\Desktop\Soubor Windows Compatibility Report.htm
2014-12-26 11:37 - 2014-12-29 17:12 - 00002544 _____ () C:\windows\diagwrn.xml
2014-12-26 11:37 - 2014-12-29 17:12 - 00001890 _____ () C:\windows\diagerr.xml
2014-12-26 08:17 - 2014-12-26 08:17 - 00003126 _____ () C:\windows\System32\Tasks\{4547B2DF-65D8-4CDB-A59A-46A2937A7846}
2014-12-25 19:56 - 2014-12-25 19:56 - 00033052 _____ () C:\Users\petra\Downloads\American Sniper 2014 (3).torrent
2014-12-25 19:55 - 2014-12-25 19:55 - 00033052 _____ () C:\Users\petra\Downloads\American Sniper 2014 (2).torrent
2014-12-25 19:49 - 2014-12-25 19:49 - 00033052 _____ () C:\Users\petra\Downloads\American Sniper 2014 (1).torrent
2014-12-25 19:46 - 2014-12-25 19:46 - 00033052 _____ () C:\Users\petra\Downloads\American Sniper 2014.torrent
2014-12-25 19:20 - 2014-12-28 09:35 - 00000000 ____D () C:\Users\petra\AppData\Local\ASworks
2014-12-25 19:20 - 2014-12-25 19:21 - 00000000 ____D () C:\Users\petra\AppData\Local\YpzPack
2014-12-25 19:20 - 2014-12-25 19:20 - 00003168 _____ () C:\windows\System32\Tasks\{7B408AEB-899A-4423-9E17-445B83D59666}
2014-12-25 16:48 - 2014-12-25 16:49 - 00002146 _____ () C:\Users\petra\Downloads\eKomunikace.ClientACV.application
2014-12-20 22:06 - 2014-12-20 22:06 - 04085248 _____ () C:\Users\petra\Desktop\teorie_treninku_strelby_zacatecniku.ppt
2014-12-18 06:13 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-12-18 06:13 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-12-17 12:41 - 2014-12-17 12:41 - 00413005 _____ () C:\Users\petra\Desktop\MD_eKom_ UAT_171204 MD.xlsx
2014-12-14 14:32 - 2014-12-14 14:32 - 00002146 _____ () C:\Users\petra\Downloads\eKomunikace.ClientACV (1).application
2014-12-10 06:34 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-12-10 06:34 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-12-10 06:34 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-12-10 06:34 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-12-10 06:33 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-12-10 06:33 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-12-10 06:33 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-12-10 06:33 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-12-10 06:33 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-12-10 06:33 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-12-10 06:33 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-12-10 06:33 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-12-10 06:33 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-12-10 06:33 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-12-10 06:33 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-12-10 06:33 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-12-10 06:33 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-12-10 06:33 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-12-10 06:33 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-12-10 06:33 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-12-10 06:33 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-12-10 06:33 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-12-10 06:33 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-12-10 06:33 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-12-10 06:33 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 06:33 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-12-10 06:33 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-12-10 06:33 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-12-10 06:33 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-12-10 06:33 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-12-10 06:33 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-12-10 06:33 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-12-10 06:33 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-12-10 06:33 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-12-10 06:33 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-12-10 06:33 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-12-10 06:33 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-12-10 06:33 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-12-10 06:33 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-12-10 06:33 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-12-10 06:33 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-12-10 06:33 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 06:33 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-12-10 06:33 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-12-10 06:33 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-12-10 06:33 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-12-10 06:33 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-12-10 06:33 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-12-10 06:33 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-12-10 06:33 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-12-10 06:33 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-12-10 06:33 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-12-10 06:33 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-12-10 06:33 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-12-10 06:33 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-12-10 06:33 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-12-09 09:45 - 2014-12-09 19:51 - 00000000 ____D () C:\ProgramData\AVG Security Toolbar
2014-12-09 09:45 - 2014-12-09 13:45 - 00000000 ____D () C:\Users\petra\AppData\Local\AVG Web TuneUp
2014-12-09 09:45 - 2014-12-09 09:45 - 00050976 _____ (AVG Technologies) C:\windows\system32\Drivers\avgtpx64.sys
2014-12-09 09:45 - 2014-12-09 09:45 - 00000000 ____D () C:\ProgramData\AVG Web TuneUp
2014-12-09 09:45 - 2014-12-09 09:45 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-12-09 09:45 - 2014-12-09 09:45 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp
2014-12-08 22:41 - 2014-12-08 22:41 - 00000000 ____D () C:\Users\petra\Záznamy aplikace Lync
2014-12-08 20:10 - 2014-12-08 20:10 - 00000000 ____D () C:\Users\petra\AppData\Roaming\AVG2015
2014-12-08 20:09 - 2014-12-08 20:09 - 00000000 ____D () C:\Users\petra\AppData\Roaming\TuneUp Software
2014-12-08 20:09 - 2014-12-08 20:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-12-08 20:07 - 2014-12-28 10:02 - 00000000 ____D () C:\ProgramData\AVG2015
2014-12-08 20:07 - 2014-12-08 20:07 - 00000000 ___HD () C:\$AVG
2014-12-08 20:06 - 2014-12-08 20:06 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-12-08 19:15 - 2014-12-29 09:56 - 00000000 ____D () C:\ProgramData\MFAData
2014-12-08 19:15 - 2014-12-09 09:36 - 00000000 ____D () C:\Users\petra\AppData\Local\Avg2015
2014-12-08 19:15 - 2014-12-08 19:15 - 00000000 ____D () C:\Users\petra\AppData\Local\MFAData
2014-12-08 18:42 - 2014-12-08 18:42 - 04578048 _____ (AVG Technologies) C:\Users\petra\Downloads\avg_free_stb_all_2015_5315_ppc2.exe
2014-12-06 07:44 - 2014-12-06 07:47 - 00000000 ____D () C:\Users\Default\Documents\Visual Studio 2012
2014-12-06 07:44 - 2014-12-06 07:47 - 00000000 ____D () C:\Users\Default User\Documents\Visual Studio 2012
2014-12-05 13:58 - 2014-12-05 13:58 - 00000045 _____ () C:\Users\petra\Documents\2014_12.txt
2014-12-05 02:04 - 2014-12-25 18:49 - 00000000 ____D () C:\Users\petra\Documents\Visual Studio 2012
2014-12-05 02:01 - 2014-12-05 02:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 5 SDK
2014-12-05 02:01 - 2014-12-05 02:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 4 SDK
2014-12-05 01:59 - 2014-12-05 01:59 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2014-12-05 01:59 - 2014-12-05 01:59 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-12-05 01:58 - 2014-12-05 01:58 - 00000000 ____D () C:\ProgramData\Windows App Certification Kit
2014-12-05 01:58 - 2014-12-05 01:58 - 00000000 ____D () C:\Program Files\Application Verifier
2014-12-05 01:58 - 2014-12-05 01:58 - 00000000 ____D () C:\Program Files (x86)\Application Verifier
2014-12-05 01:57 - 2014-12-05 01:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2014-12-05 01:57 - 2014-12-05 01:57 - 00000000 ____D () C:\ProgramData\PreEmptive Solutions
2014-12-05 01:54 - 2014-12-05 01:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2014-12-05 01:53 - 2014-12-05 01:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft Web Tools
2014-12-05 01:53 - 2014-12-05 01:53 - 00002019 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Web Platform Installer.lnk
2014-12-05 01:52 - 2014-12-05 01:53 - 00000000 ____D () C:\Program Files\IIS Express
2014-12-05 01:52 - 2014-12-05 01:53 - 00000000 ____D () C:\Program Files (x86)\IIS Express
2014-12-05 01:52 - 2014-12-05 01:52 - 00000000 ____D () C:\Program Files (x86)\NuGet
2014-12-05 01:52 - 2014-12-05 01:52 - 00000000 ____D () C:\Program Files (x86)\Microsoft WCF Data Services
2014-12-05 01:50 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_43.dll
2014-12-05 01:49 - 2014-12-05 01:49 - 00000000 ____D () C:\Program Files (x86)\Windows Kits
2014-12-05 01:44 - 2014-12-05 01:44 - 00000000 ____D () C:\Program Files (x86)\HTML Help Workshop
2014-12-05 01:43 - 2014-12-05 01:43 - 00000000 ____D () C:\Program Files (x86)\Microsoft Help Viewer
2014-12-05 01:41 - 2014-12-05 02:00 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2014-12-05 01:41 - 2014-12-05 02:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2014-12-05 01:41 - 2014-12-05 01:47 - 00000000 ____D () C:\windows\SysWOW64\1033
2014-12-05 01:36 - 2014-12-05 02:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2012
2014-12-05 01:36 - 2014-12-05 02:03 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 11.0
2014-12-05 01:36 - 2014-12-05 02:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs
2014-12-05 01:36 - 2014-12-05 01:41 - 00000000 ____D () C:\windows\system32\1033
2014-12-05 01:36 - 2014-12-05 01:36 - 00000000 ____D () C:\windows\symbols
2014-12-05 01:36 - 2014-12-05 01:36 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 11.0
2014-12-05 01:17 - 2014-12-18 05:57 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-04 23:47 - 2014-12-04 23:47 - 00777835 _____ () C:\Users\petra\Downloads\test
2014-12-04 20:52 - 2014-12-04 20:52 - 00003264 _____ () C:\windows\System32\Tasks\{74AE9AB3-119A-4DD3-BCCA-0B26A6AAED42}
2014-12-04 20:37 - 2014-12-04 20:37 - 00000894 _____ () C:\Users\petra\Downloads\AutoContCA2 (1).crt
2014-12-04 20:37 - 2014-12-04 20:37 - 00000890 _____ () C:\Users\petra\Downloads\AutoContCA (1).crt
2014-12-04 20:36 - 2014-12-04 20:36 - 00000890 _____ () C:\Users\petra\Downloads\cacert (1).crt
2014-12-04 13:51 - 2014-12-04 13:51 - 00000000 ____D () C:\ProgramData\Applications
2014-12-04 13:50 - 2014-12-28 14:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Lync
2014-12-04 13:50 - 2014-12-28 13:59 - 00000000 ____D () C:\Program Files (x86)\Microsoft Lync
2014-12-04 13:50 - 2014-12-06 07:57 - 00000000 ____D () C:\Program Files\Microsoft Lync
2014-12-04 13:49 - 2014-12-28 11:49 - 00000000 ____D () C:\Users\petra\Tracing
2014-12-04 13:49 - 2014-12-04 13:49 - 00000000 ____D () C:\Program Files (x86)\OCSetup
2014-11-30 20:28 - 2014-11-30 20:28 - 00248320 _____ () C:\Users\petra\Downloads\14E5.tmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-29 17:33 - 2010-12-15 22:23 - 00000962 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1537954393-1589409457-3668467252-1002UA.job
2014-12-29 17:21 - 2009-07-14 05:45 - 00019760 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-29 17:21 - 2009-07-14 05:45 - 00019760 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-29 17:18 - 2010-09-27 23:17 - 01118374 _____ () C:\windows\WindowsUpdate.log
2014-12-29 17:14 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-12-29 17:07 - 2014-03-05 14:21 - 00000914 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-12-29 14:19 - 2010-09-09 22:18 - 00672408 _____ () C:\windows\system32\perfh005.dat
2014-12-29 14:19 - 2010-09-09 22:18 - 00142972 _____ () C:\windows\system32\perfc005.dat
2014-12-29 14:19 - 2009-07-14 06:13 - 01593238 _____ () C:\windows\system32\PerfStringBackup.INI
2014-12-29 10:08 - 2014-11-20 16:52 - 01611202 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-12-29 09:33 - 2010-12-15 22:23 - 00000910 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1537954393-1589409457-3668467252-1002Core.job
2014-12-28 22:28 - 2013-07-11 19:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nikon Message Center 2
2014-12-28 22:12 - 2011-01-31 20:43 - 00000000 ____D () C:\Users\petra\AppData\Local\Downloaded Installations
2014-12-28 15:02 - 2010-12-15 22:22 - 00000000 ____D () C:\Users\petra\AppData\Local\Deployment
2014-12-28 11:41 - 2014-02-28 16:31 - 00000332 _____ () C:\windows\Tasks\HPCeeScheduleForpetra.job
2014-12-28 10:34 - 2011-05-31 20:29 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2014-12-28 10:34 - 2010-12-28 20:53 - 00000000 ____D () C:\Users\petra\AppData\Roaming\Media Player Classic
2014-12-28 10:34 - 2010-12-19 15:39 - 00000000 ____D () C:\Users\petra\AppData\Roaming\uTorrent
2014-12-28 10:30 - 2009-07-27 16:04 - 00000000 ____D () C:\windows\Panther
2014-12-28 05:25 - 2010-09-09 22:23 - 00000000 ____D () C:\ProgramData\PDFC
2014-12-27 09:40 - 2010-12-27 20:58 - 00000000 ____D () C:\Users\petra\.gimp-2.6
2014-12-26 17:02 - 2014-02-28 16:31 - 00003186 _____ () C:\windows\System32\Tasks\HPCeeScheduleForpetra
2014-12-26 17:02 - 2011-10-28 19:20 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-12-26 17:02 - 2010-12-17 17:29 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log
2014-12-16 17:26 - 2012-08-28 20:31 - 00047616 _____ () C:\Users\petra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-12 18:06 - 2010-12-16 04:57 - 00000000 ____D () C:\windows\rescache
2014-12-12 16:53 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-12-12 16:36 - 2011-01-17 21:58 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-12 16:34 - 2013-08-15 07:13 - 00000000 ____D () C:\windows\system32\MRT
2014-12-12 16:18 - 2010-12-19 16:13 - 112710672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-12-09 20:07 - 2014-03-05 14:21 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-12-09 20:07 - 2014-03-05 14:21 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-09 20:07 - 2014-03-05 14:21 - 00003852 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-12-09 18:54 - 2009-07-14 06:08 - 00032532 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-12-08 22:41 - 2010-12-15 21:07 - 00000000 ____D () C:\Users\petra
2014-12-07 18:29 - 2010-12-18 23:00 - 00000000 ____D () C:\Users\petra\AppData\Roaming\vlc
2014-12-06 08:38 - 2009-07-14 05:45 - 04971336 _____ () C:\windows\system32\FNTCACHE.DAT
2014-12-06 07:59 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-12-05 19:36 - 2014-09-17 07:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix
2014-12-05 01:56 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\MSBuild
2014-12-05 01:54 - 2010-12-15 21:23 - 00110440 _____ () C:\Users\petra\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-05 01:43 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-12-26 11:09

==================== End Of Log ============================

#8 Příspěvek od **altrok** » 29 pro 2014 18:31

Zkuste krok s OTM udelat v nouzovem rezimu.

petran · #9 Příspěvek od **petran** » 29 pro 2014 19:40

OTM log z nouzoveho rezimu

All processes killed
Error: Unable to interpret <Kód:> in the current context!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: petra
->Temp folder emptied: 1107500 bytes
->Temporary Internet Files folder emptied: 519202 bytes
->Java cache emptied: 1837557 bytes
->Google Chrome cache emptied: 286992500 bytes
->Flash cache emptied: 830 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10470060 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33298 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46384819 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 331.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: petra
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: petra
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb

Error creating restore point.
========== SERVICES/DRIVERS ==========
Error: No service named bgbjdiu was found to stop!
Service\Driver key bgbjdiu not found.
========== FILES ==========
File/Folder C:\windows\system32\*.tmp.dll not found.
File/Folder C:\windows\system32\SET*.tmp not found.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP46D3.tmp folder moved successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4901.tmp folder moved successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5688.tmp folder moved successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5C58.tmp folder moved successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9DF3.tmp folder moved successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp folder moved successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPD39.tmp folder moved successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPF739.tmp folder moved successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPFF09.tmp folder moved successfully.
C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP2232.tmp folder moved successfully.
C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP2D18.tmp folder moved successfully.
C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP35A0.tmp folder moved successfully.
C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP41EF.tmp folder moved successfully.
C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP4DB2.tmp folder moved successfully.
C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP516C.tmp folder moved successfully.
C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP672C.tmp folder moved successfully.
C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP7513.tmp folder moved successfully.
C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP8AE0.tmp folder moved successfully.
C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP9491.tmp folder moved successfully.
C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP9C10.tmp folder moved successfully.
C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP9DB5.tmp folder moved successfully.
C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPA8AF.tmp folder moved successfully.
C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPC0E2.tmp folder moved successfully.
C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPCC46.tmp folder moved successfully.
C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPCEF2.tmp folder moved successfully.
C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE081.tmp folder moved successfully.
C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp folder moved successfully.
C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp folder moved successfully.
C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE744.tmp folder moved successfully.
C:\windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPEF76.tmp folder moved successfully.
C:\windows\Installer\MSI4640.tmp moved successfully.
C:\windows\Installer\MSI6722.tmp- folder moved successfully.
C:\windows\Installer\MSI692C.tmp moved successfully.
C:\windows\Installer\MSI833.tmp- folder moved successfully.
C:\windows\Installer\MSID400.tmp- folder moved successfully.
C:\windows\Installer\MSIE003.tmp- folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk moved successfully.
File/Folder C:\windows\system32\drivers\nhqt.sys not found.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\IPWsoft deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\YpzPack deleted successfully.

OTM by OldTimer - Version 3.1.21.0 log created on 12292014_192359

petran · #10 Příspěvek od **petran** » 29 pro 2014 19:45

Jeste novy FRST log
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by petra (administrator) on PETRA-HP on 29-12-2014 19:41:39
Running from C:\Users\petra\Desktop
Loaded Profile: petra (Available profiles: petra)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Citrix Systems, Inc) C:\Program Files\Citrix\Secure Access Client\nsverctl.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\ToolbarUpdater.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\loggingserver.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\ProgramData\Microsoft\Secure\Icons\temp\tmp5743.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\Smart PDF Creator\SmartSoft PDF Printer Agent.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Google Inc.) C:\Users\petra\AppData\Local\Google\Update\GoogleUpdate.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Citrix Systems, Inc) C:\Program Files\Citrix\Secure Access Client\nsload.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\audiosrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(FutureDial Inc.) C:\Program Files (x86)\HTC\HTC Sync for BrewMP\AutoDetect.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Nokia) C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Lync\communicator.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Users\petra\AppData\Local\Google\Chrome\Application\chrome.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Google Inc.) C:\Users\petra\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\petra\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\petra\Desktop\FRST64 (1).exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2010-01-08] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2028328 2010-01-22] (Synaptics Incorporated)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files\Motorola\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [SmartSoft PDF Printer Agent] => C:\Program Files\Smart PDF Creator\SmartSoft PDF Printer Agent.exe [50560 2011-05-17] ()
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [489472 2013-06-21] (IDT, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [563736 2010-01-12] (PDF Complete Inc)
HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [499768 2009-09-01] (Hewlett-Packard)
HKLM-x32\...\Run: [NortonOnlineBackup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1110360 2010-05-03] (Symantec Corporation)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2010-12-09] (Nullsoft, Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [HTC Sync] => C:\Program Files (x86)\HTC\HTC Sync for BrewMP\AutoDetect.exe [180224 2010-04-16] (FutureDial Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [220552 2011-04-28] (Geek Software GmbH)
HKLM-x32\...\Run: [NokiaMServer] => C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [256056 2010-10-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [570880 2013-12-27] (Nikon Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Communicator] => C:\Program Files (x86)\Microsoft Lync\communicator.exe [12117312 2014-05-01] (Microsoft Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3653136 2014-11-09] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [3060248 2014-12-09] ()
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-02] (Hewlett-Packard)
Winlogon\Notify\avgwlx64: avgwlx64.dll [X]
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1537954393-1589409457-3668467252-1002\...\Run: [HPAdvisorDock] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-10] ()
HKU\S-1-5-21-1537954393-1589409457-3668467252-1002\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2010-01-22] (Hewlett-Packard Company)
HKU\S-1-5-21-1537954393-1589409457-3668467252-1002\...\Run: [Google Update] => C:\Users\petra\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-17] (Google Inc.)
HKU\S-1-5-21-1537954393-1589409457-3668467252-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-1537954393-1589409457-3668467252-1002\...\Run: [YpzPack] => regsvr32.exe C:\Users\petra\AppData\Local\YpzPack\NativeUtilSnap.dll <===== ATTENTION
HKU\S-1-5-21-1537954393-1589409457-3668467252-1002\...\Run: [IPWsoft] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\petra\AppData\Local\ASworks\AclWan.dll
HKU\S-1-5-21-1537954393-1589409457-3668467252-1002\...\MountPoints2: {0e3978c8-be1d-11e2-95e6-70f395a5c5af} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1537954393-1589409457-3668467252-1002\...\MountPoints2: {a6e0cbba-2273-11e0-9a49-1cc1dead56f6} - H:\vs_premium.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [301568 2013-03-21] (Microsoft Corporation)
AppInit_DLLs-x32: C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll => C:\Program Files (x86)\Citrix\ICA Client\RSHook.dll [256568 2012-12-14] (Citrix Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Citrix Access Gateway.lnk
ShortcutTarget: Citrix Access Gateway.lnk -> C:\Program Files\Citrix\Secure Access Client\nsload.exe (Citrix Systems, Inc)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll ()
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/?clid=22668
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://search.seznam.cz/?sourceid=quick ... earchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1537954393-1589409457-3668467252-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://cag.autocont.cz/
HKU\S-1-5-21-1537954393-1589409457-3668467252-1002\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.seznam.cz/?sourceid=quick ... earchTerms}
HKU\S-1-5-21-1537954393-1589409457-3668467252-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.seznam.cz/?clid=22668
SearchScopes: HKLM -> {EFD90A5C-C40F-45D9-92AB-A3DAE671237A} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKLM-x32 -> {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = http://search.seznam.cz/?sourceid=quick ... earchTerms}
SearchScopes: HKLM-x32 -> {EFD90A5C-C40F-45D9-92AB-A3DAE671237A} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKU\S-1-5-21-1537954393-1589409457-3668467252-1002 -> DefaultScope {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = http://www.bing.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1537954393-1589409457-3668467252-1002 -> {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = http://www.bing.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1537954393-1589409457-3668467252-1002 -> {4C9CBA0D-2FB5-4A52-B2F2-309B981A6D34} URL = http://search.yahoo.com/search?fr=chr-g ... earchTerms}
SearchScopes: HKU\S-1-5-21-1537954393-1589409457-3668467252-1002 -> {737B82B4-4313-442A-B155-9D7CEABE955A} URL = http://search.findwide.com/serp?guid={2 ... earchTerms}
SearchScopes: HKU\S-1-5-21-1537954393-1589409457-3668467252-1002 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={92 ... 2014-12-09 09:45:25&v=4.0.0.19&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1537954393-1589409457-3668467252-1002 -> {A3C94BE3-88E5-49A7-8E8F-4118A4DDA8BD} URL = http://search.yahoo.com/search?fr=chr-g ... earchTerms}
SearchScopes: HKU\S-1-5-21-1537954393-1589409457-3668467252-1002 -> {C6C13DEC-BE6A-4253-B87E-5B76BA964E8C} URL = http://search.findwide.com/rt?guid={5E1 ... earchTerms}
SearchScopes: HKU\S-1-5-21-1537954393-1589409457-3668467252-1002 -> {C7CD73CA-3327-4E63-911E-C23C78A3C332} URL = http://search.yahoo.com/search?p={searc ... type=10809
SearchScopes: HKU\S-1-5-21-1537954393-1589409457-3668467252-1002 -> {EFD90A5C-C40F-45D9-92AB-A3DAE671237A} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.0.0.19\AVG Web TuneUp.dll (AVG)
BHO-x32: Skype Plug-In -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKU\S-1-5-21-1537954393-1589409457-3668467252-1002 -> No Name - {F533918A-A8C5-4CB0-B704-1CDF6E16E34A} - No File
Toolbar: HKU\S-1-5-21-1537954393-1589409457-3668467252-1002 -> No Name - {7BF9DE01-F60A-41F0-B158-ACF52E5F99B8} - No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.10\ViProtocol.dll (AVG Secure Search)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @Citrix.com/npagee64,version=10.1.123.9 -> C:\Program Files\Citrix\Secure Access Client\npagee64.dll (Citrix Systems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.10\\npsitesafety.dll No File
FF Plugin-x32: @Citrix.com/npagee,version=10.1.123.9 -> C:\Program Files\Citrix\Secure Access Client\npagee.dll (Citrix Systems, Inc.)
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 -> C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.5.1 -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1537954393-1589409457-3668467252-1002: @tools.google.com/Google Update;version=3 -> C:\Users\petra\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1537954393-1589409457-3668467252-1002: @tools.google.com/Google Update;version=9 -> C:\Users\petra\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\petra\AppData\Roaming\mozilla\plugins\npagee.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\petra\AppData\Roaming\mozilla\plugins\npagee64.dll (Citrix Systems, Inc.)
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011-02-16]
FF HKLM-x32\...\Firefox\Extensions: [{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}] - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF Extension: Firefox Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension [2011-07-03]
FF HKLM-x32\...\Thunderbird\Extensions: [{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}] - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension [2011-07-03]

Chrome:
=======
CHR HomePage: Default -> https://www.seznam.cz/?clid=22668
CHR StartupUrls: Default -> "hxxp://www.seznam.cz/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\petra\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-14]
CHR Extension: (AVG Secure Search) - C:\Users\petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2014-12-09]
CHR Extension: (VyhledÃƒÆ’Ã‚Â¡vÃƒÆ’Ã‚Â¡nÃƒÆ’Ã‚Â Google) - C:\Users\petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-14]
CHR Extension: (Skype Click to Call) - C:\Users\petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2010-12-27]
CHR Extension: (PenÃƒâ€žÃ¢â‚¬ÂºÃƒâ€¦Ã‚Â¾enka Google) - C:\Users\petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-03]
CHR Extension: (Gmail) - C:\Users\petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-14]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2010-11-22]
CHR StartMenuInternet: Google Chrome - C:\Users\petra\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3488784 2014-11-09] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-11-09] (AVG Technologies CZ, s.r.o.)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [647680 2010-09-27] (Macrovision Europe Ltd.) [File not signed]
R3 FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [1028096 2010-09-27] (Macrovision Europe Ltd.) [File not signed]
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [280120 2010-10-01] (Hewlett-Packard Company)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-01-22] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2782552 2010-05-03] (Symantec Corporation)
R2 nsverctl; C:\Program Files\Citrix\Secure Access Client\nsverctl.exe [157744 2014-01-10] (Citrix Systems, Inc)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2010-01-12] (PDF Complete Inc)
S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [633856 2011-06-08] (Nokia) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed]
R2 vToolbarUpdater18.1.10; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\ToolbarUpdater.exe [1849368 2014-12-09] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [263960 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [50976 2014-12-09] (AVG Technologies)
S3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [42496 2010-05-20] (Motorola, Inc.)
S3 BTMNET; C:\Windows\System32\DRIVERS\btmnet.sys [28672 2010-06-18] (Motorola, Inc.)
R2 cag; C:\Program Files\Common Files\Deterministic Networks\Common Files\cag.sys [102160 2013-04-01] (Citrix Systems, Inc.)
R3 ctxva51; C:\Windows\System32\DRIVERS\ctxva51.sys [46640 2014-01-10] (Citrix Systems, Inc.)
R1 DNE; C:\Windows\System32\DRIVERS\dnelwf64.sys [119120 2013-02-20] (Citrix Systems, Inc.)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [118872 2009-07-30] (QUALCOMM Incorporated)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-29] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [96384 2010-05-21] (Realtek Semiconductor Corp.)
S3 VSPerfDrv110; C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-29 19:41 - 2014-12-29 19:42 - 00033123 _____ () C:\Users\petra\Desktop\FRST.txt
2014-12-29 19:23 - 2014-12-29 19:23 - 00522240 _____ (OldTimer Tools) C:\Users\petra\Desktop\OTM.exe
2014-12-29 19:01 - 2014-12-29 19:01 - 00000901 _____ () C:\Users\petra\Desktop\viry co delat.txt
2014-12-29 17:49 - 2014-12-29 19:41 - 00000000 ____D () C:\FRST
2014-12-29 17:27 - 2014-12-29 17:27 - 02123264 _____ (Farbar) C:\Users\petra\Desktop\FRST64 (1).exe
2014-12-29 17:20 - 2014-12-29 17:20 - 00522240 _____ (OldTimer Tools) C:\Users\petra\Documents\OTM (1).exe
2014-12-29 17:17 - 2014-12-29 17:18 - 00522240 _____ (OldTimer Tools) C:\Users\petra\Documents\OTM.exe
2014-12-29 17:12 - 2014-12-29 17:12 - 00000000 ____D () C:\_OTM
2014-12-29 16:11 - 2014-12-29 16:11 - 00000394 _____ () C:\windows\PFRO.log
2014-12-29 16:05 - 2014-12-29 16:05 - 00002020 _____ () C:\Users\petra\Desktop\Windows Compatibility Report.htm
2014-12-29 16:01 - 2014-12-29 19:32 - 00001029 _____ () C:\windows\setupact.log
2014-12-29 16:01 - 2014-12-29 18:59 - 00000000 _____ () C:\windows\setuperr.log
2014-12-29 15:26 - 2014-12-29 15:26 - 00015392 _____ () C:\Users\petra\Documents\cc_20141229_152623.reg
2014-12-28 23:04 - 2014-12-28 23:04 - 00000507 _____ () C:\Users\petra\Desktop\viry.txt
2014-12-28 10:55 - 2014-12-29 19:36 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-28 10:53 - 2014-12-28 10:53 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-28 10:53 - 2014-12-28 10:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-28 10:53 - 2014-12-28 10:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-28 10:53 - 2014-12-28 10:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-28 10:53 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-12-28 10:53 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-12-28 10:53 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-12-28 10:49 - 2014-12-28 10:50 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\petra\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-28 10:38 - 2014-12-28 10:38 - 00331552 _____ () C:\Users\petra\Documents\zaloha registru.reg
2014-12-28 10:27 - 2014-12-28 10:27 - 00002772 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC
2014-12-28 10:27 - 2014-12-28 10:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-12-28 10:27 - 2014-12-28 10:27 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-28 10:26 - 2014-12-28 10:26 - 05317104 _____ (Piriform Ltd) C:\Users\petra\Downloads\ccsetup501.exe
2014-12-28 10:20 - 2014-12-28 23:06 - 00000000 ____D () C:\Program Files\trend micro
2014-12-28 10:20 - 2014-12-28 10:21 - 00000000 ____D () C:\rsit
2014-12-28 10:20 - 2014-12-28 10:20 - 01222144 _____ () C:\Users\petra\Downloads\RSITx64.exe
2014-12-27 20:02 - 2014-12-27 20:02 - 00001715 _____ () C:\Users\petra\Desktop\Computer.lnk
2014-12-27 20:02 - 2014-12-27 20:02 - 00000288 _____ () C:\Users\petra\AppData\Roaming\4E90F1F3.reg
2014-12-26 23:04 - 2014-12-26 23:04 - 00002146 _____ () C:\Users\petra\Downloads\eKomunikace.ClientACV (3).application
2014-12-26 23:04 - 2014-12-26 23:04 - 00000370 _____ () C:\Users\petra\Desktop\eTesty - klient (ACV).appref-ms
2014-12-26 23:04 - 2014-12-26 23:04 - 00000000 ____D () C:\Users\petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ministerstvo dopravy
2014-12-26 23:03 - 2014-12-26 23:03 - 00002146 _____ () C:\Users\petra\Downloads\eKomunikace.ClientACV (2).application
2014-12-26 11:45 - 2014-12-29 17:12 - 00066752 _____ () C:\windows\SysWOW64\debug.log
2014-12-26 11:45 - 2014-12-29 16:34 - 00004268 _____ () C:\Users\petra\Desktop\Soubor Windows Compatibility Report.htm
2014-12-26 11:37 - 2014-12-29 18:59 - 00002544 _____ () C:\windows\diagwrn.xml
2014-12-26 11:37 - 2014-12-29 18:59 - 00001890 _____ () C:\windows\diagerr.xml
2014-12-26 08:17 - 2014-12-26 08:17 - 00003126 _____ () C:\windows\System32\Tasks\{4547B2DF-65D8-4CDB-A59A-46A2937A7846}
2014-12-25 19:20 - 2014-12-29 19:39 - 00000000 ____D () C:\Users\petra\AppData\Local\ASworks
2014-12-25 19:20 - 2014-12-29 19:37 - 00000000 ____D () C:\Users\petra\AppData\Local\YpzPack
2014-12-25 19:20 - 2014-12-25 19:20 - 00003168 _____ () C:\windows\System32\Tasks\{7B408AEB-899A-4423-9E17-445B83D59666}
2014-12-25 16:48 - 2014-12-25 16:49 - 00002146 _____ () C:\Users\petra\Downloads\eKomunikace.ClientACV.application
2014-12-20 22:06 - 2014-12-20 22:06 - 04085248 _____ () C:\Users\petra\Desktop\teorie_treninku_strelby_zacatecniku.ppt
2014-12-18 06:13 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-12-18 06:13 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-12-17 12:41 - 2014-12-17 12:41 - 00413005 _____ () C:\Users\petra\Desktop\MD_eKom_ UAT_171204 MD.xlsx
2014-12-14 14:32 - 2014-12-14 14:32 - 00002146 _____ () C:\Users\petra\Downloads\eKomunikace.ClientACV (1).application
2014-12-10 06:34 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-12-10 06:34 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-12-10 06:34 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-12-10 06:34 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-12-10 06:33 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-12-10 06:33 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-12-10 06:33 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-12-10 06:33 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-12-10 06:33 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-12-10 06:33 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-12-10 06:33 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-12-10 06:33 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-12-10 06:33 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-12-10 06:33 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-12-10 06:33 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-12-10 06:33 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-12-10 06:33 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-12-10 06:33 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-12-10 06:33 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-12-10 06:33 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-12-10 06:33 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-12-10 06:33 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-12-10 06:33 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-12-10 06:33 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-12-10 06:33 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 06:33 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-12-10 06:33 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-12-10 06:33 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-12-10 06:33 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-12-10 06:33 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-12-10 06:33 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-12-10 06:33 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-12-10 06:33 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-12-10 06:33 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-12-10 06:33 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-12-10 06:33 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-12-10 06:33 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-12-10 06:33 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-12-10 06:33 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-12-10 06:33 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-12-10 06:33 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-12-10 06:33 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 06:33 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-12-10 06:33 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-12-10 06:33 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-12-10 06:33 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-12-10 06:33 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-12-10 06:33 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-12-10 06:33 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-12-10 06:33 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-12-10 06:33 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-12-10 06:33 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-12-10 06:33 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-12-10 06:33 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-12-10 06:33 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-12-10 06:33 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-12-09 09:45 - 2014-12-09 19:51 - 00000000 ____D () C:\ProgramData\AVG Security Toolbar
2014-12-09 09:45 - 2014-12-09 13:45 - 00000000 ____D () C:\Users\petra\AppData\Local\AVG Web TuneUp
2014-12-09 09:45 - 2014-12-09 09:45 - 00050976 _____ (AVG Technologies) C:\windows\system32\Drivers\avgtpx64.sys
2014-12-09 09:45 - 2014-12-09 09:45 - 00000000 ____D () C:\ProgramData\AVG Web TuneUp
2014-12-09 09:45 - 2014-12-09 09:45 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-12-09 09:45 - 2014-12-09 09:45 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp
2014-12-08 22:41 - 2014-12-08 22:41 - 00000000 ____D () C:\Users\petra\Záznamy aplikace Lync
2014-12-08 20:10 - 2014-12-08 20:10 - 00000000 ____D () C:\Users\petra\AppData\Roaming\AVG2015
2014-12-08 20:09 - 2014-12-08 20:09 - 00000000 ____D () C:\Users\petra\AppData\Roaming\TuneUp Software
2014-12-08 20:09 - 2014-12-08 20:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-12-08 20:07 - 2014-12-28 10:02 - 00000000 ____D () C:\ProgramData\AVG2015
2014-12-08 20:07 - 2014-12-08 20:07 - 00000000 ___HD () C:\$AVG
2014-12-08 20:06 - 2014-12-08 20:06 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-12-08 19:15 - 2014-12-29 09:56 - 00000000 ____D () C:\ProgramData\MFAData
2014-12-08 19:15 - 2014-12-09 09:36 - 00000000 ____D () C:\Users\petra\AppData\Local\Avg2015
2014-12-08 19:15 - 2014-12-08 19:15 - 00000000 ____D () C:\Users\petra\AppData\Local\MFAData
2014-12-08 18:42 - 2014-12-08 18:42 - 04578048 _____ (AVG Technologies) C:\Users\petra\Downloads\avg_free_stb_all_2015_5315_ppc2.exe
2014-12-06 07:44 - 2014-12-06 07:47 - 00000000 ____D () C:\Users\Default\Documents\Visual Studio 2012
2014-12-06 07:44 - 2014-12-06 07:47 - 00000000 ____D () C:\Users\Default User\Documents\Visual Studio 2012
2014-12-05 13:58 - 2014-12-05 13:58 - 00000045 _____ () C:\Users\petra\Documents\2014_12.txt
2014-12-05 02:04 - 2014-12-25 18:49 - 00000000 ____D () C:\Users\petra\Documents\Visual Studio 2012
2014-12-05 02:01 - 2014-12-05 02:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 5 SDK
2014-12-05 02:01 - 2014-12-05 02:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 4 SDK
2014-12-05 01:59 - 2014-12-05 01:59 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2014-12-05 01:59 - 2014-12-05 01:59 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-12-05 01:58 - 2014-12-05 01:58 - 00000000 ____D () C:\ProgramData\Windows App Certification Kit
2014-12-05 01:58 - 2014-12-05 01:58 - 00000000 ____D () C:\Program Files\Application Verifier
2014-12-05 01:58 - 2014-12-05 01:58 - 00000000 ____D () C:\Program Files (x86)\Application Verifier
2014-12-05 01:57 - 2014-12-05 01:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2014-12-05 01:57 - 2014-12-05 01:57 - 00000000 ____D () C:\ProgramData\PreEmptive Solutions
2014-12-05 01:54 - 2014-12-05 01:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2014-12-05 01:53 - 2014-12-05 01:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft Web Tools
2014-12-05 01:53 - 2014-12-05 01:53 - 00002019 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Web Platform Installer.lnk
2014-12-05 01:52 - 2014-12-05 01:53 - 00000000 ____D () C:\Program Files\IIS Express
2014-12-05 01:52 - 2014-12-05 01:53 - 00000000 ____D () C:\Program Files (x86)\IIS Express
2014-12-05 01:52 - 2014-12-05 01:52 - 00000000 ____D () C:\Program Files (x86)\NuGet
2014-12-05 01:52 - 2014-12-05 01:52 - 00000000 ____D () C:\Program Files (x86)\Microsoft WCF Data Services
2014-12-05 01:50 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_43.dll
2014-12-05 01:49 - 2014-12-05 01:49 - 00000000 ____D () C:\Program Files (x86)\Windows Kits
2014-12-05 01:44 - 2014-12-05 01:44 - 00000000 ____D () C:\Program Files (x86)\HTML Help Workshop
2014-12-05 01:43 - 2014-12-05 01:43 - 00000000 ____D () C:\Program Files (x86)\Microsoft Help Viewer
2014-12-05 01:41 - 2014-12-05 02:00 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2014-12-05 01:41 - 2014-12-05 02:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2014-12-05 01:41 - 2014-12-05 01:47 - 00000000 ____D () C:\windows\SysWOW64\1033
2014-12-05 01:36 - 2014-12-05 02:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2012
2014-12-05 01:36 - 2014-12-05 02:03 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 11.0
2014-12-05 01:36 - 2014-12-05 02:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs
2014-12-05 01:36 - 2014-12-05 01:41 - 00000000 ____D () C:\windows\system32\1033
2014-12-05 01:36 - 2014-12-05 01:36 - 00000000 ____D () C:\windows\symbols
2014-12-05 01:36 - 2014-12-05 01:36 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 11.0
2014-12-05 01:17 - 2014-12-18 05:57 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-04 23:47 - 2014-12-04 23:47 - 00777835 _____ () C:\Users\petra\Downloads\test
2014-12-04 20:52 - 2014-12-04 20:52 - 00003264 _____ () C:\windows\System32\Tasks\{74AE9AB3-119A-4DD3-BCCA-0B26A6AAED42}
2014-12-04 20:37 - 2014-12-04 20:37 - 00000894 _____ () C:\Users\petra\Downloads\AutoContCA2 (1).crt
2014-12-04 20:37 - 2014-12-04 20:37 - 00000890 _____ () C:\Users\petra\Downloads\AutoContCA (1).crt
2014-12-04 20:36 - 2014-12-04 20:36 - 00000890 _____ () C:\Users\petra\Downloads\cacert (1).crt
2014-12-04 13:51 - 2014-12-04 13:51 - 00000000 ____D () C:\ProgramData\Applications
2014-12-04 13:50 - 2014-12-28 14:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Lync
2014-12-04 13:50 - 2014-12-28 13:59 - 00000000 ____D () C:\Program Files (x86)\Microsoft Lync
2014-12-04 13:50 - 2014-12-06 07:57 - 00000000 ____D () C:\Program Files\Microsoft Lync
2014-12-04 13:49 - 2014-12-29 19:37 - 00000000 ____D () C:\Users\petra\Tracing
2014-12-04 13:49 - 2014-12-04 13:49 - 00000000 ____D () C:\Program Files (x86)\OCSetup
2014-11-30 20:28 - 2014-11-30 20:28 - 00248320 _____ () C:\Users\petra\Downloads\14E5.tmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-29 19:39 - 2009-07-14 05:45 - 00019760 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-29 19:39 - 2009-07-14 05:45 - 00019760 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-29 19:37 - 2010-09-27 23:17 - 01123593 _____ () C:\windows\WindowsUpdate.log
2014-12-29 19:33 - 2010-12-15 22:23 - 00000962 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1537954393-1589409457-3668467252-1002UA.job
2014-12-29 19:32 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-12-29 18:07 - 2014-03-05 14:21 - 00000914 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-12-29 14:19 - 2010-09-09 22:18 - 00672408 _____ () C:\windows\system32\perfh005.dat
2014-12-29 14:19 - 2010-09-09 22:18 - 00142972 _____ () C:\windows\system32\perfc005.dat
2014-12-29 14:19 - 2009-07-14 06:13 - 01593238 _____ () C:\windows\system32\PerfStringBackup.INI
2014-12-29 10:08 - 2014-11-20 16:52 - 01611202 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-12-29 09:33 - 2010-12-15 22:23 - 00000910 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1537954393-1589409457-3668467252-1002Core.job
2014-12-28 22:28 - 2013-07-11 19:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nikon Message Center 2
2014-12-28 22:12 - 2011-01-31 20:43 - 00000000 ____D () C:\Users\petra\AppData\Local\Downloaded Installations
2014-12-28 15:02 - 2010-12-15 22:22 - 00000000 ____D () C:\Users\petra\AppData\Local\Deployment
2014-12-28 11:41 - 2014-02-28 16:31 - 00000332 _____ () C:\windows\Tasks\HPCeeScheduleForpetra.job
2014-12-28 10:34 - 2011-05-31 20:29 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2014-12-28 10:34 - 2010-12-28 20:53 - 00000000 ____D () C:\Users\petra\AppData\Roaming\Media Player Classic
2014-12-28 10:34 - 2010-12-19 15:39 - 00000000 ____D () C:\Users\petra\AppData\Roaming\uTorrent
2014-12-28 10:30 - 2009-07-27 16:04 - 00000000 ____D () C:\windows\Panther
2014-12-28 05:25 - 2010-09-09 22:23 - 00000000 ____D () C:\ProgramData\PDFC
2014-12-27 09:40 - 2010-12-27 20:58 - 00000000 ____D () C:\Users\petra\.gimp-2.6
2014-12-26 17:02 - 2014-02-28 16:31 - 00003186 _____ () C:\windows\System32\Tasks\HPCeeScheduleForpetra
2014-12-26 17:02 - 2011-10-28 19:20 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-12-26 17:02 - 2010-12-17 17:29 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log
2014-12-16 17:26 - 2012-08-28 20:31 - 00047616 _____ () C:\Users\petra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-12 18:06 - 2010-12-16 04:57 - 00000000 ____D () C:\windows\rescache
2014-12-12 16:53 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-12-12 16:36 - 2011-01-17 21:58 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-12 16:34 - 2013-08-15 07:13 - 00000000 ____D () C:\windows\system32\MRT
2014-12-12 16:18 - 2010-12-19 16:13 - 112710672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-12-09 20:07 - 2014-03-05 14:21 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-12-09 20:07 - 2014-03-05 14:21 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-09 20:07 - 2014-03-05 14:21 - 00003852 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-12-09 18:54 - 2009-07-14 06:08 - 00032532 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-12-08 22:41 - 2010-12-15 21:07 - 00000000 ____D () C:\Users\petra
2014-12-07 18:29 - 2010-12-18 23:00 - 00000000 ____D () C:\Users\petra\AppData\Roaming\vlc
2014-12-06 08:38 - 2009-07-14 05:45 - 04971336 _____ () C:\windows\system32\FNTCACHE.DAT
2014-12-06 07:59 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-12-05 19:36 - 2014-09-17 07:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix
2014-12-05 01:56 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\MSBuild
2014-12-05 01:54 - 2010-12-15 21:23 - 00110440 _____ () C:\Users\petra\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-05 01:43 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-12-26 11:09

==================== End Of Log ============================

#11 Příspěvek od **altrok** » 29 pro 2014 19:51

Jak moc na to spechate?

Pouzijte utilitu dle navodu kolegy

vyosek píše: Stahnete Malwarebytes Anti-Rootkit http://www.bleepingcomputer.com/downloa ... i-rootkit/
Ulozte nejlepe na Plochu a rozbalte

Spustte kliknutim na mbar

Nyni postupne kliknete na Next a Update

Po dokonceni update (aktualizace) databaze kliknete opet na Next

Nechte zaskrtnute vsechny tri moznosti a klinete na Scan cimz spustite prohledavani PC

Po dokonceni skenu (cca 5 minutek) zkontrolujte, zda-li je u vsech nalezu (samozrejme pokud budou) zatrzitko

Tez zkontrolujte, jetsli je zatrzitko u Create Restore point

Nyni kliknete na CleanUp cimz nalezenou infekci odstranime

PC bude restartovan

Slozka mbar by mela obsahovat log (a zrejme se i sam otevre) mbar-log-rok-mesic-den (hodina-minuta-sekunda).txt, ten mi sem dejte

petran · #12 Příspěvek od **petran** » 29 pro 2014 20:10

stahla jsem, ale pri kliknuti na mbar se mi objevi chyba Probable rootkit activity detected
viz priloha

mam naistalovany malwarebytes anti-malware

#13 Příspěvek od **altrok** » 29 pro 2014 20:30

tento klic je upraven Citrixem... tzn je OK

Kód: Vybrat vše

AppInit_DLLs-x32: C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll => C:\Program Files (x86)\Citrix\ICA Client\RSHook.dll [256568 2012-12-14] (Citrix Systems, Inc.)

Jeste mi udelejte jeden sken.. postup kolegy Naughtyho

Po stazeni http://www.xuetr.com/download/PCHunter_free.zip
(rezervni odkaz http://www.epoolsoft.com/pchunter/PCHunter_free.zip ),
rozbaleni, spusteni spravne verze dle operacniho systemu 32b vs 64b, prejdi do zalozky Examination, v ni zaskrkej vsechny volby, dej generovat, po skonceni generovani klik na exportovat - textak do raru a vloz do prispevku (neb bude dlouhy a neveesel by se).

petran · #14 Příspěvek od **petran** » 29 pro 2014 21:25

pustila jsem Malwarebytes Anti-Rootkit s vysledkem: No malware found

behem testu se objevila chyba avg "nalezen malsign.generic.da6"viz priloha
dala jsem ho avg odstanit a pry byl uspesne odstranen.

log z Malwarebytes Anti-Rootkit:
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.2.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17501

Java version: 1.6.0_24

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 2.294000 GHz
Memory total: 4190388224, free: 1758867456

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.2.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17501

Java version: 1.6.0_24

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 2.294000 GHz
Memory total: 4190388224, free: 1699942400

Downloaded database version: v2014.12.29.06
Downloaded database version: v2014.12.23.02
Downloaded database version: v2014.12.06.01
=======================================
Initializing...
This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
=======================================
Initializing...
This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
=======================================

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.2.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17501

Java version: 1.6.0_24

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 2.294000 GHz
Memory total: 4190388224, free: 1772085248

=======================================
Initializing...
This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
Initializing...
======================
------------ Kernel report ------------
12/29/2014 20:58:19
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\avgrkx64.sys
\SystemRoot\system32\DRIVERS\avgloga.sys
\SystemRoot\system32\DRIVERS\avgmfx64.sys
\SystemRoot\system32\DRIVERS\avgidsha.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\ctxusbm.sys
\??\C:\windows\system32\drivers\avgtpx64.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\avgtdia.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\dnelwf64.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\drivers\truecrypt.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\Drivers\ElbyCDIO.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avgldx64.sys
\SystemRoot\system32\DRIVERS\avgidsdrivera.sys
\SystemRoot\system32\DRIVERS\avgdiska.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\netr28x.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\VClone.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\system32\DRIVERS\portcls.sys
\SystemRoot\system32\DRIVERS\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\agrsm64.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\drivers\IntcHdmi.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\rtsuvc.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Program Files\Common Files\Deterministic Networks\Common Files\cag.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\ctxva51.sys
\??\C:\windows\system32\drivers\mbamchameleon.sys
\??\C:\windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004dba060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8004b46050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004dba060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004dbab90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004dba060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004b43e40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8004b46050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: DA9CE7A5

Partition information:

Partition 0 type is Dynamic (0x42)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 1985

Partition 1 type is Dynamic (0x42)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 614400
Partition file system is NTFS
Partition is bootable

Partition 2 type is Dynamic (0x42)
Partition is NOT ACTIVE.
Partition starts at LBA: 616448 Numsec = 489949184

Partition 3 type is Dynamic (0x42)
Partition is NOT ACTIVE.
Partition starts at LBA: 490565632 Numsec = 486205488

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
File "c:\programdata\avg2015\chjw\3cd41438d413f2be.dat:dda47f37-aed7-4d3d-a3fc-de16068efb4c" is sparse (flags = 32768)
File "c:\programdata\avg2015\chjw\4e9ad15d9ad141df.dat:6296cf6d-4f20-4d31-ad0e-4568690a4b0f" is sparse (flags = 32768)
File "c:\programdata\avg2015\chjw\664c8d304c8cfc55.dat:0c8dcb0e-38f3-4e60-b9f5-8a4a5e99dd06" is sparse (flags = 32768)
Scan finished

#15 Příspěvek od **altrok** » 29 pro 2014 22:18

Dejte jeste log z PCHuntera

VIRY.CZ

nelze spustit aplikace + iexplore.exe - chyba aplikace

nelze spustit aplikace + iexplore.exe - chyba aplikace

Re: nelze spustit aplikace + iexplore.exe - chyba aplikace

Re: nelze spustit aplikace + iexplore.exe - chyba aplikace

Re: nelze spustit aplikace + iexplore.exe - chyba aplikace

Re: nelze spustit aplikace + iexplore.exe - chyba aplikace

Re: nelze spustit aplikace + iexplore.exe - chyba aplikace

Re: nelze spustit aplikace + iexplore.exe - chyba aplikace

Re: nelze spustit aplikace + iexplore.exe - chyba aplikace

Re: nelze spustit aplikace + iexplore.exe - chyba aplikace

Re: nelze spustit aplikace + iexplore.exe - chyba aplikace

Re: nelze spustit aplikace + iexplore.exe - chyba aplikace

Re: nelze spustit aplikace + iexplore.exe - chyba aplikace

Re: nelze spustit aplikace + iexplore.exe - chyba aplikace

Re: nelze spustit aplikace + iexplore.exe - chyba aplikace

Re: nelze spustit aplikace + iexplore.exe - chyba aplikace