Velké využití procesoru

[doctord]

Zdravím,
dnes nastal na mém PC problém s max. využitím procesoru.



Včera vše OK. Provedl jsem dnes pouze instalaci aktualizací pro W7x64.

Provedl jsem čištění pomocí

Kód: Vybrat vše

Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

Log z AdwCleaner je zde

Kód: Vybrat vše

# AdwCleaner v4.110 - Logfile created 11/02/2015 at 20:58:47
# Updated 05/02/2015 by Xplode
# Database : 2015-02-09.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : David - DAVID-PC
# Running from : C:\Users\David\Desktop\adwcleaner_4.110.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

File Deleted : C:\Windows\Reimage.ini
File Deleted : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : HKCU\Software\Reimage
Key Deleted : [x64] HKLM\SOFTWARE\Reimage
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Google Chrome v40.0.2214.111


-\\ Opera v27.0.1689.69


*************************

AdwCleaner[R0].txt - [1330 bytes] - [11/02/2015 20:50:40]
AdwCleaner[R1].txt - [1400 bytes] - [11/02/2015 20:54:44]
AdwCleaner[R2].txt - [1459 bytes] - [11/02/2015 20:58:01]
AdwCleaner[S0].txt - [1351 bytes] - [11/02/2015 20:58:47]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1410  bytes] ##########

Report z RSIT je zde.

Kód: Vybrat vše

Logfile of random's system information tool 1.10 (written by random/random)
Run by David at 2015-02-11 21:04:02
Microsoft Windows 7 Professional  Service Pack 1
System drive C: has 16 GB (14%) free of 114 GB
Total RAM: 8135 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:04:06, on 11.2.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17496)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe
C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe
C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
C:\Users\David\AppData\Local\Akamai\netsession_win.exe
C:\Users\David\AppData\Roaming\WinUpdate\c\windrv.exe
C:\Users\David\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Program Files (x86)\ZotacFireStorm\FireStorm.exe
C:\Users\David\AppData\Roaming\WinUpdate\c\winlog.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNoticeMonitor.exe
C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe
C:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer.exe
C:\Program Files (x86)\ASUS\AI Suite III\ASUSMiniBar.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\David.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com/support/Download/1/45/6/15/n1YzcJITwZrK4LaT/30/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [FireStormStartUpAutoRun] C:\Program Files (x86)\ZotacFireStorm\FireStorm.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\David\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [Windows Drivers] "C:\Users\David\AppData\Roaming\WinUpdate\c\windrv.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
O23 - Service: ASUS HM Com Service (asHmComSvc) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
O23 - Service: AsusFanControlService - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AsusFanControlService\1.06.11\AsusFanControlService.exe
O23 - Service: AsusGameFirstService - ASUSTeK - C:\Program Files (x86)\ASUS\ROG Game First III\AsusGameFirstService.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Futuremark SystemInfo Service - Futuremark - C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: WUAUCLT - Unknown owner - C:\Users\David\AppData\Roaming\nssm.exe

--
End of file - 10308 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
winlogon.exe
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs

"C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe"
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
"C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe"
"taskhost.exe"
taskeng.exe {80AE2195-D00D-4C3C-BA68-B63FD745324E}
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
taskeng.exe {B2A7667A-4DC8-4F22-94F3-5502C9E7ABFF}
"C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe" /s
"C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe" 
"C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe" 
"C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe" 
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe"
"C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe"
"C:\Program Files (x86)\ASUS\AsusFanControlService\1.06.11\AsusFanControlService.exe"
"C:\Program Files (x86)\ASUS\ROG Game First III\AsusGameFirstService.exe"
"C:\Users\David\AppData\Local\Akamai\netsession_win.exe" 
"C:\Users\David\AppData\Roaming\WinUpdate\c\windrv.exe" 
"C:/Users/David/AppData/Local/Akamai/netsession_win.exe" --client
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" 
"C:\Windows\System32\Ctxfihlp.exe" 
"C:\Program Files (x86)\ZotacFireStorm\FireStorm.exe" 
"C:\Users\David\AppData\Roaming\WinUpdate\c\winlog.exe"  -a scrypt -t 2 -o stratum+tcp://pool.litecoinrain.org:3333 -O woody:x
\??\C:\Windows\system32\conhost.exe "-477625892894664081-1182654121-1032792549-698291695205844308613335809562045775932
"C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe" ﾋ譕菬ᓬ譓ౝ譖ࡳ㔳ቀ皹譗옆ｅ윀
C:\Windows\system32\IProsetMonitor.exe
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"
C:\Users\David\AppData\Roaming\nssm.exe
\??\C:\Windows\system32\conhost.exe "6154311914015363311229774078-11522456891630000926-993398926-11567599281577917095
"C:\Program Files\Intel\NCS2\WMIProv\NCS2Prov.exe" -Embedding
"C:\Users\David\AppData\Roaming\SMSvcHost.exe" -a X11 -o stratum+tcp://x11.ltcrabbit.com:3332 -u Jimbo.worker -p 0 -t 2
"C:\Windows\SysWOW64\CTXFISPI.EXE" -Embedding
"C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNoticeMonitor.exe" 
"C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotify_PCCtrl.exe" 
"C:\Program Files\Microsoft Security Client\NisSrv.exe"
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-81da50f1-c35d-42ab-a63b-0486939df59f -SystemEventPortName:HostProcess-a19be623-3a10-4f00-ab0a-38c003006130 -IoCancelEventPortName:HostProcess-34d957d8-fde2-4375-845c-feb7fefca807 -NonStateChangingEventPortName:HostProcess-902bbe12-672c-46c0-8ef4-8f1ee979f780 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:a8fae1df-9f83-49eb-865c-e5bcf12ed80f -DeviceGroupId:
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe"
"C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe" 
"C:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer.exe" /i
"C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe" /i
"C:\Program Files (x86)\ASUS\AI Suite III\ASUSMiniBar.exe" -s
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" 
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="4764.0.1054354285\397005298" --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,18,39,47 --gpu-vendor-id=0x10de --gpu-device-id=0x13c2 --gpu-driver-vendor=NVIDIA --gpu-driver-version=9.18.13.4475 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group12 pct:1c stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/MaterialDesignNTP/Enabled/NewProfileManagement/NewAvatarMenu/PasswordGeneration/Disabled/QUIC/ControlForLargePopulation/RememberCertificateErrorDecisions/Default/SPDY/Spdy4Enabled-default/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_22/UMA-Uniformity-Trial-10-Percent/group_01/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-50-Percent/group_01/UwSInterstitialStatus/Off/VoiceTrigger/Install/WebRTC-IPv6Default/Enabled/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="4764.2.114391023\504863974" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group12 pct:1c stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GCM/Enabled/GoogleNow/Enable/MaterialDesignNTP/Enabled/NewProfileManagement/NewAvatarMenu/OmniboxBundledExperimentV1/StandardR4/PasswordGeneration/Disabled/QUIC/ControlForLargePopulation/RememberCertificateErrorDecisions/Default/SPDY/Spdy4Enabled-default/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_22/UMA-Uniformity-Trial-10-Percent/group_01/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-50-Percent/group_01/UwSInterstitialStatus/Off/VoiceTrigger/Install/WebRTC-IPv6Default/Enabled/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="4764.4.369435121\440399275" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group12 pct:1c stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GCM/Enabled/GoogleNow/Enable/MaterialDesignNTP/Enabled/NewProfileManagement/NewAvatarMenu/OmniboxBundledExperimentV1/StandardR4/PasswordGeneration/Disabled/QUIC/ControlForLargePopulation/RememberCertificateErrorDecisions/Default/SPDY/Spdy4Enabled-default/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_22/UMA-Uniformity-Trial-10-Percent/group_01/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-50-Percent/group_01/UwSInterstitialStatus/Off/VoiceTrigger/Install/WebRTC-IPv6Default/Enabled/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="4764.5.1025726658\1855210826" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group12 pct:1c stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GCM/Enabled/GoogleNow/Enable/MaterialDesignNTP/Enabled/NewProfileManagement/NewAvatarMenu/OmniboxBundledExperimentV1/StandardR4/PasswordGeneration/Disabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/QUIC/ControlForLargePopulation/RememberCertificateErrorDecisions/Default/SPDY/Spdy4Enabled-default/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_22/UMA-Uniformity-Trial-10-Percent/group_01/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-50-Percent/group_01/UwSInterstitialStatus/Off/VoiceTrigger/Install/WebRTC-IPv6Default/Enabled/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="4764.8.1173892501\2132607397" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group12 pct:1c stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GCM/Enabled/GoogleNow/Enable/MaterialDesignNTP/Enabled/NewProfileManagement/NewAvatarMenu/OmniboxBundledExperimentV1/StandardR4/PasswordGeneration/Disabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/QUIC/ControlForLargePopulation/RememberCertificateErrorDecisions/Default/SPDY/Spdy4Enabled-default/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_22/UMA-Uniformity-Trial-10-Percent/group_01/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-50-Percent/group_01/UwSInterstitialStatus/Off/VoiceTrigger/Install/WebRTC-IPv6Default/Enabled/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="4764.9.1121170800\146102968" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group12 pct:1c stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GCM/Enabled/GoogleNow/Enable/MaterialDesignNTP/Enabled/NewProfileManagement/NewAvatarMenu/OmniboxBundledExperimentV1/StandardR4/PasswordGeneration/Disabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/QUIC/ControlForLargePopulation/RememberCertificateErrorDecisions/Default/SPDY/Spdy4Enabled-default/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_22/UMA-Uniformity-Trial-10-Percent/group_01/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-50-Percent/group_01/UwSInterstitialStatus/Off/VoiceTrigger/Install/WebRTC-IPv6Default/Enabled/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="4764.11.851764825\591954323" /prefetch:673131151
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" 
"C:\Windows\system32\SearchFilterHost.exe" 0 532 536 544 65536 540 
wmiadap.exe /F /T /R
"C:\Users\David\Desktop\RSITx64.exe" 
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe  /c 
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe  /ua /installsource scheduler 

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-23 551848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-23 212904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2014-08-22 1331288]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"=C:\Users\David\AppData\Local\Akamai\netsession_win.exe [2014-10-29 4673432]
"Windows Drivers"=C:\Users\David\AppData\Roaming\WinUpdate\c\windrv.exe [2014-04-29 6144]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2014-11-29 293872]
"CTxfiHlp"=CTXFIHLP.EXE []
"FireStormStartUpAutoRun"=C:\Program Files (x86)\ZotacFireStorm\FireStorm.exe [2014-11-04 24276992]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"VIDC.RTV1"=rtvcvfw64.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2015-02-11 21:04:02 ----D---- C:\rsit
2015-02-11 21:04:02 ----D---- C:\Program Files\trend micro
2015-02-11 20:50:35 ----D---- C:\AdwCleaner
2015-02-11 20:45:27 ----D---- C:\FRST
2015-02-10 17:38:39 ----D---- C:\Program Files (x86)\Wolfenstein The New Order
2015-02-10 17:38:32 ----D---- C:\Users\David\AppData\Roaming\WinUpdate
2015-01-18 19:35:26 ----D---- C:\Program Files (x86)\FastShare
2015-01-15 07:44:17 ----A---- C:\Windows\SYSWOW64\nlaapi.dll
2015-01-15 07:44:17 ----A---- C:\Windows\SYSWOW64\ncsi.dll
2015-01-15 07:44:17 ----A---- C:\Windows\system32\TSWbPrxy.exe
2015-01-15 07:44:17 ----A---- C:\Windows\system32\profsvc.dll
2015-01-15 07:44:17 ----A---- C:\Windows\system32\nlasvc.dll
2015-01-15 07:44:17 ----A---- C:\Windows\system32\drivers\mrxdav.sys
2015-01-15 07:44:16 ----A---- C:\Windows\SYSWOW64\srclient.dll
2015-01-15 07:44:16 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2015-01-15 07:44:16 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2015-01-15 07:44:16 ----A---- C:\Windows\system32\srcore.dll
2015-01-15 07:44:16 ----A---- C:\Windows\system32\srclient.dll
2015-01-15 07:44:16 ----A---- C:\Windows\system32\rstrui.exe
2015-01-15 07:44:16 ----A---- C:\Windows\system32\ntoskrnl.exe

======List of files/folders modified in the last 1 month======

2015-02-11 21:04:02 ----RD---- C:\Program Files
2015-02-11 21:03:49 ----D---- C:\Windows\Temp
2015-02-11 21:00:00 ----A---- C:\Windows\PE_Rom.dll
2015-02-11 20:59:55 ----D---- C:\Windows\system32\drivers
2015-02-11 20:59:08 ----D---- C:\Windows\system32\config
2015-02-11 20:59:08 ----D---- C:\Windows\system32\catroot
2015-02-11 20:58:47 ----D---- C:\Windows
2015-02-11 20:57:26 ----SHD---- C:\System Volume Information
2015-02-11 20:47:13 ----D---- C:\Windows\System32
2015-02-11 20:47:13 ----D---- C:\Windows\inf
2015-02-11 20:47:13 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-02-11 20:46:57 ----D---- C:\Windows\system32\Tasks
2015-02-11 20:46:57 ----D---- C:\Program Files (x86)\Opera
2015-02-11 20:46:33 ----D---- C:\Windows\system32\catroot2
2015-02-11 20:46:32 ----D---- C:\Windows\winsxs
2015-02-11 20:41:40 ----D---- C:\Windows\Tasks
2015-02-11 20:41:40 ----D---- C:\Windows\SysWOW64
2015-02-11 20:41:40 ----D---- C:\Windows\system32\wfp
2015-02-11 20:41:40 ----D---- C:\Windows\system32\cs-CZ
2015-02-11 20:41:40 ----D---- C:\Program Files\Microsoft Security Client
2015-02-11 20:41:40 ----D---- C:\Program Files\Internet Explorer
2015-02-11 20:41:39 ----D---- C:\Windows\system32\wbem
2015-02-11 20:41:05 ----SD---- C:\Windows\system32\CompatTel
2015-02-11 20:41:05 ----D---- C:\Windows\SYSWOW64\en-US
2015-02-11 20:41:05 ----D---- C:\Windows\SYSWOW64\cs-CZ
2015-02-11 20:41:05 ----D---- C:\Windows\system32\en-US
2015-02-11 20:41:05 ----D---- C:\Windows\system32\DriverStore
2015-02-11 20:41:05 ----D---- C:\Windows\system32\appraiser
2015-02-11 20:41:05 ----D---- C:\Windows\PolicyDefinitions
2015-02-11 20:41:05 ----D---- C:\Program Files (x86)\Internet Explorer
2015-02-11 20:41:03 ----D---- C:\Windows\system32\CodeIntegrity
2015-02-11 20:41:02 ----SHD---- C:\Windows\Installer
2015-02-11 20:41:02 ----D---- C:\Windows\security
2015-02-11 20:41:02 ----D---- C:\ProgramData\Package Cache
2015-02-11 20:41:01 ----RD---- C:\Program Files (x86)
2015-02-11 20:41:01 ----D---- C:\Program Files\NVIDIA Corporation
2015-02-11 20:41:01 ----D---- C:\Program Files\Futuremark
2015-02-11 20:41:01 ----D---- C:\Program Files\Common Files\Microsoft Shared
2015-02-11 20:41:01 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2015-02-11 20:41:01 ----D---- C:\Program Files (x86)\Microsoft Security Client
2015-02-11 20:41:01 ----D---- C:\Program Files (x86)\Geeks3D
2015-02-11 20:40:57 ----D---- C:\Windows\registration
2015-02-11 20:40:46 ----D---- C:\Program Files (x86)\MSI Afterburner
2015-02-11 20:17:44 ----D---- C:\Windows\tracing
2015-02-11 20:15:36 ----D---- C:\Windows\system32\MRT
2015-02-08 18:13:47 ----RSD---- C:\Windows\assembly
2015-02-04 20:58:19 ----D---- C:\Program Files (x86)\TeamViewer
2015-02-04 20:58:18 ----RSD---- C:\Windows\Fonts
2015-01-31 20:22:18 ----D---- C:\Program Files (x86)\RivaTuner Statistics Server
2015-01-28 19:48:37 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-01-25 10:57:26 ----D---- C:\Users\David\AppData\Roaming\Vso
2015-01-23 20:31:24 ----D---- C:\ProgramData\Oracle
2015-01-23 20:30:41 ----D---- C:\Program Files (x86)\Common Files
2015-01-23 20:30:31 ----A---- C:\Windows\system32\WindowsAccessBridge-64.dll
2015-01-23 20:30:29 ----D---- C:\Program Files\Java
2015-01-22 07:26:36 ----D---- C:\Windows\system32\FxsTmp
2015-01-20 20:03:15 ----D---- C:\Program Files (x86)\Steam
2015-01-16 18:27:12 ----A---- C:\Windows\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStorA;iaStorA; C:\Windows\system32\DRIVERS\iaStorA.sys [2014-05-28 672104]
R0 iaStorF;iaStorF; C:\Windows\system32\DRIVERS\iaStorF.sys [2014-05-28 28008]
R0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2014-11-29 20464]
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2014-07-17 269008]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 AsIO;AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [2014-01-28 15232]
R1 AsUpIO;AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [2014-11-29 14464]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2014-11-29 283064]
R1 NFC_Driver;NFC_Driver; C:\Windows\system32\drivers\NFC_Driver.sys [2014-03-27 48336]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2014-07-17 125584]
R3 AiCharger;AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [2012-03-22 14848]
R3 ASUSFILTER;ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [2014-11-29 46152]
R3 CT20XUT.SYS;CT20XUT.SYS; C:\Windows\System32\drivers\CT20XUT.SYS [2014-02-28 232728]
R3 ctaud2k;Creative Audio Driver (WDM); C:\Windows\system32\drivers\ctaud2k.sys [2014-02-28 703384]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS; C:\Windows\System32\drivers\CTEXFIFX.SYS [2014-02-28 1448216]
R3 CTHWIUT.SYS;CTHWIUT.SYS; C:\Windows\System32\drivers\CTHWIUT.SYS [2014-02-28 97560]
R3 ctprxy2k;Creative Proxy Driver; C:\Windows\system32\drivers\ctprxy2k.sys [2014-02-28 18200]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\Windows\system32\drivers\ctsfm2k.sys [2014-02-28 215320]
R3 e1dexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver D; C:\Windows\system32\DRIVERS\e1d62x64.sys [2014-03-14 487704]
R3 emupia;E-mu Plug-in Architecture Driver; C:\Windows\system32\drivers\emupia2k.sys [2014-02-28 120600]
R3 ha20x22k;Creative 20X2 HAL Driver; C:\Windows\system32\drivers\ha20x22k.sys [2014-02-28 1617176]
R3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hub.sys [2014-11-29 383984]
R3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2014-11-29 795120]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [2014-04-03 118272]
R3 NAL;Nal Service ; \??\C:\Windows\system32\Drivers\iqvw64e.sys [2014-02-26 34568]
R3 ossrv;Creative OS Services Driver; C:\Windows\system32\drivers\ctoss2k.sys [2014-02-28 181528]
R3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
R3 RTCore64;RTCore64; \??\C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2013-03-11 13368]
R4 IOMap;IOMap; \??\C:\Windows\system32\drivers\IOMap64.sys [2014-11-29 24824]
S1 VDiskBus;ASUS Disk Unlocker; C:\Windows\system32\DRIVERS\VDiskBus64.sys []
S3 ASFLTDrv.sys;ASFLTDrv.sys; \??\C:\Program Files (x86)\ASUSTek Computer Inc\Disk Unlocker\ASFLTDrv64.sys []
S3 cpuz134;cpuz134; \??\C:\Users\David\AppData\Local\Temp\cpuz134\cpuz134_x64.sys []
S3 cpuz136;cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys []
S3 CT20XUT;CT20XUT; C:\Windows\system32\drivers\CT20XUT.SYS [2014-02-28 232728]
S3 ctac32k;Creative AC3 Software Decoder; C:\Windows\system32\drivers\ctac32k.sys [2014-02-28 582936]
S3 CTEXFIFX;CTEXFIFX; C:\Windows\system32\drivers\CTEXFIFX.SYS [2014-02-28 1448216]
S3 CTHWIUT;CTHWIUT; C:\Windows\system32\drivers\CTHWIUT.SYS [2014-02-28 97560]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2014-01-22 108800]
S3 GPUZ;GPUZ; \??\C:\Windows\TEMP\GPUZ.sys []
S3 ha20x2k;Creative 20X HAL Driver; C:\Windows\system32\drivers\ha20x2k.sys [2014-02-28 1572632]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
S3 mirror;mirror; C:\Windows\system32\DRIVERS\mirror.sys [2013-06-03 14648]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2014-01-22 206080]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 WinUsb;Android USB Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]
S4 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 asComSvc;ASUS Com Service; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [2014-01-28 936728]
R2 asHmComSvc;ASUS HM Com Service; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [2014-11-29 954648]
R2 AsSysCtrlService;ASUS System Control Service; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [2014-11-28 1360016]
R2 AsusFanControlService;AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.06.11\AsusFanControlService.exe [2014-11-29 394040]
R2 AsusGameFirstService;AsusGameFirstService; C:\Program Files (x86)\ASUS\ROG Game First III\AsusGameFirstService.exe [2014-10-27 347960]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 CTAudSvcService;Creative Audio Service; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [2010-02-12 286720]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe [2014-03-11 260360]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2014-04-03 154584]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2014-04-03 398296]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2014-08-22 23784]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2014-11-12 934032]
R2 TeamViewer;TeamViewer 10; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2015-01-30 5429520]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2013-01-02 171632]
R3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-08-22 368624]
R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-30 107912]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2014-11-28 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2014-11-28 79360]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [2014-11-25 614624]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-30 107912]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-11-22 114688]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2014-01-31 887232]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2014-09-16 569024]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2014-11-29 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

Děkuji moc za rady!

[altrok]

Zdravim

Necekane je soucasti warezu (Wolfenstein) i BitCoin miner... tezko rict, jestli bude prinosem Vam v teto situaci pomahat...

Dejte log FRST.txt, prilozte i Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101

[doctord]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-02-2015 02
Ran by David (administrator) on DAVID-PC on 11-02-2015 22:09:03
Running from C:\Users\David\Desktop
Loaded Profiles: David (Available profiles: David)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
() C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe
() C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.06.11\AsusFanControlService.exe
(ASUSTeK) C:\Program Files (x86)\ASUS\ROG Game First III\AsusGameFirstService.exe
(Akamai Technologies, Inc.) C:\Users\David\AppData\Local\Akamai\netsession_win.exe
(Microsoft) C:\Users\David\AppData\Roaming\WinUpdate\c\windrv.exe
(Akamai Technologies, Inc.) C:\Users\David\AppData\Local\Akamai\netsession_win.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
(PC Partner Co.Ltd) C:\Program Files (x86)\ZotacFireStorm\FireStorm.exe
() C:\Users\David\AppData\Roaming\WinUpdate\c\winlog.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\Users\David\AppData\Roaming\nssm.exe
() C:\Users\David\AppData\Roaming\SMSvcHost.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTxfispi.exe
() C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNoticeMonitor.exe
() C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotify_PCCtrl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
() C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe
() C:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer.exe
() C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe
() C:\Program Files (x86)\ASUS\AI Suite III\AsusMiniBar.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(JetAudio, Inc.) C:\Program Files (x86)\JetAudio\JetAudio.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Opera Software) C:\Program Files (x86)\Opera\27.0.1689.69_0\opera.exe
() C:\Program Files (x86)\Opera\27.0.1689.69_0\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\27.0.1689.69_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\27.0.1689.69_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\27.0.1689.69_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\27.0.1689.69_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\27.0.1689.69_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\27.0.1689.69_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\27.0.1689.69_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\27.0.1689.69_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\27.0.1689.69_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\27.0.1689.69_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\27.0.1689.69_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\27.0.1689.69_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\27.0.1689.69_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\27.0.1689.69_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\27.0.1689.69_0\opera.exe
(forum.viry.cz) C:\Users\David\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [293872 2014-11-29] (Intel Corporation)
HKLM-x32\...\Run: [CTxfiHlp] => CTXFIHLP.EXE
HKLM-x32\...\Run: [FireStormStartUpAutoRun] => C:\Program Files (x86)\ZotacFireStorm\FireStorm.exe [24276992 2014-11-04] (PC Partner Co.Ltd)
HKU\S-1-5-21-706506168-2176113910-744449165-1000\...\Run: [Akamai NetSession Interface] => C:\Users\David\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-706506168-2176113910-744449165-1000\...\Run: [Windows Drivers] => C:\Users\David\AppData\Roaming\WinUpdate\c\windrv.exe [6144 2014-04-29] (Microsoft)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-11-28] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-706506168-2176113910-744449165-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com/support/Download/1/ ... rK4LaT/30/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwar ... PIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwar ... /CTPID.cab
Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

Chrome:
=======
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-30]
CHR Extension: (HD for YouTube™) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjbfncbadcmnkopckegnmjgihagponf [2014-11-30]
CHR Extension: (Dokumenty Google) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-30]
CHR Extension: (Disk Google) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-30]
CHR Extension: (YouTube) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-30]
CHR Extension: (Adblock Plus) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-11]
CHR Extension: (Vyhledávání Google) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-30]
CHR Extension: (Tabulky Google) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-30]
CHR Extension: (AdBlock) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-11-30]
CHR Extension: (Peněženka Google) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-30]
CHR Extension: (Gmail) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-30]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [Not Found]

Opera:
=======
OPR Extension: (Adguard AdBlocker) - C:\Users\David\AppData\Roaming\Opera Software\Opera Stable\Extensions\bopfaehpakahokaelnomggbohfbimcia [2014-11-30]
OPR Extension: (Adblock Plus) - C:\Users\David\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2014-11-29]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-28] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [954648 2014-11-29] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2014-11-28] ()
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.06.11\AsusFanControlService.exe [394040 2014-11-29] (ASUSTeK Computer Inc.)
R2 AsusGameFirstService; C:\Program Files (x86)\ASUS\ROG Game First III\AsusGameFirstService.exe [347960 2014-10-27] (ASUSTeK)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-11-28] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-11-28] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [614624 2014-11-25] (Futuremark)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-04-03] (Intel Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5429520 2015-01-30] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WUAUCLT; C:\Users\David\AppData\Roaming\nssm.exe [294912 2014-06-29] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14848 2012-03-22] (ASUSTek Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-01-28] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2014-11-29] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2014-11-29] (MCCI Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-11-29] (Disc Soft Ltd)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [487704 2014-03-14] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-05-28] (Intel Corporation)
R4 IOMap; C:\Windows\system32\drivers\IOMap64.sys [24824 2014-11-29] (ASUSTeK Computer Inc.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
S3 mirror; C:\Windows\System32\DRIVERS\mirror.sys [14648 2013-06-03] (Windows (R) Win 7 DDK provider)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R1 NFC_Driver; C:\Windows\System32\drivers\NFC_Driver.sys [48336 2014-03-27] (Titan ARC Corp.)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-03-11] ()
S3 ASFLTDrv.sys; \??\C:\Program Files (x86)\ASUSTek Computer Inc\Disk Unlocker\ASFLTDrv64.sys [X]
S3 cpuz134; \??\C:\Users\David\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S4 NVHDA; system32\drivers\nvhda64v.sys [X]
S3 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S1 VDiskBus; system32\DRIVERS\VDiskBus64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-11 22:09 - 2015-02-11 22:09 - 00016888 _____ () C:\Users\David\Desktop\FRST.txt
2015-02-11 22:01 - 2015-02-11 22:01 - 02134016 _____ (Farbar) C:\Users\David\Desktop\FRST64.exe
2015-02-11 22:01 - 2015-02-11 22:01 - 00112640 _____ (forum.viry.cz) C:\Users\David\Desktop\FRSTLauncher.exe
2015-02-11 21:20 - 2015-02-11 21:20 - 00000000 ____D () C:\Windows\LastGood
2015-02-11 21:04 - 2015-02-11 21:04 - 00000000 ____D () C:\rsit
2015-02-11 21:04 - 2015-02-11 21:04 - 00000000 ____D () C:\Program Files\trend micro
2015-02-11 21:03 - 2015-02-11 21:03 - 01222144 _____ () C:\Users\David\Desktop\RSITx64.exe
2015-02-11 20:54 - 2015-02-11 20:54 - 00522240 _____ (OldTimer Tools) C:\Users\David\Desktop\OTM.exe
2015-02-11 20:50 - 2015-02-11 21:09 - 00000000 ____D () C:\AdwCleaner
2015-02-11 20:50 - 2015-02-11 20:50 - 02112512 _____ () C:\Users\David\Desktop\adwcleaner_4.110.exe
2015-02-11 20:45 - 2015-02-11 22:09 - 00000000 ____D () C:\FRST
2015-02-11 20:28 - 2015-02-11 20:28 - 00007615 _____ () C:\Users\David\AppData\Local\Resmon.ResmonCfg
2015-02-10 17:47 - 2015-02-10 17:47 - 00000960 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wolfenstein The New Order.lnk
2015-02-10 17:47 - 2015-02-10 17:47 - 00000948 _____ () C:\Users\Public\Desktop\Wolfenstein The New Order.lnk
2015-02-10 17:38 - 2015-02-10 17:51 - 00000000 ____D () C:\Program Files (x86)\Wolfenstein The New Order
2015-02-10 17:38 - 2015-02-10 17:38 - 00000000 ____D () C:\Users\David\AppData\Roaming\WinUpdate
2015-02-08 18:16 - 2015-02-08 18:16 - 00000000 ____D () C:\Users\David\Documents\NeocoreGames
2015-02-08 10:53 - 2015-02-08 10:53 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2015-02-04 20:58 - 2015-02-04 20:58 - 00000971 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-01-18 19:35 - 2015-02-01 21:59 - 00000000 ____D () C:\Program Files (x86)\FastShare
2015-01-18 19:35 - 2015-01-18 19:35 - 00001107 _____ () C:\Users\Public\Desktop\FastShare.lnk
2015-01-18 19:35 - 2015-01-18 19:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastShare
2015-01-15 07:44 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-15 07:44 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-15 07:44 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-15 07:44 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-15 07:44 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-15 07:44 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-15 07:44 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-15 07:44 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-15 07:44 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-15 07:44 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-15 07:44 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-15 07:44 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-15 07:44 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-11 21:58 - 2014-11-28 22:54 - 02027364 _____ () C:\Windows\WindowsUpdate.log
2015-02-11 21:47 - 2014-11-30 09:36 - 00000952 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-11 21:22 - 2014-11-28 23:10 - 01562762 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-02-11 21:22 - 2009-07-14 16:18 - 00669920 _____ () C:\Windows\system32\perfh005.dat
2015-02-11 21:22 - 2009-07-14 16:18 - 00142078 _____ () C:\Windows\system32\perfc005.dat
2015-02-11 21:21 - 2009-07-14 06:13 - 01562762 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-11 21:20 - 2014-11-29 17:41 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-11 21:20 - 2009-07-14 05:51 - 00058655 _____ () C:\Windows\setupact.log
2015-02-11 21:19 - 2014-11-29 18:01 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-02-11 21:19 - 2014-11-29 18:01 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-02-11 21:19 - 2014-11-29 18:01 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-11 21:19 - 2014-11-29 18:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-02-11 21:19 - 2014-11-28 23:32 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 21:17 - 2009-07-14 05:45 - 00025424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-11 21:17 - 2009-07-14 05:45 - 00025424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-11 21:16 - 2014-11-28 23:32 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-11 21:15 - 2014-11-29 18:29 - 00000000 _____ () C:\Windows\Path.idx
2015-02-11 21:12 - 2014-11-29 20:02 - 00011752 _____ () C:\Windows\SysWOW64\Gms.log
2015-02-11 21:10 - 2014-11-30 09:36 - 00000948 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-11 21:10 - 2014-11-29 18:23 - 01048576 _____ () C:\Windows\PE_Rom.dll
2015-02-11 21:10 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-11 20:46 - 2014-11-29 18:19 - 00003830 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1417281542
2015-02-11 20:46 - 2014-11-29 18:18 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-02-11 20:41 - 2014-12-12 22:10 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-11 20:41 - 2014-12-10 17:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Futuremark
2015-02-11 20:41 - 2014-12-10 17:41 - 00000000 ____D () C:\Program Files\Futuremark
2015-02-11 20:41 - 2014-12-09 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Geeks3D
2015-02-11 20:41 - 2014-12-09 19:41 - 00000000 ____D () C:\Program Files (x86)\Geeks3D
2015-02-11 20:41 - 2014-11-29 18:25 - 00000000 ____D () C:\Users\David\AppData\Local\Akamai
2015-02-11 20:41 - 2014-11-28 23:41 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-11 20:41 - 2014-11-28 23:11 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-02-11 20:41 - 2014-11-28 23:07 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-02-11 20:41 - 2014-11-28 23:01 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-11 20:41 - 2014-11-28 22:55 - 00000000 ____D () C:\Users\David
2015-02-11 20:41 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\security
2015-02-11 20:41 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-11 20:41 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-02-11 20:40 - 2014-12-22 19:10 - 00000000 ____D () C:\Program Files (x86)\MSI Afterburner
2015-02-11 20:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2015-02-11 20:17 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-02-11 18:57 - 2014-11-30 19:32 - 00001120 _____ () C:\Users\David\AppData\Local\MRDownloader.nast
2015-02-11 18:04 - 2014-12-09 07:21 - 00003583 _____ () C:\Users\David\AppData\Local\MRDownloader.err
2015-02-10 19:13 - 2014-12-14 21:23 - 00002142 _____ () C:\Windows\MB.idx
2015-02-10 01:03 - 2014-12-23 09:58 - 00003022 _____ () C:\Windows\System32\Tasks\MSIAfterburner
2015-02-08 18:13 - 2014-11-29 19:41 - 00080383 _____ () C:\Windows\DirectX.log
2015-02-05 07:08 - 2014-11-28 23:17 - 00084992 _____ () C:\Users\David\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-05 07:08 - 2009-07-14 05:45 - 00346888 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-04 20:58 - 2014-12-10 17:59 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-02-04 07:42 - 2014-11-30 09:36 - 00003948 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-04 07:42 - 2014-11-30 09:36 - 00003696 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-02 20:27 - 2014-11-29 19:44 - 00000000 ____D () C:\Users\David\AppData\Local\JDownloader v2.0
2015-01-31 20:22 - 2014-12-02 20:05 - 00000000 ____D () C:\Program Files (x86)\RivaTuner Statistics Server
2015-01-28 19:49 - 2014-12-20 16:46 - 00000000 ____D () C:\Users\David\AppData\Local\Adobe
2015-01-28 19:48 - 2014-11-28 23:51 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-28 19:48 - 2014-11-28 23:51 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-25 10:57 - 2014-12-03 18:33 - 00001057 _____ () C:\Users\David\AppData\Roaming\vso_ts_preview.xml
2015-01-25 10:57 - 2014-12-03 18:33 - 00000000 ____D () C:\Users\David\AppData\Roaming\Vso
2015-01-24 22:44 - 2014-11-29 07:31 - 00001080 _____ () C:\Windows\system32\settingsbkup.sfm
2015-01-24 22:44 - 2014-11-29 07:31 - 00001080 _____ () C:\Windows\system32\settings.sfm
2015-01-23 20:31 - 2014-11-29 06:58 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-23 20:30 - 2014-11-29 06:58 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-01-23 20:30 - 2014-11-29 06:58 - 00000000 ____D () C:\Program Files\Java
2015-01-22 07:26 - 2014-12-06 13:32 - 00002252 ____H () C:\Users\David\Documents\Default.rdp
2015-01-22 07:26 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-01-20 20:03 - 2014-12-01 09:02 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-19 07:36 - 2009-07-14 06:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-15 19:24 - 2015-01-09 20:24 - 00000000 ____D () C:\Users\David\Documents\Bound by Flame

==================== Files in the root of some directories =======

2014-11-30 09:30 - 2014-05-24 20:09 - 0603763 ___SH () C:\Users\David\AppData\Roaming\libcurl-4.dll
2014-06-29 12:35 - 2014-06-29 12:35 - 0294912 ___SH () C:\Users\David\AppData\Roaming\nssm.exe
2014-11-30 09:30 - 2014-05-24 20:09 - 0042496 ___SH (Open Source Software community project) C:\Users\David\AppData\Roaming\pthreadGC2-w64.dll
2014-11-30 09:30 - 2014-05-24 20:09 - 0244224 ___SH () C:\Users\David\AppData\Roaming\SMSvcHost.exe
2014-12-03 18:33 - 2015-01-25 10:57 - 0001057 _____ () C:\Users\David\AppData\Roaming\vso_ts_preview.xml
2014-12-10 19:26 - 2015-01-04 11:54 - 2128896 _____ () C:\Users\David\AppData\Local\file__0.localstorage
2014-12-09 07:21 - 2015-02-11 18:04 - 0003583 _____ () C:\Users\David\AppData\Local\MRDownloader.err
2014-11-30 19:32 - 2015-02-11 18:57 - 0001120 _____ () C:\Users\David\AppData\Local\MRDownloader.nast
2015-02-11 20:28 - 2015-02-11 20:28 - 0007615 _____ () C:\Users\David\AppData\Local\Resmon.ResmonCfg

Some content of TEMP:
====================
C:\Users\David\AppData\Local\Temp\130617595786640696.exe
C:\Users\David\AppData\Local\Temp\13061759585073094597.exe
C:\Users\David\AppData\Local\Temp\ICReinstall_13061759585073094597.exe
C:\Users\David\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\David\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\David\AppData\Local\Temp\nvStInst.exe
C:\Users\David\AppData\Local\Temp\ose00000.exe
C:\Users\David\AppData\Local\Temp\ose00001.exe
C:\Users\David\AppData\Local\Temp\proxy_vole2511916500357065689.dll
C:\Users\David\AppData\Local\Temp\Quarantine.exe
C:\Users\David\AppData\Local\Temp\ReimagePackage.exe
C:\Users\David\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-03 14:53




===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:111.69 GB) (Free:14.99 GB) NTFS
Drive d: (F&G&Srl&T) (Fixed) (Total:1862.89 GB) (Free:137 GB) NTFS

Available physical RAM: 4946.01 MB
Total physical RAM: 8134.89 MB
Percentage of memory in use: 39%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: C7A465DC)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 00000000)

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\David\Desktop" je 37 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Addition.rar

(7.77 KiB) Staženo 62 x

[altrok]

• Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
• ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
• znovu spustte FRST a kliknete na Fix
• po restartu na Vas vyskoci fixlog (pripadne bude ulozen na Plose), jehoz obsah mi vlozte do pristi odpovedi

  Kód: Vybrat vše

  Start
  CloseProcesses:
  HKU\S-1-5-21-706506168-2176113910-744449165-1000\...\Run: [Akamai NetSession Interface] => C:\Users\David\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
  HKU\S-1-5-21-706506168-2176113910-744449165-1000\...\Run: [Windows Drivers] => C:\Users\David\AppData\Roaming\WinUpdate\c\windrv.exe [6144 2014-04-29] (Microsoft)
  SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
  SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
  SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
  FF Plugin: @microsoft.com/GENUINE -> disabled No File
  FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
  R2 WUAUCLT; C:\Users\David\AppData\Roaming\nssm.exe [294912 2014-06-29] () [File not signed]
  S3 cpuz134; \??\C:\Users\David\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
  S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
  S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
  2015-02-11 22:01 - 2015-02-11 22:01 - 00112640 _____ (forum.viry.cz) C:\Users\David\Desktop\FRSTLauncher.exe
  2015-02-11 21:04 - 2015-02-11 21:04 - 00000000 ____D () C:\rsit
  2015-02-11 21:04 - 2015-02-11 21:04 - 00000000 ____D () C:\Program Files\trend micro
  2015-02-11 21:03 - 2015-02-11 21:03 - 01222144 _____ () C:\Users\David\Desktop\RSITx64.exe
  2015-02-11 20:54 - 2015-02-11 20:54 - 00522240 _____ (OldTimer Tools) C:\Users\David\Desktop\OTM.exe
  2015-02-11 20:50 - 2015-02-11 21:09 - 00000000 ____D () C:\AdwCleaner
  2015-02-11 20:50 - 2015-02-11 20:50 - 02112512 _____ () C:\Users\David\Desktop\adwcleaner_4.110.exe
  2015-02-10 17:38 - 2015-02-10 17:38 - 00000000 ____D () C:\Users\David\AppData\Roaming\WinUpdate
  2015-02-11 20:41 - 2014-11-29 18:25 - 00000000 ____D () C:\Users\David\AppData\Local\Akamai
  2014-06-29 12:35 - 2014-06-29 12:35 - 0294912 ___SH () C:\Users\David\AppData\Roaming\nssm.exe
  Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  2014-11-30 09:30 - 2014-05-24 20:09 - 00244224 ___SH () C:\Users\David\AppData\Roaming\SMSvcHost.exe
  2014-11-30 09:30 - 2014-05-24 20:09 - 00603763 ___SH () C:\Users\David\AppData\Roaming\libcurl-4.dll
  Hosts:
  EmptyTemp:
  End
  

[doctord]

Přikládám

Po restartu mi vyskočila tato okna





Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-02-2015 02
Ran by David at 2015-02-12 07:10:29 Run:1
Running from C:\Users\David\Desktop
Loaded Profiles: David (Available profiles: David)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
HKU\S-1-5-21-706506168-2176113910-744449165-1000\...\Run: [Akamai NetSession Interface] => C:\Users\David\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-706506168-2176113910-744449165-1000\...\Run: [Windows Drivers] => C:\Users\David\AppData\Roaming\WinUpdate\c\windrv.exe [6144 2014-04-29] (Microsoft)
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
R2 WUAUCLT; C:\Users\David\AppData\Roaming\nssm.exe [294912 2014-06-29] () [File not signed]
S3 cpuz134; \??\C:\Users\David\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
2015-02-11 22:01 - 2015-02-11 22:01 - 00112640 _____ (forum.viry.cz) C:\Users\David\Desktop\FRSTLauncher.exe
2015-02-11 21:04 - 2015-02-11 21:04 - 00000000 ____D () C:\rsit
2015-02-11 21:04 - 2015-02-11 21:04 - 00000000 ____D () C:\Program Files\trend micro
2015-02-11 21:03 - 2015-02-11 21:03 - 01222144 _____ () C:\Users\David\Desktop\RSITx64.exe
2015-02-11 20:54 - 2015-02-11 20:54 - 00522240 _____ (OldTimer Tools) C:\Users\David\Desktop\OTM.exe
2015-02-11 20:50 - 2015-02-11 21:09 - 00000000 ____D () C:\AdwCleaner
2015-02-11 20:50 - 2015-02-11 20:50 - 02112512 _____ () C:\Users\David\Desktop\adwcleaner_4.110.exe
2015-02-10 17:38 - 2015-02-10 17:38 - 00000000 ____D () C:\Users\David\AppData\Roaming\WinUpdate
2015-02-11 20:41 - 2014-11-29 18:25 - 00000000 ____D () C:\Users\David\AppData\Local\Akamai
2014-06-29 12:35 - 2014-06-29 12:35 - 0294912 ___SH () C:\Users\David\AppData\Roaming\nssm.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
2014-11-30 09:30 - 2014-05-24 20:09 - 00244224 ___SH () C:\Users\David\AppData\Roaming\SMSvcHost.exe
2014-11-30 09:30 - 2014-05-24 20:09 - 00603763 ___SH () C:\Users\David\AppData\Roaming\libcurl-4.dll
Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
HKU\S-1-5-21-706506168-2176113910-744449165-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface => value deleted successfully.
HKU\S-1-5-21-706506168-2176113910-744449165-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Drivers => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
WUAUCLT => Service deleted successfully.
cpuz134 => Service deleted successfully.
cpuz136 => Service deleted successfully.
GPUZ => Service deleted successfully.
C:\Users\David\Desktop\FRSTLauncher.exe => Moved successfully.
C:\rsit => Moved successfully.
C:\Program Files\trend micro => Moved successfully.
C:\Users\David\Desktop\RSITx64.exe => Moved successfully.
C:\Users\David\Desktop\OTM.exe => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\Users\David\Desktop\adwcleaner_4.110.exe => Moved successfully.
C:\Users\David\AppData\Roaming\WinUpdate => Moved successfully.
C:\Users\David\AppData\Local\Akamai => Moved successfully.
C:\Users\David\AppData\Roaming\nssm.exe => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Users\David\AppData\Roaming\SMSvcHost.exe => Moved successfully.
C:\Users\David\AppData\Roaming\libcurl-4.dll => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 2.1 GB temporary data.


The system needed a reboot.

==== End of Fixlog 07:10:38 ====

[altrok]

Hlasky vyskakuji i po dalsich restartech?

Nainstalujte MBAM a udelejte vlastni sken vsech disku - http://forum.viry.cz/viewtopic.php?f=29&t=137928

• Upozorneni: tento sken zabere od 30 minut po nekolik hodin

[doctord]

Hlášky vyskočí vždy po restartu.

Scan jsem nechal provést (log přikládám)

Kód: Vybrat vše

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 12.2.2015
Čas skenování: 18:30:40
Protokol: log.txt
Správce: Ano

Verze: 2.00.4.1028
Databáze malwaru: v2015.02.12.04
Databáze rootkitů: v2015.02.03.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Sebeobrany: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: David

Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 540648
Uplynulý čas: 43 min, 33 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Žádné zákerné zjištěny položek)

Moduly: 0
(Žádné zákerné zjištěny položek)

Klíče registru: 0
(Žádné zákerné zjištěny položek)

Hodnoty registru: 0
(Žádné zákerné zjištěny položek)

Data registru: 0
(Žádné zákerné zjištěny položek)

Složky: 0
(Žádné zákerné zjištěny položek)

Soubory: 5
PUP.Optional.OpenCandy, D:\Tools\_-_First_-_\DTLite4491-0356.exe, Žádná akce od uživatele, [a8ecfe1f0585d56134fd32b18c79ea16], 
Trojan.Miner, C:\FRST\Quarantine\C\Users\David\AppData\Roaming\WinUpdate\c\libcurl-4.dll, Do karantény, [b6de30edc7c37fb7dae071620bf7b848], 
PUP.BitCoinMiner, C:\FRST\Quarantine\C\Users\David\AppData\Roaming\WinUpdate\c\winlog.exe, Do karantény, [494b57c6fc8e270f946543f1a95840c0], 
PUP.BitCoinMiner, C:\FRST\Quarantine\C\Users\David\AppData\Roaming\WinUpdate\g\winlog.exe, Do karantény, [662ee23b167449eda8ec0f53c43de21e], 
PUP.Optional.OpenCandy, D:\Tools\_-_Programs_-_\DTLite4413-0173.exe, Do karantény, [8410110cf298c86ee051766d3dc81ae6], 

Fyzické sektory: 0
(Žádné zákerné zjištěny položek)


(end)

[altrok]

Toto jsou neskodne nalezy - netreba zadne akce.

Dejte nove logy FRST.txt a prilozte i Addition.txt - pri druhem a dalsim spusteni je nutne explicitne zatrhnout moznost Addition, aby se Addition.txt vytvoril http://forum.viry.cz/viewtopic.php?f=30&t=133101

[doctord]

Dávám log i soubor

Addition.rar

(7.38 KiB) Staženo 60 x

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-02-2015 02
Ran by David (administrator) on DAVID-PC on 12-02-2015 19:46:07
Running from C:\Users\David\Desktop
Loaded Profiles: David (Available profiles: David)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
() C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe
() C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.06.11\AsusFanControlService.exe
(ASUSTeK) C:\Program Files (x86)\ASUS\ROG Game First III\AsusGameFirstService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNoticeMonitor.exe
() C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotify_PCCtrl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
(PC Partner Co.Ltd) C:\Program Files (x86)\ZotacFireStorm\FireStorm.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTxfispi.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
() C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe
() C:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer.exe
() C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe
() C:\Program Files (x86)\ASUS\AI Suite III\AsusMiniBar.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [293872 2014-11-29] (Intel Corporation)
HKLM-x32\...\Run: [CTxfiHlp] => CTXFIHLP.EXE
HKLM-x32\...\Run: [FireStormStartUpAutoRun] => C:\Program Files (x86)\ZotacFireStorm\FireStorm.exe [24276992 2014-11-04] (PC Partner Co.Ltd)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-11-28] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-706506168-2176113910-744449165-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com/support/Download/1/ ... rK4LaT/30/
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwar ... PIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwar ... /CTPID.cab
Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

Chrome:
=======
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-30]
CHR Extension: (HD for YouTube™) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjbfncbadcmnkopckegnmjgihagponf [2014-11-30]
CHR Extension: (Dokumenty Google) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-30]
CHR Extension: (Disk Google) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-30]
CHR Extension: (YouTube) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-30]
CHR Extension: (Adblock Plus) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-11]
CHR Extension: (Vyhledávání Google) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-30]
CHR Extension: (Tabulky Google) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-30]
CHR Extension: (AdBlock) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-11-30]
CHR Extension: (Peněženka Google) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-30]
CHR Extension: (Gmail) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-30]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [Not Found]

Opera:
=======
OPR Extension: (Adguard AdBlocker) - C:\Users\David\AppData\Roaming\Opera Software\Opera Stable\Extensions\bopfaehpakahokaelnomggbohfbimcia [2014-11-30]
OPR Extension: (Adblock Plus) - C:\Users\David\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2014-11-29]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-28] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [954648 2014-11-29] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2014-11-28] ()
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.06.11\AsusFanControlService.exe [394040 2014-11-29] (ASUSTeK Computer Inc.)
R2 AsusGameFirstService; C:\Program Files (x86)\ASUS\ROG Game First III\AsusGameFirstService.exe [347960 2014-10-27] (ASUSTeK)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-11-28] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-11-28] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [614624 2014-11-25] (Futuremark)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-04-03] (Intel Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-09] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14848 2012-03-22] (ASUSTek Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-01-28] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2014-11-29] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2014-11-29] (MCCI Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-11-29] (Disc Soft Ltd)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [487704 2014-03-14] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-05-28] (Intel Corporation)
R4 IOMap; C:\Windows\system32\drivers\IOMap64.sys [24824 2014-11-29] (ASUSTeK Computer Inc.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
S3 mirror; C:\Windows\System32\DRIVERS\mirror.sys [14648 2013-06-03] (Windows (R) Win 7 DDK provider)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R1 NFC_Driver; C:\Windows\System32\drivers\NFC_Driver.sys [48336 2014-03-27] (Titan ARC Corp.)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-03-11] ()
S3 ASFLTDrv.sys; \??\C:\Program Files (x86)\ASUSTek Computer Inc\Disk Unlocker\ASFLTDrv64.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S4 NVHDA; system32\drivers\nvhda64v.sys [X]
S3 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S1 VDiskBus; system32\DRIVERS\VDiskBus64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-12 19:46 - 2015-02-12 19:46 - 00013860 _____ () C:\Users\David\Desktop\FRST.txt
2015-02-12 18:29 - 2015-02-12 18:29 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-12 18:29 - 2015-02-12 18:29 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-12 18:29 - 2015-02-12 18:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-12 18:29 - 2015-02-12 18:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-12 18:29 - 2015-02-12 18:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-12 18:29 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-12 18:29 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-12 18:29 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-12 18:28 - 2015-02-12 18:29 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\David\Desktop\mbam-setup-2.0.4.1028.exe
2015-02-12 07:38 - 2015-02-12 07:38 - 00000912 _____ () C:\Users\David\Desktop\Harry potter – zástupce.lnk
2015-02-12 07:10 - 2015-02-12 07:10 - 00029696 _____ () C:\Users\David\AppData\Local\MSGBOX.EXE
2015-02-12 07:10 - 2015-02-12 07:10 - 00015327 _____ () C:\Users\David\Desktop\LM.bat
2015-02-11 22:19 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-11 22:19 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-11 22:19 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-11 22:19 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 22:16 - 2014-11-29 18:09 - 00024824 _____ (ASUSTeK Computer Inc.) C:\Windows\system32\Drivers\IOMap64.sys
2015-02-11 22:11 - 2015-02-11 22:11 - 00007956 _____ () C:\Users\David\Desktop\Addition.rar
2015-02-11 22:01 - 2015-02-11 22:01 - 02134016 _____ (Farbar) C:\Users\David\Desktop\FRST64.exe
2015-02-11 20:58 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 20:58 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 20:58 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 20:58 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 20:58 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 20:58 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 20:58 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 20:58 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 20:58 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 20:58 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 20:58 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 20:58 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 20:58 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 20:58 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 20:58 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 20:58 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 20:58 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 20:58 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 20:58 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 20:58 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 20:58 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 20:58 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 20:58 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 20:58 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 20:58 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 20:58 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 20:58 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 20:58 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 20:58 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 20:58 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 20:58 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 20:58 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 20:58 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 20:58 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 20:58 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 20:58 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 20:58 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 20:58 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 20:58 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 20:58 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 20:58 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 20:58 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 20:58 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 20:58 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 20:58 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 20:58 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 20:58 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 20:58 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 20:58 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 20:58 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 20:58 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 20:58 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 20:58 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-11 20:58 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-11 20:58 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-11 20:58 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-11 20:52 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 20:52 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 20:52 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 20:52 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 20:52 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 20:52 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 20:52 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 20:52 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 20:51 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 20:51 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 20:51 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 20:51 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 20:51 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 20:51 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 20:51 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 20:51 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 20:51 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 20:51 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 20:51 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 20:51 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 20:51 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 20:51 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 20:46 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 20:46 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 20:46 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 20:46 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 20:46 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 20:46 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 20:46 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 20:46 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 20:46 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 20:46 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 20:46 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 20:46 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 20:46 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 20:46 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 20:46 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 20:46 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 20:46 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 20:46 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 20:46 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 20:46 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 20:46 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 20:46 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 20:46 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 20:46 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 20:46 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 20:46 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 20:46 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 20:46 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 20:46 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 20:46 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 20:46 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 20:46 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 20:46 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 20:46 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-11 20:46 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-11 20:46 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-11 20:46 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-11 20:45 - 2015-02-12 19:46 - 00000000 ____D () C:\FRST
2015-02-11 20:45 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 20:28 - 2015-02-11 20:28 - 00007615 _____ () C:\Users\David\AppData\Local\Resmon.ResmonCfg
2015-02-10 17:47 - 2015-02-10 17:47 - 00000960 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wolfenstein The New Order.lnk
2015-02-10 17:47 - 2015-02-10 17:47 - 00000948 _____ () C:\Users\Public\Desktop\Wolfenstein The New Order.lnk
2015-02-10 17:38 - 2015-02-10 17:51 - 00000000 ____D () C:\Program Files (x86)\Wolfenstein The New Order
2015-02-08 18:16 - 2015-02-08 18:16 - 00000000 ____D () C:\Users\David\Documents\NeocoreGames
2015-02-08 10:53 - 2015-02-08 10:53 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2015-02-04 20:58 - 2015-02-12 15:02 - 00000971 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-01-18 19:35 - 2015-02-01 21:59 - 00000000 ____D () C:\Program Files (x86)\FastShare
2015-01-18 19:35 - 2015-01-18 19:35 - 00001107 _____ () C:\Users\Public\Desktop\FastShare.lnk
2015-01-18 19:35 - 2015-01-18 19:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastShare
2015-01-15 07:44 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-15 07:44 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-15 07:44 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-15 07:44 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-15 07:44 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-15 07:44 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-12 19:32 - 2009-07-14 05:45 - 00025424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-12 19:32 - 2009-07-14 05:45 - 00025424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-12 19:30 - 2014-11-29 18:29 - 00000000 _____ () C:\Windows\Path.idx
2015-02-12 19:30 - 2009-07-14 16:18 - 00669920 _____ () C:\Windows\system32\perfh005.dat
2015-02-12 19:30 - 2009-07-14 16:18 - 00142078 _____ () C:\Windows\system32\perfc005.dat
2015-02-12 19:30 - 2009-07-14 06:13 - 01588048 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-12 19:28 - 2014-11-28 22:54 - 01100293 _____ () C:\Windows\WindowsUpdate.log
2015-02-12 19:27 - 2014-11-29 20:02 - 00006462 _____ () C:\Windows\SysWOW64\Gms.log
2015-02-12 19:25 - 2014-11-29 18:23 - 01048576 _____ () C:\Windows\PE_Rom.dll
2015-02-12 19:25 - 2014-11-28 23:29 - 00058196 _____ () C:\Windows\PFRO.log
2015-02-12 19:25 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-12 19:25 - 2009-07-14 05:51 - 00058935 _____ () C:\Windows\setupact.log
2015-02-12 19:24 - 2014-12-23 09:58 - 00003022 _____ () C:\Windows\System32\Tasks\MSIAfterburner
2015-02-12 15:02 - 2014-12-10 17:59 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-02-12 06:57 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-02-11 22:20 - 2014-11-28 23:10 - 01562762 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-02-11 22:15 - 2014-12-12 22:10 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-11 22:15 - 2014-11-28 23:41 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-11 22:15 - 2009-07-14 05:45 - 00346888 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-11 22:15 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-11 21:20 - 2014-11-29 17:41 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-11 21:19 - 2014-11-29 18:01 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-02-11 21:19 - 2014-11-29 18:01 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-02-11 21:19 - 2014-11-29 18:01 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-11 21:19 - 2014-11-29 18:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-02-11 21:19 - 2014-11-28 23:32 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 21:16 - 2014-11-28 23:32 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-11 20:46 - 2014-11-29 18:19 - 00003830 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1417281542
2015-02-11 20:46 - 2014-11-29 18:18 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-02-11 20:41 - 2014-12-10 17:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Futuremark
2015-02-11 20:41 - 2014-12-10 17:41 - 00000000 ____D () C:\Program Files\Futuremark
2015-02-11 20:41 - 2014-12-09 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Geeks3D
2015-02-11 20:41 - 2014-12-09 19:41 - 00000000 ____D () C:\Program Files (x86)\Geeks3D
2015-02-11 20:41 - 2014-11-28 23:11 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-02-11 20:41 - 2014-11-28 23:07 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-02-11 20:41 - 2014-11-28 23:01 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-11 20:41 - 2014-11-28 22:55 - 00000000 ____D () C:\Users\David
2015-02-11 20:41 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\security
2015-02-11 20:41 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-02-11 20:40 - 2014-12-22 19:10 - 00000000 ____D () C:\Program Files (x86)\MSI Afterburner
2015-02-11 20:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2015-02-11 20:17 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-02-11 18:57 - 2014-11-30 19:32 - 00001120 _____ () C:\Users\David\AppData\Local\MRDownloader.nast
2015-02-11 18:04 - 2014-12-09 07:21 - 00003583 _____ () C:\Users\David\AppData\Local\MRDownloader.err
2015-02-10 19:13 - 2014-12-14 21:23 - 00002142 _____ () C:\Windows\MB.idx
2015-02-08 18:13 - 2014-11-29 19:41 - 00080383 _____ () C:\Windows\DirectX.log
2015-02-05 07:08 - 2014-11-28 23:17 - 00084992 _____ () C:\Users\David\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-04 07:42 - 2014-11-30 09:36 - 00003948 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-04 07:42 - 2014-11-30 09:36 - 00003696 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-02 20:27 - 2014-11-29 19:44 - 00000000 ____D () C:\Users\David\AppData\Local\JDownloader v2.0
2015-01-31 20:22 - 2014-12-02 20:05 - 00000000 ____D () C:\Program Files (x86)\RivaTuner Statistics Server
2015-01-28 19:49 - 2014-12-20 16:46 - 00000000 ____D () C:\Users\David\AppData\Local\Adobe
2015-01-28 19:48 - 2014-11-28 23:51 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-28 19:48 - 2014-11-28 23:51 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-25 10:57 - 2014-12-03 18:33 - 00001057 _____ () C:\Users\David\AppData\Roaming\vso_ts_preview.xml
2015-01-25 10:57 - 2014-12-03 18:33 - 00000000 ____D () C:\Users\David\AppData\Roaming\Vso
2015-01-24 22:44 - 2014-11-29 07:31 - 00001080 _____ () C:\Windows\system32\settingsbkup.sfm
2015-01-24 22:44 - 2014-11-29 07:31 - 00001080 _____ () C:\Windows\system32\settings.sfm
2015-01-23 20:31 - 2014-11-29 06:58 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-23 20:30 - 2014-11-29 06:58 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-01-23 20:30 - 2014-11-29 06:58 - 00000000 ____D () C:\Program Files\Java
2015-01-22 07:26 - 2014-12-06 13:32 - 00002252 ____H () C:\Users\David\Documents\Default.rdp
2015-01-22 07:26 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-01-20 20:03 - 2014-12-01 09:02 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-19 07:36 - 2009-07-14 06:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-15 19:24 - 2015-01-09 20:24 - 00000000 ____D () C:\Users\David\Documents\Bound by Flame

==================== Files in the root of some directories =======

2014-11-30 09:30 - 2014-05-24 20:09 - 0042496 ___SH (Open Source Software community project) C:\Users\David\AppData\Roaming\pthreadGC2-w64.dll
2014-12-03 18:33 - 2015-01-25 10:57 - 0001057 _____ () C:\Users\David\AppData\Roaming\vso_ts_preview.xml
2014-12-10 19:26 - 2015-01-04 11:54 - 2128896 _____ () C:\Users\David\AppData\Local\file__0.localstorage
2014-12-09 07:21 - 2015-02-11 18:04 - 0003583 _____ () C:\Users\David\AppData\Local\MRDownloader.err
2014-11-30 19:32 - 2015-02-11 18:57 - 0001120 _____ () C:\Users\David\AppData\Local\MRDownloader.nast
2015-02-12 07:10 - 2015-02-12 07:10 - 0029696 _____ () C:\Users\David\AppData\Local\MSGBOX.EXE
2015-02-11 20:28 - 2015-02-11 20:28 - 0007615 _____ () C:\Users\David\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-03 14:53

==================== End Of Log ============================

[altrok]

• Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
• ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
• znovu spustte FRST a kliknete na Fix
• po restartu na Vas vyskoci fixlog (pripadne bude ulozen na Plose), jehoz obsah mi vlozte do pristi odpovedi

  Kód: Vybrat vše

  Start
  CloseProcesses:
  Task: {11A95A16-BF7A-474D-B21C-EAD5E8787232} - System32\Tasks\ASUS\i-Setup185308 => C:\Windows\MEI-Win7-8-8-1_VER10001204\AsusSetup.exe [2014-11-29] (ASUSTeK Computer Inc.)
  Task: {69F6CA60-863B-44F6-B30F-EEB5A45B7EE1} - System32\Tasks\ASUS\i-Setup060636 => C:\Windows\Install\AsusSetup.exe [2014-11-28] (ASUSTeK Computer Inc.)
  EmptyTemp:
  End
  

[doctord]

Po restartu již nevyskakují chyby.
Vytížení procesoru stejné.
Po spuštění Chrome se snaží vždy po tomto procesu instalovat addblock(nebo něco podobného),což dřív nedělalo.

Kód: Vybrat vše

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-02-2015 02
Ran by David at 2015-02-12 19:54:13 Run:2
Running from C:\Users\David\Desktop
Loaded Profiles: David (Available profiles: David)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
Task: {11A95A16-BF7A-474D-B21C-EAD5E8787232} - System32\Tasks\ASUS\i-Setup185308 => C:\Windows\MEI-Win7-8-8-1_VER10001204\AsusSetup.exe [2014-11-29] (ASUSTeK Computer Inc.)
Task: {69F6CA60-863B-44F6-B30F-EEB5A45B7EE1} - System32\Tasks\ASUS\i-Setup060636 => C:\Windows\Install\AsusSetup.exe [2014-11-28] (ASUSTeK Computer Inc.)
EmptyTemp:
End
*****************

Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{11A95A16-BF7A-474D-B21C-EAD5E8787232}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11A95A16-BF7A-474D-B21C-EAD5E8787232}" => Key deleted successfully.
C:\Windows\System32\Tasks\ASUS\i-Setup185308 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS\i-Setup185308" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{69F6CA60-863B-44F6-B30F-EEB5A45B7EE1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{69F6CA60-863B-44F6-B30F-EEB5A45B7EE1}" => Key deleted successfully.
C:\Windows\System32\Tasks\ASUS\i-Setup060636 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS\i-Setup060636" => Key deleted successfully.
EmptyTemp: => Removed 65.8 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 19:54:18 ====

[altrok]

Vytížení procesoru stejné.

Mate na mysli stale 25%? Jake 3 procesy procesor vytezuji nejvic?

Po spuštění Chrome se snaží vždy po tomto procesu instalovat addblock(nebo něco podobného),což dřív nedělalo.

Pri aplikovani fixlistu se vzdy smaze i historie a cache prohlizecu, takze prvni spusteni muze trvat dele, pripadne vykazovat neobvykle chovani.

[doctord]

Vytížení je 95% jako Nečinné procesy systému, paměť na 25kB.

[altrok]

Necinne procesy = rezerva systemu... jedna se o volne prostredky, ktere jeste mohou byt vyuzivany.

Z toho plyne, ze celkove vytizeni procesoru Vaseho PC je 5 %. BitCoin miner byl smazan, tezko rict jestli to pro Vas melo vychovny efekt, ze se cracky nevyplati stahovat (BitCoin miner je seno... pockejte az narazite na nejaky kryptovir, ktery Vam nenavratne zasifruje vsechny soubory na disku ), takze jeste uklidime.

• Stahnete a spustte DelFix - https://toolslib.net/downloads/viewdownload/2-delfix/
• Oznacte jen moznost "Remove disinfection tools"
• kliknete na Run

A pokud nejsou dotazy ci jine problemy, je to ode mne vse.

[doctord]

Děkuji za pomoc.
Vyzkouším, jelikož tento stav vytížení procesoru jsem měl už i předtím resp. ony nečinné procesy, ale procesor opravdu jen na max.
Projedu tento příspěvek ještě jednou a zkusím to pochopit.

Ještě jednou díky, crack je jasná příčina...je mi to jasné!