Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

(po)infekční preventivka

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
NoR
Návštěvník
Návštěvník
Příspěvky: 51
Registrován: 19 led 2012 17:18

(po)infekční preventivka

#1 Příspěvek od NoR »

Ahoj, chtěl bych vás poprosit o kontrolu logu a případnou pomoc. Při spuštění utorrent clienta mi Avast zahlásil Win32:Dropper-gen [Drp] v souboru utorrent.exe a přesunul ho do truhly, což není úplně ideální stav,
protože ho teď nemůžu spustit. Na druhou stranu mít tady nějakého šmejda není taky žádná výhra... tak předem děkuju za ochotu. :)


Logfile of random's system information tool 1.10 (written by random/random)
Run by resiczek at 2015-04-01 23:33:26
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 196 GB (27%) free of 715 GB
Total RAM: 5996 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:33:27, on 1.4.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17496)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\SafeQ\SafeQ_cli.exe
C:\Users\resiczek\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\resiczek.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {31264a33-a653-46c4-af49-1232c59a7da5} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: BS Player ControlBar B - {31264a33-a653-46c4-af49-1232c59a7da5} - (no file)
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {31264a33-a653-46c4-af49-1232c59a7da5} - (no file)
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [SafeQClient] C:\Program Files (x86)\SafeQ\SafeQ_cli.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [OscarEditor] "C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe" Minimum
O4 - HKCU\..\Run: [NIRegistrationWizard] C:\Program Files (x86)\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe -autoDiscover 1 -displayIfNoneFound 0 -displayRegisterOptions 1 -sleepIfNoneFound 0 -locale 1029
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = resiczek\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: NI Error Reporting (64-bit).lnk = C:\Program Files\National Instruments\Shared\NI Error Reporting\nierserver.exe
O4 - Global Startup: NI Error Reporting.lnk = C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe
O4 - Global Startup: vpngui.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\national instruments\shared\mdns responder\nimdnsnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Sentinel LDK License Manager (hasplms) - Unknown owner - C:\Windows\system32\hasplms.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NI Citadel 4 Service (LkCitadelServer) - National Instruments, Inc. - C:\Windows\SysWOW64\lkcitdl.exe
O23 - Service: NI PSP Service Locator (lkClassAds) - National Instruments Corporation - C:\Windows\SysWOW64\lkads.exe
O23 - Service: NI Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\Windows\SysWOW64\lktsrv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NI Application Web Server (NIApplicationWebServer) - National Instruments Corporation - C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
O23 - Service: NI Authentication Service (niauth) - National Instruments Corporation - C:\Program Files (x86)\National Instruments\Shared\niauth\niauth_daemon.exe
O23 - Service: NI Domain Service (NIDomainService) - National Instruments Corporation - C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NI License Server (NILM License Manager) - Macrovision Corporation - C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI mDNS Responder Service (nimDNSResponder) - National Instruments Corporation - C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
O23 - Service: NI Network Discovery (NINetworkDiscovery) - National Instruments Corporation - C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe
O23 - Service: NI Service Locator (NiSvcLoc) - National Instruments Corporation - C:\Program Files (x86)\National Instruments\Shared\niSvcLoc\nisvcloc.exe
O23 - Service: NI System Web Server (NISystemWebServer) - National Instruments Corporation - C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
O23 - Service: NI Variable Engine (NITaggerService) - National Instruments Corporation - C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: OpcEnum - OPC Foundation - C:\Windows\SysWOW64\Opcenum.exe
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: PandoraService (PanService) - Pandora.TV - C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Toolbar Service (TBSrv) - ClientConnect Ltd. - C:\Program Files (x86)\Tbccint\ToolbarService\ToolbarService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14897 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Bluetooth Suite\adminservice.exe"
"C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe" /service
"C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe"
"C:\Program Files (x86)\Launch Manager\dsiwmis.exe"
"C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe"
"C:\Program Files (x86)\Launch Manager\LMutilps32.exe" --system-level-mutex="Local\{B904A927-FE6B-48fd-8C83-6B807BED1F9C}" --enable-wmi-window
C:\Windows\system32\hasplms.exe -run
C:\Windows\SysWOW64\lkads.exe
"C:\Program Files (x86)\National Instruments\MAX\nimxs.exe"
"C:\Program Files (x86)\National Instruments\Shared\niauth\niauth_daemon.exe" -start
"C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe"
"C:\Program Files (x86)\National Instruments\Shared\niSvcLoc\nisvcloc.exe" -s
"C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" nss 2f592fc6-c605-4c3d-99f7-bd729ba70620 1
\??\C:\Windows\system32\conhost.exe "1326728572-1642860175-55422365520786072021713216871-193607754-5012868041801228008
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" serviceapp
\??\C:\Windows\system32\conhost.exe "-763498323-965088115-1896627666-501690672-19792672548839012412074400745-712521535
"C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Tbccint\ToolbarService\ToolbarService.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\lkcitdl.exe
C:\Windows\SysWOW64\lktsrv.exe
"C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe"
"C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe" -system
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
"C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
"C:\Program Files\National Instruments\Shared\NI Error Reporting\nierserver.exe"
"C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe" -user
NIWebServiceContainer.exe {AB9C43DC-9DC8-43DC-96AF-6E8CCCC9F98E} 3428 784 21
"C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe"
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
NIWebServiceContainer.exe {B9A106FD-61C5-4904-9940-62489B3358FC} 4512 800 21
NIWebServiceContainer.exe {012557BC-8E0C-4582-9F12-5B65F8D32A1E} 3428 836 21
"C:\Program Files (x86)\SafeQ\SafeQ_cli.exe"
"C:\Users\resiczek\AppData\Roaming\Dropbox\bin\Dropbox.exe" /systemstartup
NIWebServiceContainer.exe {0F3DEF4E-EA06-40B9-828C-37CEB7AAEB4C} 3428 852 21
"C:\Program Files (x86)\Launch Manager\LManager.exe"
NIWebServiceContainer.exe {B9649DBF-D552-4D2B-BE29-3D1F031A5873} 3428 864 21
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe"
"C:\Program Files (x86)\Launch Manager\LMworker.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe -Embedding
ngservice.exe pipeserver
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe"
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="6584.0.2067217102\2028988438" --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,18,40 --gpu-vendor-id=0x8086 --gpu-device-id=0x0116 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=9.17.10.3347 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/CTRequiredForEVTrial/RequirementEnforced/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group3 pct:10c stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/NewProfileManagement/Enabled/OmniboxBundledExperimentV1/StandardR4/PasswordGeneration/Disabled/QUIC/NoIdForLargePopulation/RememberCertificateErrorDecisions/Default/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_38/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_03/UMA-Uniformity-Trial-50-Percent/group_01/UwSInterstitialStatus/On/VoiceTrigger/Install/WebRTC-IPv6Default/Disabled/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --font-cache-shared-mem-suffix=6584 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --channel="6584.2.1049934760\252719876" /prefetch:673131151

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/CTRequiredForEVTrial/RequirementEnforced/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group3 pct:10c stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/NewProfileManagement/Enabled/OmniboxBundledExperimentV1/StandardR4/PasswordGeneration/Disabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/QUIC/NoIdForLargePopulation/RememberCertificateErrorDecisions/Default/SHA1ToolbarUIJanuary2017/HTTP/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_38/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_03/UMA-Uniformity-Trial-50-Percent/group_01/UwSInterstitialStatus/On/VoiceTrigger/Install/WebRTC-IPv6Default/Disabled/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --font-cache-shared-mem-suffix=6584 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --channel="6584.29.446000348\1951216777" /prefetch:673131151
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-359787e8-3c82-4c02-94ca-3d339fde39d9 -SystemEventPortName:HostProcess-2133f154-647a-40b5-83b2-baa3140a2ac8 -IoCancelEventPortName:HostProcess-ee39c467-cba3-450b-98b2-5a2d839e88ba -NonStateChangingEventPortName:HostProcess-6d91d726-657d-4999-ba34-6ad31d51ef35 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:614bc068-d6a0-4cbd-9b10-f44207f345d4 -DeviceGroupId:WpdFsGroup
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/CTRequiredForEVTrial/RequirementEnforced/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group3 pct:10c stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/NewProfileManagement/Enabled/OmniboxBundledExperimentV1/StandardR4/PasswordGeneration/Disabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/QUIC/NoIdForLargePopulation/RememberCertificateErrorDecisions/Default/SHA1ToolbarUIJanuary2017/HTTP/SHA1ToolbarUIJune2016/Warning/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_38/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_03/UMA-Uniformity-Trial-50-Percent/group_01/UwSInterstitialStatus/On/VoiceTrigger/Install/WebRTC-IPv6Default/Disabled/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --font-cache-shared-mem-suffix=6584 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --channel="6584.86.1188523056\2052600450" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="6584.87.1978986186\286508468" --ppapi-flash-args=enable_hw_video_decode=1 --lang=cs --ignored=" --type=renderer " /prefetch:-632637702
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/CTRequiredForEVTrial/RequirementEnforced/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group3 pct:10c stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/NewProfileManagement/Enabled/OmniboxBundledExperimentV1/StandardR4/PasswordGeneration/Disabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/QUIC/NoIdForLargePopulation/RememberCertificateErrorDecisions/Default/SHA1ToolbarUIJanuary2017/HTTP/SHA1ToolbarUIJune2016/Warning/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_38/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_03/UMA-Uniformity-Trial-50-Percent/group_01/UwSInterstitialStatus/On/VoiceTrigger/Install/WebRTC-IPv6Default/Disabled/" --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --font-cache-shared-mem-suffix=6584 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --channel="6584.165.1650581394\1848070730" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/CTRequiredForEVTrial/RequirementEnforced/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group3 pct:10c stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/NewProfileManagement/Enabled/OmniboxBundledExperimentV1/StandardR4/PasswordGeneration/Disabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/QUIC/NoIdForLargePopulation/RememberCertificateErrorDecisions/Default/SHA1ToolbarUIJanuary2017/HTTP/SHA1ToolbarUIJune2016/Warning/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_38/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_03/UMA-Uniformity-Trial-50-Percent/group_01/UwSInterstitialStatus/On/VoiceTrigger/Install/WebRTC-IPv6Default/Disabled/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --font-cache-shared-mem-suffix=6584 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --channel="6584.171.1148430710\1962843284" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/CTRequiredForEVTrial/RequirementEnforced/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group3 pct:10c stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/NewProfileManagement/Enabled/OmniboxBundledExperimentV1/StandardR4/PasswordGeneration/Disabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/QUIC/NoIdForLargePopulation/RememberCertificateErrorDecisions/Default/SHA1ToolbarUIJanuary2017/HTTP/SHA1ToolbarUIJune2016/Warning/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_38/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_03/UMA-Uniformity-Trial-50-Percent/group_01/UwSInterstitialStatus/On/VoiceTrigger/Install/WebRTC-IPv6Default/Disabled/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --font-cache-shared-mem-suffix=6584 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --channel="6584.174.1063841632\192213813" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/CTRequiredForEVTrial/RequirementEnforced/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group3 pct:10c stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/NewProfileManagement/Enabled/OmniboxBundledExperimentV1/StandardR4/PasswordGeneration/Disabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/QUIC/NoIdForLargePopulation/RememberCertificateErrorDecisions/Default/SHA1ToolbarUIJanuary2017/HTTP/SHA1ToolbarUIJune2016/Warning/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_38/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_03/UMA-Uniformity-Trial-50-Percent/group_01/UwSInterstitialStatus/On/VoiceTrigger/Install/WebRTC-IPv6Default/Disabled/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --font-cache-shared-mem-suffix=6584 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --channel="6584.177.1444370621\453731581" /prefetch:673131151
"C:\Users\resiczek\Desktop\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Users\resiczek\AppData\Roaming\Mozilla\Firefox\Profiles\tharto48.default

prefs.js - "browser.startup.homepage" - "https://www.seznam.cz/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@esn/npbattlelog,version=2.6.2]
"Description"=
"Path"=C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.31.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0]
"Description"=Microsoft Lync Plug-in for Firefox
"Path"=C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@esn/npbattlelog,version=2.6.2]
"Description"=
"Path"=C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll


C:\Program Files (x86)\Mozilla Firefox\plugins\
nplv2012win32.dll
nplv2013win32.dll
nplv2014win32.dll
nplv2014win64.dll

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-02-10 218776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-12-19 705448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-02-10 886488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-02-10 2334928]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31264a33-a653-46c4-af49-1232c59a7da5}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-02-10 153248]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-03-01 460712]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}]
CIESpeechBHO Class - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-01-20 60576]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-12-19 586968]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-02-10 710864]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-02-10 1729744]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-03-01 172968]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{31264a33-a653-46c4-af49-1232c59a7da5}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2014-01-30 171992]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2014-01-30 399832]
"Persistence"=C:\Windows\system32\igfxpers.exe [2014-01-30 442328]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2014-12-13 2531472]
"ShadowPlay"=C:\Windows\system32\nvspcap64.dll [2014-12-13 2824504]
"AtherosBtStack"=C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [2011-01-20 615584]
"AthBtTray"=C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [2011-01-20 379552]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OscarEditor"=C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe [2010-07-22 2636800]
"NIRegistrationWizard"=C:\Program Files (x86)\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe [2013-04-19 847000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AshSnap]
C:\Program Files (x86)\Ashampoo\Ashampoo Snap 7\ashsnap.exe [2014-11-27 5729112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2014-03-04 3696912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamePark klient 2.lnk]
C:\PROGRA~1\GAMEPA~1\gpcl.exe [2011-07-29 442880]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2015-03-30 5227648]
"NUSB3MON"=C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [2000-01-01 113288]
"SafeQClient"=C:\Program Files (x86)\SafeQ\SafeQ_cli.exe [2014-08-22 493056]
"LManager"=C:\Program Files (x86)\Launch Manager\LManager.exe [2014-12-20 1103440]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-12-17 508800]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
NI Error Reporting (64-bit).lnk - C:\Program Files\National Instruments\Shared\NI Error Reporting\nierserver.exe
NI Error Reporting.lnk - C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe
vpngui.exe.lnk - C:\Windows\Installer\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\Icon09DB8A851.exe

C:\Users\resiczek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\resiczek\AppData\Roaming\Dropbox\bin\Dropbox.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\Windows\system32\nvinitx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2014-01-30 442880]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"mixer3"=wdmaud.drv
"midi3"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2015-03-29 17:43:13 ----D---- C:\Program Files (x86)\WinSCP
2015-03-29 15:34:52 ----D---- C:\Users\resiczek\AppData\Roaming\PSpad
2015-03-29 15:34:26 ----D---- C:\Program Files (x86)\PSPad editor
2015-03-27 23:00:50 ----D---- C:\Program Files (x86)\Statgraphics
2015-03-27 22:02:47 ----D---- C:\Users\resiczek\AppData\Roaming\uTorrent
2015-03-27 20:21:23 ----D---- C:\Program Files (x86)\DAMN NFO Viewer
2015-03-21 18:25:07 ----A---- C:\Windows\system32\drivers\VBoxDrv.sys
2015-03-21 18:24:58 ----A---- C:\Windows\system32\drivers\VBoxUSBMon.sys
2015-03-21 18:24:56 ----DC---- C:\Windows\system32\DRVSTORE
2015-03-21 18:24:52 ----D---- C:\Program Files\Oracle
2015-03-20 12:28:11 ----SHD---- C:\Windows\SYSWOW64\AI_RecycleBin
2015-03-20 12:27:53 ----D---- C:\ProgramData\JKI
2015-03-20 12:27:53 ----D---- C:\Program Files (x86)\JKI
2015-03-20 12:15:48 ----D---- C:\Windows\system32\cvirte
2015-03-20 12:15:44 ----D---- C:\Windows\SYSWOW64\cvirte
2015-03-20 12:15:05 ----D---- C:\Program Files\National Instruments
2015-03-20 11:30:38 ----D---- C:\ProgramData\National Instruments
2015-03-20 11:29:24 ----D---- C:\National Instruments Downloads
2015-03-16 18:56:43 ----D---- C:\Windows\SYSWOW64\RTCOM
2015-03-16 18:56:43 ----D---- C:\Program Files\Realtek
2015-03-16 18:55:59 ----A---- C:\Windows\system32\YamahaAE.dll
2015-03-16 18:55:59 ----A---- C:\Windows\system32\WavesGUILib64.dll
2015-03-16 18:55:59 ----A---- C:\Windows\system32\tossaeapo64.dll
2015-03-16 18:55:59 ----A---- C:\Windows\system32\toseaeapo64.dll
2015-03-16 18:55:59 ----A---- C:\Windows\system32\tosasfapo64.dll
2015-03-16 18:55:59 ----A---- C:\Windows\system32\tosade.dll
2015-03-16 18:55:59 ----A---- C:\Windows\system32\tepeqapo64.dll
2015-03-16 18:55:59 ----A---- C:\Windows\system32\tadefxapo264.dll
2015-03-16 18:55:59 ----A---- C:\Windows\system32\tadefxapo.dll
2015-03-16 18:55:59 ----A---- C:\Windows\system32\SRSWOW64.dll
2015-03-16 18:55:58 ----A---- C:\Windows\system32\SRSTSX64.dll
2015-03-16 18:55:58 ----A---- C:\Windows\system32\SRSTSH64.dll
2015-03-16 18:55:58 ----A---- C:\Windows\system32\SRSHP64.dll
2015-03-16 18:55:57 ----A---- C:\Windows\SYSWOW64\SRCOM.dll
2015-03-16 18:55:57 ----A---- C:\Windows\SYSWOW64\SFCOM.dll
2015-03-16 18:55:57 ----A---- C:\Windows\system32\SRRPTR64.dll
2015-03-16 18:55:57 ----A---- C:\Windows\system32\SRCOM64.dll
2015-03-16 18:55:57 ----A---- C:\Windows\system32\SRCOM.dll
2015-03-16 18:55:57 ----A---- C:\Windows\system32\SRAPO64.dll
2015-03-16 18:55:57 ----A---- C:\Windows\system32\sltech64.dll
2015-03-16 18:55:57 ----A---- C:\Windows\system32\slprp64.dll
2015-03-16 18:55:57 ----A---- C:\Windows\system32\slcnt64.dll
2015-03-16 18:55:57 ----A---- C:\Windows\system32\sl3apo64.dll
2015-03-16 18:55:57 ----A---- C:\Windows\system32\SFSS_APO.dll
2015-03-16 18:55:57 ----A---- C:\Windows\system32\SFNHK64.dll
2015-03-16 18:55:57 ----A---- C:\Windows\system32\SFCOM64.dll
2015-03-16 18:55:57 ----A---- C:\Windows\system32\SFAPO64.dll
2015-03-16 18:55:57 ----A---- C:\Windows\system32\drivers\rtvienna.dat
2015-03-16 18:55:56 ----A---- C:\Windows\system32\RtPgEx64.dll
2015-03-16 18:55:56 ----A---- C:\Windows\system32\RtlCPAPI64.dll
2015-03-16 18:55:56 ----A---- C:\Windows\system32\RtkCoLDR64.dll
2015-03-16 18:55:56 ----A---- C:\Windows\system32\RtkCfg64.dll
2015-03-16 18:55:56 ----A---- C:\Windows\system32\RtkApi64.dll
2015-03-16 18:55:56 ----A---- C:\Windows\system32\RTEEP64A.dll
2015-03-16 18:55:56 ----A---- C:\Windows\system32\RTEEL64A.dll
2015-03-16 18:55:56 ----A---- C:\Windows\system32\RTEEG64A.dll
2015-03-16 18:55:56 ----A---- C:\Windows\system32\RTEED64A.dll
2015-03-16 18:55:56 ----A---- C:\Windows\system32\RtDataProc64.dll
2015-03-16 18:55:56 ----A---- C:\Windows\system32\drivers\RTKVHD64.sys
2015-03-16 18:55:55 ----A---- C:\Windows\system32\RTCOM64.dll
2015-03-16 18:55:55 ----A---- C:\Windows\system32\RP3DHT64.dll
2015-03-16 18:55:55 ----A---- C:\Windows\system32\RP3DAA64.dll
2015-03-16 18:55:55 ----A---- C:\Windows\system32\RltkAPO64.dll
2015-03-16 18:55:55 ----A---- C:\Windows\system32\RCoRes64.dat
2015-03-16 18:55:55 ----A---- C:\Windows\system32\RCoInstII64.dll
2015-03-16 18:55:55 ----A---- C:\Windows\system32\drivers\RTAIODAT.DAT
2015-03-16 18:55:54 ----A---- C:\Windows\system32\R4EEP64A.dll
2015-03-16 18:55:54 ----A---- C:\Windows\system32\R4EEL64A.dll
2015-03-16 18:55:54 ----A---- C:\Windows\system32\R4EEG64A.dll
2015-03-16 18:55:54 ----A---- C:\Windows\system32\R4EED64A.dll
2015-03-16 18:55:54 ----A---- C:\Windows\system32\R4EEA64A.dll
2015-03-16 18:55:54 ----A---- C:\Windows\system32\NahimicAPONSControl.dll
2015-03-16 18:55:54 ----A---- C:\Windows\system32\NAHIMICAPOlfx.dll
2015-03-16 18:55:54 ----A---- C:\Windows\system32\MISS_APO.dll
2015-03-16 18:55:53 ----A---- C:\Windows\system32\MaxxVolumeSDAPO.dll
2015-03-16 18:55:53 ----A---- C:\Windows\system32\MaxxVoiceAPO3064.dll
2015-03-16 18:55:53 ----A---- C:\Windows\system32\MaxxVoiceAPO2064.dll
2015-03-16 18:55:53 ----A---- C:\Windows\system32\MaxxSpeechAPO64.dll
2015-03-16 18:55:52 ----A---- C:\Windows\system32\MaxxAudioRealtek64.dll
2015-03-16 18:55:52 ----A---- C:\Windows\system32\MaxxAudioEQ64.dll
2015-03-16 18:55:52 ----A---- C:\Windows\system32\MaxxAudioAPOShell64.dll
2015-03-16 18:55:52 ----A---- C:\Windows\system32\MaxxAudioAPO6064.dll
2015-03-16 18:55:52 ----A---- C:\Windows\system32\MaxxAudioAPO5064.dll
2015-03-16 18:55:52 ----A---- C:\Windows\system32\MaxxAudioAPO4064.dll
2015-03-16 18:55:52 ----A---- C:\Windows\system32\MaxxAudioAPO30.dll
2015-03-16 18:55:52 ----A---- C:\Windows\system32\MaxxAudioAPO20.dll
2015-03-16 18:55:51 ----A---- C:\Windows\system32\KAAPORT64.dll
2015-03-16 18:55:51 ----A---- C:\Windows\system32\ICEsoundAPO64.dll
2015-03-16 18:55:50 ----A---- C:\Windows\system32\FMAPO64.dll
2015-03-16 18:55:50 ----A---- C:\Windows\system32\DTSVoiceClarityDLL64.dll
2015-03-16 18:55:50 ----A---- C:\Windows\system32\DTSU2PREC64.dll
2015-03-16 18:55:50 ----A---- C:\Windows\system32\DTSU2PLFX64.dll
2015-03-16 18:55:50 ----A---- C:\Windows\system32\DTSU2PGFX64.dll
2015-03-16 18:55:50 ----A---- C:\Windows\system32\DTSSymmetryDLL64.dll
2015-03-16 18:55:50 ----A---- C:\Windows\system32\DTSS2SpeakerDLL64.dll
2015-03-16 18:55:50 ----A---- C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2015-03-16 18:55:50 ----A---- C:\Windows\system32\DTSNeoPCDLL64.dll
2015-03-16 18:55:50 ----A---- C:\Windows\system32\DTSLimiterDLL64.dll
2015-03-16 18:55:50 ----A---- C:\Windows\system32\DTSLFXAPO64.dll
2015-03-16 18:55:50 ----A---- C:\Windows\system32\DTSGFXAPONS64.dll
2015-03-16 18:55:50 ----A---- C:\Windows\system32\DTSGFXAPO64.dll
2015-03-16 18:55:50 ----A---- C:\Windows\system32\DTSGainCompensatorDLL64.dll
2015-03-16 18:55:50 ----A---- C:\Windows\system32\DTSBoostDLL64.dll
2015-03-16 18:55:50 ----A---- C:\Windows\system32\DTSBassEnhancementDLL64.dll
2015-03-16 18:55:49 ----D---- C:\Program Files (x86)\Realtek
2015-03-16 18:55:49 ----A---- C:\Windows\system32\DDPP64A.dll
2015-03-16 18:55:49 ----A---- C:\Windows\system32\DDPO64A.dll
2015-03-16 18:55:49 ----A---- C:\Windows\system32\DDPD64A.dll
2015-03-16 18:55:49 ----A---- C:\Windows\system32\DDPA64.dll
2015-03-16 18:55:49 ----A---- C:\Windows\system32\CX64APO.dll
2015-03-16 18:55:49 ----A---- C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2015-03-16 18:55:49 ----A---- C:\Windows\system32\audioLibVc.dll
2015-03-16 18:55:49 ----A---- C:\Windows\system32\AERTAR64.dll
2015-03-16 18:55:49 ----A---- C:\Windows\system32\AERTAC64.dll
2015-03-16 18:55:49 ----A---- C:\Windows\system32\AcpiServiceVnA64.dll
2015-03-16 18:55:29 ----A---- C:\Windows\RtlExUpd.dll
2015-03-16 18:54:34 ----D---- C:\ProgramData\SlimWare Utilities, Inc
2015-03-16 18:48:19 ----D---- C:\ProgramData\DriverGenius
2015-03-16 18:48:07 ----D---- C:\Program Files (x86)\Driver-Soft
2015-03-16 18:35:46 ----A---- C:\Windows\system32\VBoxNetFltNobj.dll
2015-03-16 18:35:46 ----A---- C:\Windows\system32\drivers\VBoxUSB.sys
2015-03-16 18:35:46 ----A---- C:\Windows\system32\drivers\VBoxNetFlt.sys
2015-03-16 18:35:46 ----A---- C:\Windows\system32\drivers\VBoxNetAdp.sys
2015-03-09 15:51:59 ----D---- C:\ProgramData\SafeNet Sentinel
2015-03-09 15:51:59 ----AD---- C:\ProgramData\Metrino
2015-03-09 15:50:24 ----A---- C:\Windows\system32\drivers\aksdf.sys
2015-03-09 15:50:21 ----A---- C:\Windows\system32\hasplms.exe
2015-03-09 15:50:21 ----A---- C:\Windows\system32\aksllmtp.exe
2015-03-09 15:50:20 ----A---- C:\Windows\system32\drivers\aksfridge.sys
2015-03-09 15:50:17 ----A---- C:\Windows\system32\drivers\hardlock.sys
2015-03-09 15:50:11 ----A---- C:\Windows\SYSWOW64\hlvdd.dll
2015-03-09 15:48:45 ----D---- C:\Program Files (x86)\National Instruments
2015-03-09 15:48:43 ----D---- C:\ProgramData\Exfo
2015-03-09 15:48:43 ----D---- C:\Program Files (x86)\EXFO
2015-03-09 15:48:43 ----D---- C:\Program Files (x86)\Business Objects
2015-03-06 23:47:13 ----D---- C:\Program Files (x86)\PANDORA.TV
2015-03-06 23:46:49 ----D---- C:\Program Files (x86)\The KMPlayer
2015-03-06 19:33:43 ----D---- C:\Users\resiczek\AppData\Roaming\cYo
2015-03-06 19:31:13 ----D---- C:\Program Files\ComicRack
2015-03-02 21:28:34 ----D---- C:\Users\resiczek\AppData\Roaming\LibreOffice
2015-03-02 21:25:28 ----D---- C:\Program Files (x86)\LibreOffice 4

======List of files/folders modified in the last 1 month======

2015-04-01 23:33:26 ----D---- C:\Program Files\trend micro
2015-04-01 21:16:38 ----D---- C:\Windows\Temp
2015-04-01 21:02:35 ----D---- C:\Windows\System32
2015-04-01 21:02:35 ----D---- C:\Windows\inf
2015-04-01 21:02:35 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-04-01 20:42:58 ----D---- C:\Windows\system32\config
2015-04-01 20:02:55 ----D---- C:\Users\resiczek\AppData\Roaming\Dropbox
2015-04-01 19:07:52 ----D---- C:\Windows
2015-04-01 15:12:36 ----D---- C:\Program Files (x86)\Steam
2015-04-01 14:33:22 ----D---- C:\Users\resiczek\AppData\Roaming\DAEMON Tools Lite
2015-04-01 14:32:57 ----D---- C:\Windows\Logs
2015-04-01 14:26:35 ----D---- C:\Windows\Prefetch
2015-03-30 12:45:47 ----D---- C:\Windows\system32\catroot2
2015-03-29 17:43:13 ----RD---- C:\Program Files (x86)
2015-03-27 23:01:25 ----SHD---- C:\Windows\Installer
2015-03-27 23:01:08 ----D---- C:\Windows\SysWOW64
2015-03-27 23:00:26 ----SHD---- C:\System Volume Information
2015-03-27 22:54:34 ----D---- C:\Users\resiczek\AppData\Roaming\deluge
2015-03-26 23:22:24 ----D---- C:\Program Files (x86)\Mozilla Firefox
2015-03-23 14:29:59 ----D---- C:\Windows\system32\Tasks
2015-03-22 13:10:35 ----D---- C:\Windows\system32\drivers
2015-03-21 18:25:23 ----D---- C:\Windows\system32\DriverStore
2015-03-21 18:25:23 ----D---- C:\Windows\system32\catroot
2015-03-21 18:24:52 ----RD---- C:\Program Files
2015-03-20 12:49:59 ----RSD---- C:\Windows\assembly
2015-03-20 12:27:53 ----AHD---- C:\ProgramData
2015-03-20 12:27:14 ----D---- C:\Program Files (x86)\Common Files
2015-03-20 12:17:22 ----D---- C:\Windows\winsxs
2015-03-20 12:16:40 ----D---- C:\Program Files (x86)\Internet Explorer
2015-03-16 19:01:00 ----D---- C:\Windows\Tasks
2015-03-16 18:57:18 ----HD---- C:\Program Files (x86)\Temp
2015-03-16 18:55:47 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2015-03-13 10:37:08 ----D---- C:\Windows\Microsoft.NET
2015-03-13 10:32:52 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2015-03-13 10:30:48 ----D---- C:\Program Files\Microsoft Office 15
2015-03-09 15:53:29 ----SD---- C:\Users\resiczek\AppData\Roaming\Microsoft
2015-03-09 15:50:28 ----D---- C:\Windows\system32\Setup
2015-03-09 15:49:31 ----RSD---- C:\Windows\Fonts
2015-03-09 00:35:13 ----D---- C:\Windows\system32\wdi
2015-03-08 17:36:56 ----D---- C:\Windows\system32\FxsTmp
2015-03-05 19:21:28 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2014-12-19 65776]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2014-12-19 267632]
R0 iaStorA;iaStorA; C:\Windows\system32\DRIVERS\iaStorA.sys [2014-04-24 633704]
R0 iaStorF;iaStorF; C:\Windows\system32\DRIVERS\iaStorF.sys [2014-04-24 28008]
R0 nvpciflt;nvpciflt; C:\Windows\system32\DRIVERS\nvpciflt.sys [2014-12-13 31376]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2014-12-19 93568]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2014-12-19 1050432]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2014-12-19 436624]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2014-12-20 283064]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver; \??\C:\Windows\system32\drivers\HWiNFO64A.SYS [2014-12-20 26528]
R1 VBoxDrv;VirtualBox Service; C:\Windows\system32\DRIVERS\VBoxDrv.sys [2015-03-16 922704]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [2015-03-16 128592]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aksdf;aksdf; \??\C:\Windows\system32\drivers\aksdf.sys [2013-08-01 91784]
R2 aksfridge;aksfridge; \??\C:\Windows\system32\drivers\aksfridge.sys [2013-08-01 140736]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2014-12-19 29208]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2014-12-19 83280]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2014-12-19 116728]
R2 hardlock;hardlock; \??\C:\Windows\system32\drivers\hardlock.sys [2013-08-01 331328]
R2 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2013-03-01 36600]
R2 VBoxAswDrv;VBoxAsw Support Driver; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2014-12-19 271752]
R3 athr;Qualcomm Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2014-07-22 4059136]
R3 b57xdbd;Broadcom xD Picture Bus Driver Service; C:\Windows\system32\DRIVERS\b57xdbd.sys [2012-08-13 72280]
R3 b57xdmp;Broadcom xD Picture vstorp client drv; C:\Windows\system32\DRIVERS\b57xdmp.sys [2012-08-13 21080]
R3 bScsiMSa;bScsiMSa; C:\Windows\system32\DRIVERS\bScsiMSa.sys [2013-07-23 59088]
R3 bScsiSDa;bScsiSDa; C:\Windows\system32\DRIVERS\bScsiSDa.sys [2014-01-10 82128]
R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus; C:\Windows\system32\DRIVERS\btath_bus.sys [2014-06-30 30848]
R3 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\Windows\system32\Drivers\CVPNDRVA.sys [2011-03-04 306536]
R3 DNE;Deterministic Network Enhancer Miniport; C:\Windows\system32\DRIVERS\dne64x.sys [2008-11-16 157968]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2014-01-30 5363200]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2000-01-01 4263128]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2014-09-26 454416]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60a.sys [2013-10-29 458960]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys [2012-08-27 107912]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys [2012-08-27 226696]
R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-12-13 19600]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2014-11-22 38032]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2015-03-16 141440]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [2015-03-16 156360]
S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class; C:\Windows\system32\DRIVERS\btath_flt.sys [2014-07-15 86144]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver; C:\Windows\system32\drivers\btath_a2dp.sys [2014-07-15 335488]
S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service; C:\Windows\system32\drivers\btath_avdt.sys [2014-07-15 108672]
S3 BTATH_HCRP;Bluetooth HCRP Server driver; C:\Windows\system32\DRIVERS\btath_hcrp.sys [2011-01-20 201376]
S3 BTATH_LWFLT;Bluetooth LWFLT Device; C:\Windows\system32\DRIVERS\btath_lwflt.sys [2011-01-20 55456]
S3 BTATH_RCP;Bluetooth AVRCP Device; C:\Windows\system32\DRIVERS\btath_rcp.sys [2014-06-30 133760]
S3 BtFilter;BtFilter; C:\Windows\system32\DRIVERS\btfilter.sys [2014-08-28 599752]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 CVirtA;Cisco Systems VPN Adapter for 64-bit Windows; C:\Windows\system32\DRIVERS\CVirtA64.sys [2010-02-08 14992]
S3 DrvAgent64;DrvAgent64; \??\C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS [2014-12-20 21712]
S3 FairplayKD;FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys []
S3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2010-11-21 109056]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 VBoxUSB;VirtualBox USB; C:\Windows\System32\Drivers\VBoxUSB.sys [2015-03-16 116232]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-19 81088]
R2 AtherosSvc;AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [2011-01-20 76448]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-12-19 50344]
R2 ClickToRunSvc;Služba Microsoft Office ClickToRun; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2015-02-10 2714800]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe [2011-03-04 1529856]
R2 DsiWMIService;Dritek WMI Service; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2014-12-20 353360]
R2 GfExperienceService;NVIDIA GeForce Experience Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-12-13 1148560]
R2 hasplms;Sentinel LDK License Manager; C:\Windows\system32\hasplms.exe [2013-08-01 4609928]
R2 LkCitadelServer;NI Citadel 4 Service; C:\Windows\SysWOW64\lkcitdl.exe [2014-12-02 695136]
R2 lkClassAds;NI PSP Service Locator; C:\Windows\SysWOW64\lkads.exe [2014-06-09 53032]
R2 lkTimeSync;NI Time Synchronization; C:\Windows\SysWOW64\lktsrv.exe [2014-06-09 63280]
R2 mxssvr;NI Configuration Manager; C:\Program Files (x86)\National Instruments\MAX\nimxs.exe [2015-01-09 84792]
R2 NIApplicationWebServer;NI Application Web Server; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2014-11-21 57184]
R2 niauth;NI Authentication Service; C:\Program Files (x86)\National Instruments\Shared\niauth\niauth_daemon.exe [2014-10-23 569152]
R2 NIDomainService;NI Domain Service; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [2014-06-09 394544]
R2 nimDNSResponder;NI mDNS Responder Service; C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [2014-06-06 320368]
R2 NINetworkDiscovery;NI Network Discovery; C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [2014-06-20 177536]
R2 NiSvcLoc;NI Service Locator; C:\Program Files (x86)\National Instruments\Shared\niSvcLoc\nisvcloc.exe [2014-06-06 89928]
R2 NISystemWebServer;NI System Web Server; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [2014-11-21 57168]
R2 NITaggerService;NI Variable Engine; C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe [2014-06-10 692040]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-12-13 1701520]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-12-13 19823248]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2014-12-13 935240]
R2 PanService;PandoraService; C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [2011-12-21 578264]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2014-12-31 75136]
R2 TBSrv;Toolbar Service; C:\Program Files (x86)\Tbccint\ToolbarService\ToolbarService.exe [2014-09-30 350528]
R3 AvastVBoxSvc;AvastVBox COM Service; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2014-12-19 4012248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-12 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-19 116648]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2014-01-30 279000]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-19 116648]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-12-19 114688]
S3 NILM License Manager;NI License Server; C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [2010-08-02 1427688]
S3 OpcEnum;OpcEnum; C:\Windows\SysWOW64\Opcenum.exe [2013-05-21 172832]
S3 Origin Client Service;Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2014-12-28 1903472]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2014-12-13 150600]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2014-12-13 5132888]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files (x86)\WinPcap\rpcapd.exe [2013-03-01 118520]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2014-11-18 833728]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2014-12-19 1255736]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NIApplicationWebServer64;NI Application Web Server (64-bit); C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2014-11-21 80736]

-----------------EOF-----------------
Nahoru
altrok
Moderátor
Moderátor
Příspěvky: 7315
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: (po)infekční preventivka

#2 Příspěvek od altrok »

Zdravim :bye:


:arrow: Nedavna oficialni verze utorrentu obsahuje BitCoin miner.

:arrow: V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose).

:arrow: Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )
  • ukoncete vsechny programy
  • kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
  • kliknete na Scan, pote na Cleaning
  • po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner [Sx].txt), jehoz obsah mi zkopirujte do pristi odpovedi
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
NoR
Návštěvník
Návštěvník
Příspěvky: 51
Registrován: 19 led 2012 17:18

Re: (po)infekční preventivka

#3 Příspěvek od NoR »

Ahoj, o tom mineru jsem četl, je to od nich pěkný dáreček :roll: Ona ta pověst a kvalita utorrent upadá už docela dlouho, z toho důvodu jsem nějakou dobu používal Deluge a asi před týdnem jsem se rozhodl vyzkoušet utorrent ve verzi 2.2.1 (25534), protože se mi na některé trackery v deluge nepodařilo připojit. Jinak tu verzi 2.2.1 jsem stahoval z utorrent.cz ve víře, že by tam mohla být čistá, ale asi není... :boxed:

Tady je log (trochu zlobí diakritika):

# AdwCleaner v4.200 - Log vytvooen 02/04/2015 v 15:12:17
# Aktualizováno 29/03/2015 by Xplode
# Databáze : 2015-03-29.1 [Server]
# Operaení system : Windows 7 Home Premium Service Pack 1 (x64)
# Uživatelské jméno : resiczek - UNKNOWN
# Spuštino z : C:\Users\resiczek\Desktop\adwcleaner_4.200.exe
# Nastavení : Eištiní

***** [ Služby ] *****

[#] Služba Smazáno : PanService
[#] Služba Smazáno : TBSrv

***** [ Soubory / Složky ] *****

Složka Smazáno : C:\ProgramData\Tbccint
Složka Smazáno : C:\Program Files (x86)\eSupport.com
Složka Smazáno : C:\Program Files (x86)\Tbccint
Složka Smazáno : C:\Program Files (x86)\PANDORA.TV
Složka Smazáno : C:\Users\resiczek\AppData\Local\eSupport.com
Složka Smazáno : C:\Users\resiczek\AppData\Local\Tbccint
Složka Smazáno : C:\Users\resiczek\AppData\LocalLow\Tbccint
Složka Smazáno : C:\Users\resiczek\AppData\LocalLow\BS_Player_ControlBar_B
Soubor Smazáno : C:\END

***** [ Naplánované úlohy ] *****


***** [ Zástupci ] *****


***** [ Registry ] *****

Klíe Smazáno : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Klíe Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IECT3329621
Klíe Smazáno : HKLM\SOFTWARE\Classes\Toolbar.CT3329621
Klíe Smazáno : HKLM\SOFTWARE\Classes\CLSID\{3A1209A4-8568-40F0-9B5E-4A06A2A06417}
Klíe Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31264A33-A653-46C4-AF49-1232C59A7DA5}
Klíe Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3A1209A4-8568-40F0-9B5E-4A06A2A06417}
Hodnota Smazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{31264A33-A653-46C4-AF49-1232C59A7DA5}]
Hodnota Smazáno : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{31264A33-A653-46C4-AF49-1232C59A7DA5}]
Hodnota Smazáno : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{31264A33-A653-46C4-AF49-1232C59A7DA5}]
Hodnota Smazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{31264A33-A653-46C4-AF49-1232C59A7DA5}]
Klíe Smazáno : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Klíe Smazáno : HKCU\Software\Conduit
Klíe Smazáno : HKCU\Software\eSupport.com
Klíe Smazáno : HKCU\Software\Tbccint
Klíe Smazáno : HKCU\Software\Tbccint_HKLM
Klíe Smazáno : HKCU\Software\AppDataLow\Toolbar
Klíe Smazáno : HKCU\Software\AppDataLow\Software\Tbccint
Klíe Smazáno : HKCU\Software\AppDataLow\Software\BS_Player_ControlBar_B
Klíe Smazáno : HKLM\SOFTWARE\Conduit
Klíe Smazáno : HKLM\SOFTWARE\Driver-Soft

***** [ Prohlížeee ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v35.0.1 (x86 cs)


-\\ Google Chrome v41.0.2272.101

[C:\Users\resiczek\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Smazáno [Extension] : eofcbnmajmjmplflapaojjnihcjkigck

-\\ Chromium v


*************************

AdwCleaner[R0].txt - [3293 bytu] - [02/04/2015 15:11:21]
AdwCleaner[S0].txt - [3000 bytu] - [02/04/2015 15:12:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3058 bytu] ##########
Nahoru
altrok
Moderátor
Moderátor
Příspěvky: 7315
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: (po)infekční preventivka

#4 Příspěvek od altrok »

Torrenty v absolutni vetsine pripadu slouzi ke sdileni warezu, coz je v rozporu s pravidly fora a tudiz se k nim dale vyjadrovat nebudu.

O diakritice vime a opravena verze byla autorovi AdwCleaneru pred par dny zaslana - s dalsim updatem ocekavame zlepseni.


Dejte log FRST.txt, prilozte i Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
NoR
Návštěvník
Návštěvník
Příspěvky: 51
Registrován: 19 led 2012 17:18

Re: (po)infekční preventivka

#5 Příspěvek od NoR »

Chápu... :oops:

tady to je:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by resiczek (administrator) on UNKNOWN on 02-04-2015 16:02:49
Running from C:\Users\resiczek\Desktop
Loaded Profiles: resiczek (Available profiles: resiczek)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
() C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe
(National Instruments Corporation) C:\Program Files\National Instruments\Shared\NI Error Reporting\nierserver.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Dropbox, Inc.) C:\Users\resiczek\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(VŠB-TU Ostrava) C:\Program Files (x86)\SafeQ\SafeQ_cli.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(National Instruments Corporation) C:\Windows\SysWOW64\lkads.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\niauth\niauth_daemon.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\nisvcloc\nisvcloc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(National Instruments, Inc.) C:\Windows\SysWOW64\lkcitdl.exe
(National Instruments Corporation) C:\Windows\SysWOW64\lktsrv.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\resiczek\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [615584 2011-01-20] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-01-20] (Atheros Commnucations)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227648 2015-03-30] (AVAST Software)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2000-01-01] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [SafeQClient] => C:\Program Files (x86)\SafeQ\SafeQ_cli.exe [493056 2014-08-22] (VŠB-TU Ostrava)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2014-12-20] (Dritek System Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-57012456-698976538-1097888024-1000\...\Run: [OscarEditor] => C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe [2636800 2010-07-22] ()
HKU\S-1-5-21-57012456-698976538-1097888024-1000\...\Run: [NIRegistrationWizard] => C:\Program Files (x86)\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe [847000 2013-04-19] ()
HKU\S-1-5-21-57012456-698976538-1097888024-1000\...\MountPoints2: {c9f0139d-87d4-11e4-8f2c-ec55f9300020} - F:\MafiaLauncher.EXE
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [178632 2014-12-13] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [165760 2014-12-13] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NI Error Reporting (64-bit).lnk
ShortcutTarget: NI Error Reporting (64-bit).lnk -> C:\Program Files\National Instruments\Shared\NI Error Reporting\nierserver.exe (National Instruments Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NI Error Reporting.lnk
ShortcutTarget: NI Error Reporting.lnk -> C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe (National Instruments Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\Icon09DB8A851.exe ()
Startup: C:\Users\resiczek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\resiczek\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\resiczek\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\resiczek\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\resiczek\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\resiczek\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\resiczek\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\resiczek\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\resiczek\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\resiczek\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\resiczek\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\resiczek\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\resiczek\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\resiczek\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\resiczek\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\resiczek\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\resiczek\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\resiczek\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-12-19] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-03-01] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-01-20] (Atheros Commnucations)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-12-19] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-03-01] (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Winsock: Catalog5 08 C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [26512] (National Instruments Corporation)
Winsock: Catalog5-x64 08 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [28560] (National Instruments Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\resiczek\AppData\Roaming\Mozilla\Firefox\Profiles\tharto48.default
FF Homepage: https://www.seznam.cz/
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-03-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-03-01] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-12-20] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-12-20] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2012win32.dll [2014-05-13] (National Instruments)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2013win32.dll [2014-04-02] (National Instruments)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2014win32.dll [2015-01-25] (National Instruments)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2014win64.dll [2014-08-29] ()
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-19]

Chrome:
=======
CHR HomePage: Default -> https://www.seznam.cz/
CHR StartupUrls: Default -> "https://www.seznam.cz/"
CHR Profile: C:\Users\resiczek\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\resiczek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-19]
CHR Extension: (Pulp Fiction) - C:\Users\resiczek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aekkjaiiepaconejahnnefpbocaagiml [2014-12-20]
CHR Extension: (BetterTTV) - C:\Users\resiczek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2014-12-19]
CHR Extension: (Google Docs) - C:\Users\resiczek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-19]
CHR Extension: (Google Drive) - C:\Users\resiczek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-19]
CHR Extension: (YouTube) - C:\Users\resiczek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-19]
CHR Extension: (Google Search) - C:\Users\resiczek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-19]
CHR Extension: (AdBlock) - C:\Users\resiczek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-12-19]
CHR Extension: (Better Battlelog (BBLog)) - C:\Users\resiczek\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjlfnjepjdmlppapoikepbaabbghofma [2014-12-31]
CHR Extension: (Google Wallet) - C:\Users\resiczek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-19]
CHR Extension: (Gmail) - C:\Users\resiczek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-19]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-19]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [76448 2011-01-20] (Atheros Commnucations) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-19] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-19] (Avast Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
R2 hasplms; C:\Windows\system32\hasplms.exe [4609928 2013-08-01] (SafeNet Inc.)
R2 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2014-12-02] (National Instruments, Inc.)
R2 lkClassAds; C:\Windows\SysWOW64\lkads.exe [53032 2014-06-09] (National Instruments Corporation)
R2 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [63280 2014-06-09] (National Instruments Corporation)
R2 mxssvr; C:\Program Files (x86)\National Instruments\MAX\nimxs.exe [84792 2015-01-09] (National Instruments Corporation)
R2 NIApplicationWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [57184 2014-11-21] (National Instruments Corporation)
S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [80736 2014-11-21] (National Instruments Corporation)
R2 niauth; C:\Program Files (x86)\National Instruments\Shared\niauth\niauth_daemon.exe [569152 2014-10-23] (National Instruments Corporation)
R2 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [394544 2014-06-09] (National Instruments Corporation)
S3 NILM License Manager; C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1427688 2010-08-02] (Macrovision Corporation)
R2 nimDNSResponder; C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [320368 2014-06-06] (National Instruments Corporation)
R2 NINetworkDiscovery; C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [177536 2014-06-20] (National Instruments Corporation)
R2 NiSvcLoc; C:\Program Files (x86)\National Instruments\Shared\niSvcLoc\nisvcloc.exe [89928 2014-06-06] (National Instruments Corporation)
R2 NISystemWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [57168 2014-11-21] (National Instruments Corporation)
R2 NITaggerService; C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe [692040 2014-06-10] (National Instruments Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-28] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-12-31] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-19] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-19] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-19] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-19] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-19] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-19] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-19] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-19] ()
S3 BTATH_A2DP; C:\Windows\System32\drivers\btath_a2dp.sys [335488 2014-07-15] (Qualcomm Atheros) [File not signed]
S3 btath_avdt; C:\Windows\System32\drivers\btath_avdt.sys [108672 2014-07-15] () [File not signed]
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-12-20] (Disc Soft Ltd)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [331328 2013-08-01] (SafeNet Inc.)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [26528 2014-12-20] (REALiX(tm))
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-04-24] (Intel Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-12-19] (Avast Software)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [116232 2015-03-16] (Oracle Corporation)
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-02 16:02 - 2015-04-02 16:03 - 00026709 _____ () C:\Users\resiczek\Desktop\FRST.txt
2015-04-02 16:02 - 2015-04-02 16:02 - 00000000 ____D () C:\FRST
2015-04-02 16:01 - 2015-04-02 16:01 - 02095616 _____ (Farbar) C:\Users\resiczek\Desktop\FRST64.exe
2015-04-02 16:00 - 2015-04-02 16:00 - 00112640 _____ (forum.viry.cz) C:\Users\resiczek\Desktop\FRSTLauncher.exe
2015-04-02 15:16 - 2015-04-02 15:16 - 00000197 _____ () C:\Windows\system32\2015-04-02-13-16-21.036-AvastVBoxSVC.exe-3100.log
2015-04-02 15:11 - 2015-04-02 15:12 - 00000000 ____D () C:\AdwCleaner
2015-04-02 15:10 - 2015-04-02 15:10 - 02208768 _____ () C:\Users\resiczek\Desktop\adwcleaner_4.200.exe
2015-04-02 13:31 - 2015-04-02 13:31 - 00000197 _____ () C:\Windows\system32\2015-04-02-11-31-57.066-AvastVBoxSVC.exe-3356.log
2015-04-02 08:58 - 2015-04-02 08:58 - 00000197 _____ () C:\Windows\system32\2015-04-02-06-58-51.033-AvastVBoxSVC.exe-4920.log
2015-04-01 20:04 - 2015-04-01 20:04 - 00000197 _____ () C:\Windows\system32\2015-04-01-18-04-48.073-AvastVBoxSVC.exe-6648.log
2015-04-01 19:07 - 2015-04-02 15:14 - 00000896 _____ () C:\Windows\setupact.log
2015-04-01 19:07 - 2015-04-01 19:07 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-01 14:24 - 2015-04-01 14:24 - 00000197 _____ () C:\Windows\system32\2015-04-01-12-24-38.023-AvastVBoxSVC.exe-6032.log
2015-04-01 13:28 - 2015-04-01 13:28 - 00000197 _____ () C:\Windows\system32\2015-04-01-11-28-23.074-AvastVBoxSVC.exe-5840.log
2015-04-01 12:50 - 2015-04-01 12:50 - 00000197 _____ () C:\Windows\system32\2015-04-01-10-50-00.045-AvastVBoxSVC.exe-5424.log
2015-03-31 14:54 - 2015-03-31 14:54 - 00000197 _____ () C:\Windows\system32\2015-03-31-12-54-35.042-AvastVBoxSVC.exe-3124.log
2015-03-31 13:33 - 2015-03-31 13:34 - 00000000 ____D () C:\Users\resiczek\Desktop\Nová složka
2015-03-31 13:32 - 2015-03-31 13:32 - 00000197 _____ () C:\Windows\system32\2015-03-31-11-32-10.056-AvastVBoxSVC.exe-3388.log
2015-03-30 12:47 - 2015-03-30 12:48 - 00000197 _____ () C:\Windows\system32\2015-03-30-10-47-42.030-AvastVBoxSVC.exe-5412.log
2015-03-30 08:30 - 2015-03-30 08:30 - 00000197 _____ () C:\Windows\system32\2015-03-30-06-30-28.005-AvastVBoxSVC.exe-5064.log
2015-03-29 18:45 - 2015-03-29 18:45 - 00762883 _____ () C:\Users\resiczek\Desktop\STA1 - Projekt ze statistiky. - 29.03.2015.rar
2015-03-29 18:45 - 2015-03-29 18:45 - 00568693 _____ () C:\Users\resiczek\Desktop\STA1 - STA - Exploratorní analýza dat - 29.03.2015.zip
2015-03-29 18:18 - 2015-03-29 18:22 - 925892608 _____ () C:\Users\resiczek\Desktop\ubuntu-13.10-desktop-amd64.iso
2015-03-29 18:17 - 2015-03-29 18:17 - 02560216 _____ () C:\Users\resiczek\Desktop\wubi.exe
2015-03-29 18:05 - 2015-04-01 15:14 - 00000600 _____ () C:\Users\resiczek\AppData\Roaming\winscp.rnd
2015-03-29 17:43 - 2015-03-29 17:43 - 00001033 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk
2015-03-29 17:43 - 2015-03-29 17:43 - 00000975 _____ () C:\Users\Public\Desktop\WinSCP.lnk
2015-03-29 17:43 - 2015-03-29 17:43 - 00000000 ____D () C:\Program Files (x86)\WinSCP
2015-03-29 15:34 - 2015-03-29 15:37 - 00000000 ____D () C:\Users\resiczek\AppData\Roaming\PSpad
2015-03-29 15:34 - 2015-03-29 15:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPad editor
2015-03-29 15:34 - 2015-03-29 15:34 - 00000000 ____D () C:\Program Files (x86)\PSPad editor
2015-03-29 14:03 - 2015-03-29 14:03 - 00000000 ____D () C:\Users\resiczek\Documents\sharedlinux
2015-03-29 10:12 - 2015-03-29 10:12 - 00000197 _____ () C:\Windows\system32\2015-03-29-08-12-02.083-AvastVBoxSVC.exe-4236.log
2015-03-28 10:09 - 2015-03-28 10:09 - 00000197 _____ () C:\Windows\system32\2015-03-28-08-09-10.054-AvastVBoxSVC.exe-828.log
2015-03-27 23:11 - 2015-03-29 00:03 - 00000000 ____D () C:\Users\resiczek\Documents\Torrentz - completed
2015-03-27 23:01 - 2015-03-27 23:01 - 00002214 _____ () C:\Users\Public\Desktop\Statgraphics.lnk
2015-03-27 23:01 - 2015-03-27 23:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Statgraphics Centurion XVI.II
2015-03-27 23:00 - 2015-03-27 23:00 - 00000000 ____D () C:\Program Files (x86)\Statgraphics
2015-03-27 22:54 - 2015-03-27 22:54 - 00000736 _____ () C:\Users\resiczek\AppData\Local\recently-used.xbel
2015-03-27 22:02 - 2015-04-02 14:18 - 00000000 ____D () C:\Users\resiczek\AppData\Roaming\uTorrent
2015-03-27 22:02 - 2015-03-27 22:02 - 00000958 _____ () C:\Users\resiczek\Desktop\µTorrent.lnk
2015-03-27 22:02 - 2015-03-27 22:02 - 00000000 ____D () C:\Users\resiczek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uTorrent
2015-03-27 20:21 - 2015-03-27 20:21 - 00000000 ____D () C:\Program Files (x86)\DAMN NFO Viewer
2015-03-27 17:01 - 2015-03-27 17:01 - 00000197 _____ () C:\Windows\system32\2015-03-27-15-01-21.065-AvastVBoxSVC.exe-4396.log
2015-03-27 10:41 - 2015-03-27 10:41 - 00000197 _____ () C:\Windows\system32\2015-03-27-08-41-36.058-AvastVBoxSVC.exe-5772.log
2015-03-26 08:32 - 2015-03-26 08:33 - 00000197 _____ () C:\Windows\system32\2015-03-26-06-32-48.040-AvastVBoxSVC.exe-2072.log
2015-03-25 21:04 - 2015-03-25 21:04 - 00027136 _____ () C:\Users\resiczek\Downloads\3DFF.tmp
2015-03-25 20:44 - 2015-03-25 20:44 - 00000197 _____ () C:\Windows\system32\2015-03-25-18-44-14.088-AvastVBoxSVC.exe-5172.log
2015-03-25 13:28 - 2015-03-25 13:28 - 00000197 _____ () C:\Windows\system32\2015-03-25-11-28-16.024-AvastVBoxSVC.exe-5964.log
2015-03-24 17:08 - 2015-03-24 17:08 - 00000197 _____ () C:\Windows\system32\2015-03-24-15-08-34.014-AvastVBoxSVC.exe-2068.log
2015-03-24 12:52 - 2015-03-24 12:52 - 00000197 _____ () C:\Windows\system32\2015-03-24-10-52-28.038-AvastVBoxSVC.exe-3856.log
2015-03-24 10:05 - 2015-03-24 10:05 - 00000197 _____ () C:\Windows\system32\2015-03-24-08-05-23.008-AvastVBoxSVC.exe-5740.log
2015-03-23 22:04 - 2015-03-23 22:14 - 00000000 ____D () C:\Users\resiczek\Desktop\23.3
2015-03-23 14:27 - 2015-03-23 14:27 - 00000197 _____ () C:\Windows\system32\2015-03-23-12-27-19.065-AvastVBoxSVC.exe-4936.log
2015-03-23 13:20 - 2015-03-23 13:20 - 00000197 _____ () C:\Windows\system32\2015-03-23-11-20-43.069-AvastVBoxSVC.exe-5136.log
2015-03-23 09:56 - 2015-03-23 09:56 - 00000197 _____ () C:\Windows\system32\2015-03-23-07-56-46.052-AvastVBoxSVC.exe-5404.log
2015-03-22 16:12 - 2015-03-22 16:12 - 00248506 _____ () C:\Users\resiczek\Desktop\EDA-data.xlsm
2015-03-22 12:03 - 2015-03-22 12:03 - 00000197 _____ () C:\Windows\system32\2015-03-22-10-03-31.049-AvastVBoxSVC.exe-4340.log
2015-03-22 11:44 - 2015-03-22 11:45 - 00000197 _____ () C:\Windows\system32\2015-03-22-09-44-51.095-AvastVBoxSVC.exe-3416.log
2015-03-21 18:52 - 2015-03-21 18:52 - 00000197 _____ () C:\Windows\system32\2015-03-21-16-52-54.073-AvastVBoxSVC.exe-2812.log
2015-03-21 18:35 - 2015-03-21 19:12 - 00000000 ____D () C:\Users\resiczek\VirtualBox VMs
2015-03-21 18:25 - 2015-03-30 14:15 - 00000000 ____D () C:\Users\resiczek\.VirtualBox
2015-03-21 18:25 - 2015-03-21 18:25 - 00001076 _____ () C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2015-03-21 18:25 - 2015-03-21 18:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2015-03-21 18:25 - 2015-03-16 18:36 - 00922704 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2015-03-21 18:24 - 2015-03-21 18:24 - 00000000 ____D () C:\Program Files\Oracle
2015-03-21 18:24 - 2015-03-16 18:35 - 00128592 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2015-03-21 17:23 - 2015-03-21 17:23 - 00000197 _____ () C:\Windows\system32\2015-03-21-15-23-17.095-AvastVBoxSVC.exe-4504.log
2015-03-21 10:32 - 2015-03-21 10:32 - 00000197 _____ () C:\Windows\system32\2015-03-21-08-32-17.029-AvastVBoxSVC.exe-5320.log
2015-03-20 16:43 - 2015-03-20 16:43 - 00000197 _____ () C:\Windows\system32\2015-03-20-14-43-42.004-AvastVBoxSVC.exe-5780.log
2015-03-20 12:58 - 2015-03-20 13:52 - 00000000 ____D () C:\Users\resiczek\Documents\LabVIEW Data
2015-03-20 12:55 - 2015-03-20 12:55 - 00000197 _____ () C:\Windows\system32\2015-03-20-10-55-58.036-AvastVBoxSVC.exe-3772.log
2015-03-20 12:50 - 2015-03-20 12:50 - 00000000 ____D () C:\Users\Public\Documents\National Instruments
2015-03-20 12:34 - 2015-03-20 12:34 - 00000197 _____ () C:\Windows\system32\2015-03-20-10-34-43.062-AvastVBoxSVC.exe-5720.log
2015-03-20 12:31 - 2015-03-23 22:36 - 00000000 ____D () C:\Users\resiczek\AppData\Local\National Instruments
2015-03-20 12:31 - 2015-03-20 13:44 - 00003244 _____ () C:\Windows\System32\Tasks\NIUpdateServiceStartupTask
2015-03-20 12:28 - 2015-03-20 12:28 - 00002152 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LabVIEW Tools Network.lnk
2015-03-20 12:28 - 2015-03-20 12:28 - 00001169 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VI Package Manager.lnk
2015-03-20 12:28 - 2015-03-20 12:28 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2015-03-20 12:28 - 2015-03-20 12:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JKI
2015-03-20 12:27 - 2015-03-20 13:00 - 00000000 ____D () C:\ProgramData\JKI
2015-03-20 12:27 - 2015-03-20 12:27 - 00004092 _____ () C:\Windows\System32\Tasks\JKIUpdateTask
2015-03-20 12:27 - 2015-03-20 12:27 - 00000000 ____D () C:\Program Files (x86)\JKI
2015-03-20 12:24 - 2015-03-20 12:46 - 00001104 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NI MAX.lnk
2015-03-20 12:20 - 2015-03-20 12:20 - 00001051 _____ () C:\Users\resiczek\Desktop\LabVIEW 2014 (64-bit).lnk
2015-03-20 12:20 - 2015-03-20 12:20 - 00001039 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NI LabVIEW 2014 (64-bit).lnk
2015-03-20 12:15 - 2015-03-20 13:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\National Instruments
2015-03-20 12:15 - 2015-03-20 13:43 - 00000000 ____D () C:\Program Files\National Instruments
2015-03-20 12:15 - 2015-03-20 12:15 - 00000000 ____D () C:\Windows\SysWOW64\cvirte
2015-03-20 12:15 - 2015-03-20 12:15 - 00000000 ____D () C:\Windows\system32\cvirte
2015-03-20 11:30 - 2015-03-23 22:04 - 00000000 ____D () C:\ProgramData\National Instruments
2015-03-20 09:48 - 2015-03-20 09:48 - 00000197 _____ () C:\Windows\system32\2015-03-20-07-48-34.059-AvastVBoxSVC.exe-624.log
2015-03-19 14:28 - 2015-03-19 14:29 - 00000197 _____ () C:\Windows\system32\2015-03-19-12-28-23.083-AvastVBoxSVC.exe-3216.log
2015-03-19 09:50 - 2015-03-19 09:50 - 00000197 _____ () C:\Windows\system32\2015-03-19-07-50-56.011-AvastVBoxSVC.exe-4032.log
2015-03-18 20:02 - 2015-03-18 20:02 - 00000197 _____ () C:\Windows\system32\2015-03-18-18-02-31.091-AvastVBoxSVC.exe-2592.log
2015-03-18 16:10 - 2015-03-18 16:10 - 00000197 _____ () C:\Windows\system32\2015-03-18-14-10-22.081-AvastVBoxSVC.exe-1692.log
2015-03-18 13:24 - 2015-03-18 13:24 - 00000197 _____ () C:\Windows\system32\2015-03-18-11-24-09.062-AvastVBoxSVC.exe-4008.log
2015-03-17 21:22 - 2015-03-17 21:22 - 00000197 _____ () C:\Windows\system32\2015-03-17-19-22-07.074-AvastVBoxSVC.exe-3740.log
2015-03-17 16:16 - 2015-03-17 16:16 - 00000197 _____ () C:\Windows\system32\2015-03-17-14-16-34.074-AvastVBoxSVC.exe-4340.log
2015-03-17 13:35 - 2015-03-17 13:35 - 00000197 _____ () C:\Windows\system32\2015-03-17-11-35-08.019-AvastVBoxSVC.exe-3356.log
2015-03-17 10:07 - 2015-03-17 10:07 - 00000197 _____ () C:\Windows\system32\2015-03-17-08-07-34.044-AvastVBoxSVC.exe-5052.log
2015-03-16 19:01 - 2015-03-16 19:02 - 00000197 _____ () C:\Windows\system32\2015-03-16-17-01-52.073-AvastVBoxSVC.exe-4944.log
2015-03-16 18:56 - 2015-03-16 18:56 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2015-03-16 18:56 - 2015-03-16 18:56 - 00000000 ____D () C:\Program Files\Realtek
2015-03-16 18:55 - 2015-03-16 18:55 - 00000000 ____D () C:\Program Files (x86)\Realtek
2015-03-16 18:55 - 2000-01-01 02:00 - 71040000 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2015-03-16 18:55 - 2000-01-01 02:00 - 14048512 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek64.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 12967680 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO3064.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 07164176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 06218072 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 05804772 _____ () C:\Windows\system32\Drivers\rtvienna.dat
2015-03-16 18:55 - 2000-01-01 02:00 - 05234952 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOlfx.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 04263128 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2015-03-16 18:55 - 2000-01-01 02:00 - 03186544 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 02860760 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 02827120 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 02770976 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 02162992 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 02101848 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 02080472 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 02041432 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 01959128 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2015-03-16 18:55 - 2000-01-01 02:00 - 01939800 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 01756264 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 01568360 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 01550528 _____ (Conexant Systems Inc.) C:\Windows\system32\CX64APO.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 01499984 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 01486952 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 01443340 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2015-03-16 18:55 - 2000-01-01 02:00 - 01411096 _____ (Synopsys, Inc.) C:\Windows\system32\SRRPTR64.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 01361336 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 01353472 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO6064.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 01313904 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxSpeechAPO64.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 01287384 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 01136728 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 01048824 _____ (SRS Labs, Inc.) C:\Windows\system32\slcnt64.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 00995120 _____ (Nahimic Inc) C:\Windows\system32\NahimicAPONSControl.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 00979280 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO2064.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 00959704 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 00947760 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 00922880 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 00906800 _____ (Sony Corporation) C:\Windows\system32\MISS_APO.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 00889592 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 00871856 _____ (TOSHIBA Corporation) C:\Windows\system32\tossaeapo64.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 00856992 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 00728680 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 00724728 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 00712296 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 00693352 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 00663296 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 00662784 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 00629464 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 00603984 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 00582056 _____ (TOSHIBA Corporation) C:\Windows\system32\tosasfapo64.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 00560328 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 00501184 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 00491112 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 00487360 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 00451096 _____ (Synopsys, Inc.) C:\Windows\system32\SRAPO64.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 00434960 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 00432744 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 00428648 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 00415680 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 00366104 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM64.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 00326680 _____ (Synopsys, Inc.) C:\Windows\SysWOW64\SRCOM.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 00326680 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 00315736 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 00303776 _____ (ICEpower a/s) C:\Windows\system32\ICEsoundAPO64.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 00261464 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 00246008 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 00242792 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 00242792 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 00241768 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 00221024 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 00162224 _____ (TOSHIBA Corporation) C:\Windows\system32\toseaeapo64.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 00148416 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 00141584 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 00124176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 00109848 _____ () C:\Windows\system32\AcpiServiceVnA64.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 00096568 _____ () C:\Windows\system32\audioLibVc.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 00081248 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 00078688 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 00075024 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 00065944 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2015-03-16 18:55 - 2000-01-01 02:00 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2015-03-16 18:54 - 2015-03-16 18:54 - 00000000 ____D () C:\ProgramData\SlimWare Utilities, Inc
2015-03-16 18:53 - 2015-03-16 18:53 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2015-03-16 18:48 - 2015-03-16 18:50 - 00000000 ____D () C:\ProgramData\DriverGenius
2015-03-16 18:48 - 2015-03-16 18:48 - 00000000 ____D () C:\Program Files (x86)\Driver-Soft
2015-03-16 18:44 - 2015-03-16 18:44 - 00000197 _____ () C:\Windows\system32\2015-03-16-16-44-53.048-AvastVBoxSVC.exe-4348.log
2015-03-16 18:35 - 2015-03-16 18:35 - 00204264 _____ (Oracle Corporation) C:\Windows\system32\VBoxNetFltNobj.dll
2015-03-16 18:35 - 2015-03-16 18:35 - 00156360 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetFlt.sys
2015-03-16 18:35 - 2015-03-16 18:35 - 00141440 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp.sys
2015-03-16 18:35 - 2015-03-16 18:35 - 00116232 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSB.sys
2015-03-16 18:34 - 2015-03-16 18:34 - 00000197 _____ () C:\Windows\system32\2015-03-16-16-34-53.009-AvastVBoxSVC.exe-4388.log
2015-03-16 14:35 - 2015-03-16 14:35 - 00000247 _____ () C:\Windows\system32\2015-03-16-12-35-37.024-aswFe.exe-3312.log
2015-03-16 14:28 - 2015-03-16 14:35 - 00000247 _____ () C:\Windows\system32\2015-03-16-12-28-09.011-aswFe.exe-2220.log
2015-03-16 14:28 - 2015-03-16 14:28 - 00000197 _____ () C:\Windows\system32\2015-03-16-12-28-02.030-AvastVBoxSVC.exe-2720.log
2015-03-16 00:13 - 2015-03-16 00:13 - 00000247 _____ () C:\Windows\system32\2015-03-15-22-13-16.029-aswFe.exe-844.log
2015-03-16 00:05 - 2015-03-16 00:13 - 00000247 _____ () C:\Windows\system32\2015-03-15-22-05-09.044-aswFe.exe-5408.log
2015-03-16 00:04 - 2015-03-16 00:05 - 00000197 _____ () C:\Windows\system32\2015-03-15-22-04-56.089-AvastVBoxSVC.exe-732.log
2015-03-15 10:51 - 2015-03-15 10:52 - 00000197 _____ () C:\Windows\system32\2015-03-15-08-51-29.022-AvastVBoxSVC.exe-2820.log
2015-03-14 15:14 - 2015-03-14 15:14 - 00434688 _____ () C:\Users\resiczek\Downloads\2107.tmp
2015-03-14 10:30 - 2015-03-14 10:30 - 00000197 _____ () C:\Windows\system32\2015-03-14-08-30-25.088-AvastVBoxSVC.exe-4544.log
2015-03-13 23:52 - 2015-03-13 23:54 - 00000000 ____D () C:\Users\resiczek\AppData\OICE_15_974FA576_32C1D314_3ED0
2015-03-13 23:25 - 2015-03-13 23:25 - 09069210 _____ () C:\Users\resiczek\Desktop\jPvocabulary-3.2.zip
2015-03-13 22:02 - 2008-12-13 23:35 - 00000471 _____ () C:\Users\resiczek\Desktop\main.m
2015-03-13 21:38 - 2015-03-13 21:38 - 00000000 ____D () C:\Users\resiczek\AppData\Local\Steam
2015-03-13 17:51 - 2015-03-13 17:52 - 00000197 _____ () C:\Windows\system32\2015-03-13-15-51-44.048-AvastVBoxSVC.exe-3232.log
2015-03-13 10:19 - 2015-03-13 10:19 - 00000197 _____ () C:\Windows\system32\2015-03-13-08-19-11.036-AvastVBoxSVC.exe-2428.log
2015-03-12 14:11 - 2015-03-12 14:12 - 00000197 _____ () C:\Windows\system32\2015-03-12-12-11-51.005-AvastVBoxSVC.exe-2516.log
2015-03-12 09:39 - 2015-03-12 09:40 - 00000197 _____ () C:\Windows\system32\2015-03-12-07-39-45.027-AvastVBoxSVC.exe-492.log
2015-03-11 20:51 - 2015-03-11 20:51 - 00000197 _____ () C:\Windows\system32\2015-03-11-18-51-07.090-AvastVBoxSVC.exe-3104.log
2015-03-11 13:54 - 2015-03-11 13:54 - 00000197 _____ () C:\Windows\system32\2015-03-11-11-54-33.002-AvastVBoxSVC.exe-5032.log
2015-03-10 15:27 - 2015-03-10 15:27 - 00000197 _____ () C:\Windows\system32\2015-03-10-13-27-33.097-AvastVBoxSVC.exe-2748.log
2015-03-09 15:52 - 2015-03-09 15:52 - 00000000 ____D () C:\Users\resiczek\AppData\Local\EXFO_Inc
2015-03-09 15:52 - 2015-03-09 15:52 - 00000000 ____D () C:\Users\resiczek\AppData\Local\EXFO Inc
2015-03-09 15:51 - 2015-03-23 17:53 - 00000000 ____D () C:\ProgramData\Metrino
2015-03-09 15:51 - 2015-03-09 15:51 - 00000000 ____D () C:\Users\resiczek\AppData\Local\SafeNet Sentinel
2015-03-09 15:51 - 2015-03-09 15:51 - 00000000 ____D () C:\ProgramData\SafeNet Sentinel
2015-03-09 15:50 - 2015-03-09 15:50 - 00002036 _____ () C:\Users\Public\Desktop\FastReporter 2.lnk
2015-03-09 15:50 - 2015-03-09 15:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EXFO
2015-03-09 15:50 - 2013-08-01 16:11 - 04609928 _____ (SafeNet Inc.) C:\Windows\system32\hasplms.exe
2015-03-09 15:50 - 2013-08-01 16:11 - 04609928 _____ (SafeNet Inc.) C:\Windows\system32\aksllmtp.exe
2015-03-09 15:50 - 2013-08-01 16:11 - 00331328 _____ (SafeNet Inc.) C:\Windows\system32\Drivers\hardlock.sys
2015-03-09 15:50 - 2013-08-01 16:11 - 00198088 _____ (Aladdin Knowledge Systems Ltd.) C:\Windows\SysWOW64\hlvdd.dll
2015-03-09 15:50 - 2013-08-01 16:11 - 00140736 _____ (SafeNet Inc.) C:\Windows\system32\Drivers\aksfridge.sys
2015-03-09 15:50 - 2013-08-01 16:11 - 00091784 _____ (SafeNet Inc.) C:\Windows\system32\Drivers\aksdf.sys
2015-03-09 15:48 - 2015-03-20 13:43 - 00000000 ____D () C:\Program Files (x86)\National Instruments
2015-03-09 15:48 - 2015-03-09 15:50 - 00000000 ____D () C:\Program Files (x86)\EXFO
2015-03-09 15:48 - 2015-03-09 15:49 - 00000000 ____D () C:\ProgramData\Exfo
2015-03-09 15:48 - 2015-03-09 15:49 - 00000000 ____D () C:\Program Files (x86)\Business Objects
2015-03-09 15:48 - 2015-03-09 15:48 - 00000000 ____D () C:\Users\Public\Documents\EXFO
2015-03-09 15:34 - 2015-03-09 15:34 - 00000197 _____ () C:\Windows\system32\2015-03-09-13-34-29.019-AvastVBoxSVC.exe-3368.log
2015-03-09 15:25 - 2015-03-09 15:26 - 00000197 _____ () C:\Windows\system32\2015-03-09-13-25-21.031-AvastVBoxSVC.exe-3920.log
2015-03-09 09:43 - 2015-03-09 09:43 - 00000197 _____ () C:\Windows\system32\2015-03-09-07-43-03.035-AvastVBoxSVC.exe-2732.log
2015-03-08 17:35 - 2015-03-08 18:05 - 00002242 ____H () C:\Users\resiczek\Documents\Default.rdp
2015-03-08 10:34 - 2015-03-08 10:35 - 00000197 _____ () C:\Windows\system32\2015-03-08-08-34-46.039-AvastVBoxSVC.exe-2620.log
2015-03-07 22:44 - 2015-03-07 22:44 - 00000247 _____ () C:\Windows\system32\2015-03-07-20-44-05.070-aswFe.exe-3288.log
2015-03-07 22:25 - 2015-03-07 22:43 - 00000247 _____ () C:\Windows\system32\2015-03-07-20-25-18.092-aswFe.exe-2476.log
2015-03-07 22:24 - 2015-03-07 22:25 - 00000197 _____ () C:\Windows\system32\2015-03-07-20-24-53.071-AvastVBoxSVC.exe-4324.log
2015-03-07 11:12 - 2015-03-07 11:13 - 00000197 _____ () C:\Windows\system32\2015-03-07-09-12-41.085-AvastVBoxSVC.exe-4356.log
2015-03-06 23:47 - 2015-03-06 23:48 - 00001031 _____ () C:\Users\resiczek\Desktop\KMPlayer.lnk
2015-03-06 23:47 - 2015-03-06 23:47 - 00000000 ____D () C:\Users\resiczek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer
2015-03-06 23:47 - 2015-03-06 23:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PANDORATV
2015-03-06 23:46 - 2015-04-02 14:45 - 00000000 ____D () C:\Program Files (x86)\The KMPlayer
2015-03-06 19:33 - 2015-03-06 19:33 - 00000000 ____D () C:\Users\resiczek\AppData\Roaming\cYo
2015-03-06 19:33 - 2015-03-06 19:33 - 00000000 ____D () C:\Users\resiczek\AppData\Local\cYo
2015-03-06 19:31 - 2015-03-07 11:22 - 00000884 _____ () C:\Users\Public\Desktop\ComicRack.lnk
2015-03-06 19:31 - 2015-03-06 19:33 - 00000000 ____D () C:\Program Files\ComicRack
2015-03-06 19:31 - 2015-03-06 19:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ComicRack
2015-03-06 09:38 - 2015-03-06 09:38 - 00000197 _____ () C:\Windows\system32\2015-03-06-07-38-32.048-AvastVBoxSVC.exe-2612.log
2015-03-05 17:32 - 2015-03-05 17:32 - 00138240 _____ () C:\Users\resiczek\Downloads\EAA.tmp
2015-03-05 13:12 - 2015-03-05 13:12 - 00000197 _____ () C:\Windows\system32\2015-03-05-11-12-47.051-AvastVBoxSVC.exe-2760.log
2015-03-05 09:39 - 2015-03-05 09:39 - 00000197 _____ () C:\Windows\system32\2015-03-05-07-39-43.024-AvastVBoxSVC.exe-2516.log
2015-03-04 19:41 - 2015-03-04 19:41 - 00000197 _____ () C:\Windows\system32\2015-03-04-17-41-13.097-AvastVBoxSVC.exe-2692.log
2015-03-04 13:39 - 2015-03-04 13:39 - 00000197 _____ () C:\Windows\system32\2015-03-04-11-39-21.061-AvastVBoxSVC.exe-1096.log
2015-03-03 15:31 - 2015-03-03 15:31 - 00000197 _____ () C:\Windows\system32\2015-03-03-13-31-02.098-AvastVBoxSVC.exe-2312.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-02 15:57 - 2015-02-03 15:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-02 15:55 - 2011-04-12 10:34 - 00684296 _____ () C:\Windows\system32\perfh005.dat
2015-04-02 15:55 - 2011-04-12 10:34 - 00146738 _____ () C:\Windows\system32\perfc005.dat
2015-04-02 15:55 - 2009-07-14 07:13 - 01616736 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-02 15:22 - 2009-07-14 06:45 - 00026064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-02 15:22 - 2009-07-14 06:45 - 00026064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-02 15:18 - 2014-12-19 18:58 - 01393697 _____ () C:\Windows\WindowsUpdate.log
2015-04-02 15:17 - 2015-02-04 17:12 - 00000952 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-02 15:15 - 2014-12-23 12:17 - 00000000 ___RD () C:\Users\resiczek\Dropbox
2015-04-02 15:15 - 2014-12-23 12:15 - 00000000 ____D () C:\Users\resiczek\AppData\Roaming\Dropbox
2015-04-02 15:15 - 2014-12-19 20:23 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-04-02 15:14 - 2015-02-04 17:12 - 00000948 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-02 15:14 - 2014-12-21 10:51 - 00000035 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini
2015-04-02 15:13 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-01 23:33 - 2014-12-20 11:18 - 00000000 ____D () C:\Program Files\trend micro
2015-04-01 15:12 - 2014-12-20 01:37 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-01 14:41 - 2014-12-22 15:42 - 00000029 _____ () C:\Users\resiczek\Documents\Klíč k router.txt
2015-04-01 14:40 - 2014-12-18 17:16 - 00000000 ____D () C:\Users\resiczek\Documents\vše možné
2015-04-01 14:33 - 2014-12-20 01:22 - 00000000 ____D () C:\Users\resiczek\AppData\Roaming\DAEMON Tools Lite
2015-04-01 14:32 - 2014-12-20 17:26 - 00000000 ____D () C:\Users\resiczek\AppData\Local\CrashDumps
2015-03-28 22:45 - 2014-12-20 18:37 - 00000000 ____D () C:\Users\resiczek\Torrenty
2015-03-28 22:44 - 2014-12-20 01:24 - 00000000 ____D () C:\Users\resiczek\Documents\Torrentz
2015-03-27 22:54 - 2014-12-20 01:20 - 00000000 ____D () C:\Users\resiczek\AppData\Roaming\deluge
2015-03-23 23:32 - 2015-02-05 11:48 - 00000000 ____D () C:\Users\resiczek\Desktop\DP knihy
2015-03-21 18:35 - 2014-12-19 18:58 - 00000000 ____D () C:\Users\resiczek
2015-03-21 11:44 - 2014-12-19 20:23 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-21 00:43 - 2015-01-17 13:28 - 00000236 _____ () C:\Users\resiczek\Desktop\Nový textový dokument.txt
2015-03-16 18:57 - 2014-12-20 00:36 - 00000000 ___HD () C:\Program Files (x86)\Temp
2015-03-16 18:55 - 2014-12-20 00:36 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-13 10:30 - 2014-12-20 18:42 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-03-13 10:25 - 2014-12-23 12:16 - 00000000 ____D () C:\Users\resiczek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-03-11 15:31 - 2015-03-01 11:10 - 00000000 ____D () C:\Users\resiczek\Cisco Packet Tracer 6.2sv
2015-03-11 15:29 - 2015-03-01 11:10 - 00000194 _____ () C:\Users\resiczek\.packettracer
2015-03-09 15:50 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Setup
2015-03-08 17:36 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-03-05 19:21 - 2014-12-19 22:56 - 01608406 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-03-03 15:29 - 2009-07-14 06:45 - 00482544 _____ () C:\Windows\system32\FNTCACHE.DAT

==================== Files in the root of some directories =======

2002-08-29 19:33 - 2002-08-29 19:33 - 0319488 ____R () C:\Users\resiczek\AppData\Roaming\MafiaSetup.exe
2015-03-29 18:05 - 2015-04-01 15:14 - 0000600 _____ () C:\Users\resiczek\AppData\Roaming\winscp.rnd
2014-12-27 19:01 - 2014-12-27 19:01 - 0003584 _____ () C:\Users\resiczek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-27 22:54 - 2015-03-27 22:54 - 0000736 _____ () C:\Users\resiczek\AppData\Local\recently-used.xbel
2014-12-20 00:38 - 2014-12-20 00:38 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\resiczek\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpux28k1.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-26 11:53




===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:698.54 GB) (Free:191.14 GB) NTFS

Available physical RAM: 3880.42 MB
Total physical RAM: 5995.86 MB
Percentage of memory in use: 35%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: E242475A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=698.5 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\ProgramData:NT
AlternateDataStreams: C:\ProgramData:NT2
AlternateDataStreams: C:\Users\All Users:NT
AlternateDataStreams: C:\Users\All Users:NT2
AlternateDataStreams: C:\ProgramData\Application Data:NT
AlternateDataStreams: C:\ProgramData\Application Data:NT2
AlternateDataStreams: C:\ProgramData\Data aplikací:NT
AlternateDataStreams: C:\ProgramData\Data aplikací:NT2
AlternateDataStreams: C:\ProgramData\Metrino:9C1E4030-2847-4EF4-8634-48D381A4E7B6
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2
AlternateDataStreams: C:\Users\resiczek\Data aplikací:NT
AlternateDataStreams: C:\Users\resiczek\Data aplikací:NT2
AlternateDataStreams: C:\Users\resiczek\AppData\Roaming:NT
AlternateDataStreams: C:\Users\resiczek\AppData\Roaming:NT2

==================== Security Center ==================

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\resiczek\Desktop" je 5358 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AshSnap
C:\Program Files (x86)\Ashampoo\Ashampoo Snap 7\ashsnap.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamePark klient 2.lnk
C:\PROGRA~1\GAMEPA~1\gpcl.exe


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================
Přílohy
Addition.rar
(10.93 KiB) Staženo 62 x
Nahoru
altrok
Moderátor
Moderátor
Příspěvky: 7315
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: (po)infekční preventivka

#6 Příspěvek od altrok »

:arrow: Velikost plochy by nemela presahovat 200 MB. Zpomaluje se pak start i samotny chod celeho PC.

  • Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
  • ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
  • znovu spustte FRST a kliknete na Fix
  • po restartu bude na plose ulozen fixlog, jehoz obsah mi vlozte do pristi odpovedi

    Kód: Vybrat vše

    Start
CloseProcesses:
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKU\S-1-5-21-57012456-698976538-1097888024-1000\...\MountPoints2: {c9f0139d-87d4-11e4-8f2c-ec55f9300020} - F:\MafiaLauncher.EXE

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]

2015-04-02 16:00 - 2015-04-02 16:00 - 00112640 _____ (forum.viry.cz) C:\Users\resiczek\Desktop\FRSTLauncher.exe
2015-04-02 15:11 - 2015-04-02 15:12 - 00000000 ____D () C:\AdwCleaner
2015-04-02 15:10 - 2015-04-02 15:10 - 02208768 _____ () C:\Users\resiczek\Desktop\adwcleaner_4.200.exe
2015-03-25 21:04 - 2015-03-25 21:04 - 00027136 _____ () C:\Users\resiczek\Downloads\3DFF.tmp
2015-03-14 15:14 - 2015-03-14 15:14 - 00434688 _____ () C:\Users\resiczek\Downloads\2107.tmp
2015-03-05 17:32 - 2015-03-05 17:32 - 00138240 _____ () C:\Users\resiczek\Downloads\EAA.tmp
2015-04-01 23:33 - 2014-12-20 11:18 - 00000000 ____D () C:\Program Files\trend micro
CMD: del "C:\Users\resiczek\Downloads\*.tmp"
AlternateDataStreams: C:\ProgramData\Metrino:9C1E4030-2847-4EF4-8634-48D381A4E7B6
DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AshSnap
DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite
DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamePark klient 2.lnk
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
CMD: dir "C:\Users\resiczek\AppData\Roaming\cYo"
Hosts:
EmptyTemp:
End
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
NoR
Návštěvník
Návštěvník
Příspěvky: 51
Registrován: 19 led 2012 17:18

Re: (po)infekční preventivka

#7 Příspěvek od NoR »

tady je log a na velikosti plochy už se pracuje

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by resiczek at 2015-04-03 09:45:58 Run:1
Running from C:\Users\resiczek\Desktop
Loaded Profiles: resiczek (Available profiles: resiczek)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKU\S-1-5-21-57012456-698976538-1097888024-1000\...\MountPoints2: {c9f0139d-87d4-11e4-8f2c-ec55f9300020} - F:\MafiaLauncher.EXE

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]

2015-04-02 16:00 - 2015-04-02 16:00 - 00112640 _____ (forum.viry.cz) C:\Users\resiczek\Desktop\FRSTLauncher.exe
2015-04-02 15:11 - 2015-04-02 15:12 - 00000000 ____D () C:\AdwCleaner
2015-04-02 15:10 - 2015-04-02 15:10 - 02208768 _____ () C:\Users\resiczek\Desktop\adwcleaner_4.200.exe
2015-03-25 21:04 - 2015-03-25 21:04 - 00027136 _____ () C:\Users\resiczek\Downloads\3DFF.tmp
2015-03-14 15:14 - 2015-03-14 15:14 - 00434688 _____ () C:\Users\resiczek\Downloads\2107.tmp
2015-03-05 17:32 - 2015-03-05 17:32 - 00138240 _____ () C:\Users\resiczek\Downloads\EAA.tmp
2015-04-01 23:33 - 2014-12-20 11:18 - 00000000 ____D () C:\Program Files\trend micro
CMD: del "C:\Users\resiczek\Downloads\*.tmp"
AlternateDataStreams: C:\ProgramData\Metrino:9C1E4030-2847-4EF4-8634-48D381A4E7B6
DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AshSnap
DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite
DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamePark klient 2.lnk
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
CMD: dir "C:\Users\resiczek\AppData\Roaming\cYo"
Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\NvBackend => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value deleted successfully.
"HKU\S-1-5-21-57012456-698976538-1097888024-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9f0139d-87d4-11e4-8f2c-ec55f9300020}" => Key deleted successfully.
HKCR\CLSID\{c9f0139d-87d4-11e4-8f2c-ec55f9300020} => Key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
FairplayKD => Service deleted successfully.
C:\Users\resiczek\Desktop\FRSTLauncher.exe => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\Users\resiczek\Desktop\adwcleaner_4.200.exe => Moved successfully.
C:\Users\resiczek\Downloads\3DFF.tmp => Moved successfully.
C:\Users\resiczek\Downloads\2107.tmp => Moved successfully.
C:\Users\resiczek\Downloads\EAA.tmp => Moved successfully.
C:\Program Files\trend micro => Moved successfully.

========= del "C:\Users\resiczek\Downloads\*.tmp" =========


========= End of CMD: =========

C:\ProgramData\Metrino => ":9C1E4030-2847-4EF4-8634-48D381A4E7B6" ADS removed successfully.
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AshSnap => Key Deleted successfully.
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite => Key Deleted successfully.
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamePark klient 2.lnk => Key Deleted successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.

========= dir "C:\Users\resiczek\AppData\Roaming\cYo" =========

Svazek v jednotce C nem� ��dnou jmenovku.
S�riov� ��slo svazku je B085-FB06.

V�pis adres��e C:\Users\resiczek\AppData\Roaming\cYo

06.03.2015 19:33 <DIR> .
06.03.2015 19:33 <DIR> ..
06.03.2015 22:37 <DIR> ComicRack
Soubor�: 0, Bajt�: 0
Adres���: 3, Voln�ch bajt�: 204�302�761�984

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 475.6 MB temporary data.


The system needed a reboot.

==== End of Fixlog 09:46:09 ====
Nahoru
altrok
Moderátor
Moderátor
Příspěvky: 7315
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: (po)infekční preventivka

#8 Příspěvek od altrok »

Takze jeste uklidime.
A pokud nejsou dotazy ci jine problemy, je to ode mne vse.
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
NoR
Návštěvník
Návštěvník
Příspěvky: 51
Registrován: 19 led 2012 17:18

Re: (po)infekční preventivka

#9 Příspěvek od NoR »

Uklizeno, mockrát děkuji za váš čas a pomoc a zase někdy na viděnou :)
Nahoru
altrok
Moderátor
Moderátor
Příspěvky: 7315
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: (po)infekční preventivka

#10 Příspěvek od altrok »

Nemate zac, rad jsem pomohl :worship:


Mejte se krasne a treba zase nekdy :bye:
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Nahoru
Zamčeno

Zpět na „Preventivní kontroly logů“