Zdravím, poprosil bych o kontrolu logu, po zapnutí PC se po několika minutách spustí svchost a vytíží procesor na stálých 100%, zpomalení PC. Mám strach že je to nějakej backdoor nebo podobně...
Logfile of random's system information tool 1.10 (written by random/random)
Run by Vašek at 2015-05-19 23:36:53
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 21 GB (4%) free of 466 GB
Total RAM: 8141 MB (57% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:37:01, on 19.5.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17801)
Boot mode: Normal
Running processes:
D:\Programy\iDisplay\iDisplay.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\Vašek\AppData\Roaming\AceWebExtension\updater\ace_web_extension.exe
C:\Program Files\Win Drive\poclbm.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
D:\Programy\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
D:\Programy\ThermalTake Mouse Level 10M\L10mMonitor.exe
D:\Programy\iDisplay\adb.exe
C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
D:\Programy\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Cyberlink\MediaEspresso\DeviceDetector\DeviceDetector.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
D:\Programy\Steam\Steam.exe
D:\Programy\Steam\bin\steamwebhelper.exe
D:\Programy\Steam\bin\steamwebhelper.exe
C:\Program Files\trend micro\Vašek.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.phpnuke.org/?lang=en&cid=457c4dfc
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Programy\BitComet\tools\BitCometBHO_1.5.4.11.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre8\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre8\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [avgnt] "D:\Programy\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Tt eSPORTS Level 10 M Gaming Mouse] "D:\Programy\ThermalTake Mouse Level 10M\L10mMonitor.exe" /Automation
O4 - HKLM\..\Run: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [WindowsDriverScan] C:\Program Files\Win Drive\Drive.lnk
O4 - HKCU\..\Run: [AceWebException] C:\Users\Vašek\AppData\Roaming\AceWebExtension\updater\ace_web_extension.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user')
O4 - Startup: Rainmeter.lnk = D:\Programy\Rainmeter.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Programy\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Programy\SkypeRecorder\Skype4COM.dll
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - D:\Programy\Avira\AntiVir Desktop\avmailc7.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - D:\Programy\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - D:\Programy\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AVerRECentral - AVerMedia - C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRECentral.exe
O23 - Service: Avira Service Host (Avira.OE.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - www.BitComet.com - D:\Programy\BitComet\tools\BitCometService.exe
O23 - Service: DisplayFusionService - Binary Fortress Software - D:\Programy\DisplayFusion\DisplayFusionService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Sentinel Local License Manager (hasplms) - Unknown owner - C:\Windows\system32\hasplms.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - D:\Programy\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero Update (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - D:\Programy\Origin\OriginClientService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: rUpdater - Unknown owner - C:\Program Files\rUpdater\rUpdater_srv.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: Splashtop® Remote Service (SplashtopRemoteService) - Splashtop Inc. - C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Splashtop Software Updater Service (SSUService) - Splashtop Inc. - C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Survarium-Steam Update Service - Unknown owner - D:\Programy\Steam\steamapps\common\Survarium\game\binaries\x86\survarium_service.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UltiDev Cassini Web Server for ASP.NET 2.0 - UltiDev LLC - C:\Program Files (x86)\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
--
End of file - 15720 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
"C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe"
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRECentral.exe"
"C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service
"C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service
C:\Windows\System32\svchost.exe -k utcsvc
"D:\Programy\DisplayFusion\DisplayFusionService.exe"
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe"
C:\Windows\system32\hasplms.exe -run
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files\Acer\Acer Updater\UpdaterService.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
"C:\Program Files\Cyberlink\Shared files\RichVideo64.exe"
"C:\Program Files\rUpdater\rUpdater_srv.exe"
"C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe"
"C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"taskhost.exe"
taskeng.exe {F22B3B78-E7CC-45FE-B8BE-C0C8E9C6151C}
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
D:\Programy\iDisplay\iDisplay.exe -startup
"C:\Windows\System32\schtasks.exe" /create /sc onlogon /tn Origin /rl highest /ru System /tr "C:\ProgramData\Origin\update.vbe"
\??\C:\Windows\system32\conhost.exe "19843254081444721105954948678793657646-588590338475936393-1053253390-413370208
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"C:\Program Files\rUpdater\rUpdater_agent.exe"
"C:\Users\Vašek\AppData\Roaming\AceWebExtension\updater\ace_web_extension.exe"
poclbm.exe -d0 http://PCmaniak.DRIVER:DRIVER@api.bitcoin.cz:8332
\??\C:\Windows\system32\conhost.exe "-24015290300822844630901040-72805910111117695251014766385-7978006902032433053
"D:\Programy\Rainmeter.exe"
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
-h
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"D:\Programy\Avira\AntiVir Desktop\avgnt.exe" /min
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"D:\Programy\ThermalTake Mouse Level 10M\L10mMonitor.exe" /Automation
"SRFeature.exe"
"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"
"C:\Program Files (x86)\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe"
"C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\servicing\TrustedInstaller.exe
adb.exe fork-server server
\??\C:\Windows\system32\conhost.exe "-12551258564092131474829547271485437411-17369980821606261597615011003817624577
"C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe" /connectToHost
"D:\Programy\Mozilla Firefox\firefox.exe"
taskeng.exe {2EEBEA76-2601-42BC-A899-46351DB4D8CA}
"C:\Program Files (x86)\Cyberlink\MediaEspresso\DeviceDetector\DeviceDetector.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe" 468f184a-ad15-46fc-be50-a9ad6396210a 1
\??\C:\Windows\system32\conhost.exe "-7790470711225450108-155294247921422811289684841291322482890278520927-619866351
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" serviceapp
\??\C:\Windows\system32\conhost.exe "-375701201-6880354541164411613-1130973341-339314878-1134071415-12950111201874982699
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Nero\Update\NASvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Windows\system32\wuauclt.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe" -auto
"D:\Programy\BitComet\BitComet.exe"
D:\Programy\BitComet\tools\BitCometService.exe -service
"C:\Program Files\EgisTec IPS\PMMUpdate.exe"
"C:\Program Files\EgisTec IPS\EgisUpdate.exe"
"C:\Program Files (x86)\Skype\Phone\Skype.exe"
"D:\Programy\TS 3\ts3client_win64.exe"
"D:\Programy\Steam\Steam.exe"
"D:\Programy\Steam\bin\steamwebhelper.exe" -cefhost -cachedir "C:\Users\Vašek\AppData\Local\Steam\htmlcache" -steampid 7812 -buildid 1431729692 -steamid "0" --disable-gpu-compositing --disable-gpu --enable-threaded-compositing --disable-pinch-virtual-viewport --process-per-tab --enable-direct-write
"C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService
"D:\Programy\Steam\bin\steamwebhelper.exe" --type=renderer --disable-gpu-compositing --enable-pinch --enable-threaded-compositing --no-sandbox --enable-deferred-image-decoding --lang=en-US --lang=en-US --product-version="Valve Steam Client" --device-scale-factor=1 --font-cache-shared-mem-suffix=9004 --enable-delegated-renderer --num-raster-threads=2 --disable-gpu-compositing --channel="9004.0.1957139190\1400688230" /prefetch:673131151
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 528 532 540 65536 536
"C:\Users\Vašek\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-266349663-400684417-2290147511-1000Core.job - C:\Users\Marek\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-266349663-400684417-2290147511-1000UA.job - C:\Users\Marek\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
=========Mozilla firefox=========
ProfilePath - C:\Users\Vašek\AppData\Roaming\Mozilla\Firefox\Profiles\br0my0x5.default-1389808505168
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 17.0.0.169 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=1.138.0]
"Description"=
"Path"=C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=2.1.3]
"Description"=
"Path"=C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=2.3.0]
"Description"=
"Path"=C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@esn/npbattlelog,version=2.6.2]
"Description"=
"Path"=C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.5.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre8\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.5.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre8\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.1]
"Description"=VLC Multimedia Plugin
"Path"=D:\Programy\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 17.0.0.169 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@esn/npbattlelog,version=2.6.2]
"Description"=
"Path"=C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=11.5.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=11.5.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D594333-0076-A76A-76A7-7A786E7484D7}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-12-19 6671064]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre8\bin\ssv.dll [2014-06-30 553384]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29 529280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14 2117216]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 690392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre8\bin\jp2ssv.dll [2014-06-30 211880]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - D:\Programy\BitComet\tools\BitCometBHO_1.5.4.11.dll [2011-04-11 767280]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [2013-12-19 4171480]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre8\bin\ssv.dll [2014-06-30 462760]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29 441216]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14 1709152]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL [2013-03-06 562904]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre8\bin\jp2ssv.dll [2014-06-30 171944]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-11-14 13353064]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27 558496]
"ShadowPlay"=C:\Windows\system32\nvspcap64.dll [2015-03-28 1570672]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2015-03-28 2673296]
"rUpdater2"=C:\Program Files\rUpdater\rUpdater_agent.exe [2015-04-25 2410496]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsDriverScan"=C:\Program Files\Win Drive\Drive.lnk [2013-12-04 1427]
"AdobeBridge"= []
"AceWebException"=C:\Users\Vašek\AppData\Roaming\AceWebExtension\updater\ace_web_extension.exe [2015-02-28 22824]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AirDroid 3]
D:\Programy\AirDroid\AirDroid.exe [2015-02-05 11662848]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnTBMon]
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
c:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeathTaker]
D:\Programy\DeathTaker\mousehid.exe [2011-10-24 303616]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DisplayFusion]
D:\Programy\DisplayFusion\DisplayFusion.exe [2013-04-26 7283072]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Imperator pro]
D:\Programy\Imperator Pro\IMProhid.exe [2012-02-24 287232]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
D:\Programy\Kies\KiesTrayAgent.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Remote Mouse]
C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe [2014-04-28 1238528]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
C:\Program Files\Logitech\Gaming Software\LWEMon.exe [2009-01-21 123400]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Vašek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
C:\Users\VAEK~1\AppData\Roaming\Dropbox\bin\Dropbox.exe [2014-05-20 33322312]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"=C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [2011-06-22 341360]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2011-12-04 291096]
"BCSSync"=C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2012-11-05 89184]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS5.5ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [2011-01-12 1523360]
"avgnt"=D:\Programy\Avira\AntiVir Desktop\avgnt.exe [2015-05-05 728312]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-03-18 224128]
"AdobeCS6ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [2012-03-09 1073312]
"Tt eSPORTS Level 10 M Gaming Mouse"=D:\Programy\ThermalTake Mouse Level 10M\L10mMonitor.exe [2012-09-28 121224]
"Avira Systray"=C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [2015-03-16 129272]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19 1022152]
C:\Users\Vašek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Rainmeter.lnk - D:\Programy\Rainmeter.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - D:\Programy\DeskScapes3\deskscapes.dll [2010-09-27 116528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-12-19 6671064]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [2013-12-19 4171480]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"MSVideo8"=VfWWDM32.dll
"vidc.tscc"=C:\Windows\SysWOW64\tsccvid64.dll
"vidc.tsc2"=C:\Windows\SysWOW64\tsc2_codec64.dll
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux1"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux2"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux3"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"aux4"=wdmaud.drv
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
"aux5"=wdmaud.drv
"vidc.XVID"=xvidvfw.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux6"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave9"=wdmaud.drv
"midi9"=wdmaud.drv
"mixer9"=wdmaud.drv
"aux7"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux8"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 month======
2015-05-19 23:36:53 ----D---- C:\rsit
2015-05-14 00:01:04 ----A---- C:\Windows\SYSWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 00:01:04 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 08:57:32 ----A---- C:\Windows\SYSWOW64\schannel.dll
2015-05-13 08:57:32 ----A---- C:\Windows\SYSWOW64\certcli.dll
2015-05-13 08:57:32 ----A---- C:\Windows\system32\schannel.dll
2015-05-13 08:57:32 ----A---- C:\Windows\system32\certcli.dll
2015-05-13 08:57:23 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2015-05-13 08:57:23 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2015-05-13 08:57:23 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2015-05-13 08:57:23 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2015-05-13 08:57:23 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2015-05-13 08:57:23 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2015-05-13 08:57:23 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2015-05-13 08:57:23 ----A---- C:\Windows\system32\iernonce.dll
2015-05-13 08:57:23 ----A---- C:\Windows\system32\ieetwproxystub.dll
2015-05-13 08:57:23 ----A---- C:\Windows\system32\ieetwcollector.exe
2015-05-13 08:57:23 ----A---- C:\Windows\system32\ie4uinit.exe
2015-05-13 08:57:22 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2015-05-13 08:57:22 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2015-05-13 08:57:22 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2015-05-13 08:57:22 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2015-05-13 08:57:22 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2015-05-13 08:57:22 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2015-05-13 08:57:22 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 08:57:22 ----A---- C:\Windows\system32\iedkcs32.dll
2015-05-13 08:57:21 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2015-05-13 08:57:21 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2015-05-13 08:57:21 ----A---- C:\Windows\SYSWOW64\jscript.dll
2015-05-13 08:57:21 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2015-05-13 08:57:21 ----A---- C:\Windows\SYSWOW64\ieui.dll
2015-05-13 08:57:21 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2015-05-13 08:57:21 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2015-05-13 08:57:21 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2015-05-13 08:57:21 ----A---- C:\Windows\system32\urlmon.dll
2015-05-13 08:57:21 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 08:57:21 ----A---- C:\Windows\system32\msfeeds.dll
2015-05-13 08:57:21 ----A---- C:\Windows\system32\iesetup.dll
2015-05-13 08:57:21 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 08:57:21 ----A---- C:\Windows\system32\ieapfltr.dll
2015-05-13 08:57:21 ----A---- C:\Windows\system32\dxtrans.dll
2015-05-13 08:57:20 ----A---- C:\Windows\SYSWOW64\wininet.dll
2015-05-13 08:57:20 ----A---- C:\Windows\SYSWOW64\msrating.dll
2015-05-13 08:57:20 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2015-05-13 08:57:20 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2015-05-13 08:57:20 ----A---- C:\Windows\system32\vbscript.dll
2015-05-13 08:57:20 ----A---- C:\Windows\system32\jsproxy.dll
2015-05-13 08:57:20 ----A---- C:\Windows\system32\ieUnatt.exe
2015-05-13 08:57:20 ----A---- C:\Windows\system32\iertutil.dll
2015-05-13 08:57:19 ----A---- C:\Windows\system32\mshtmlmedia.dll
2015-05-13 08:57:19 ----A---- C:\Windows\system32\mshtmled.dll
2015-05-13 08:57:19 ----A---- C:\Windows\system32\jscript9diag.dll
2015-05-13 08:57:19 ----A---- C:\Windows\system32\jscript9.dll
2015-05-13 08:57:19 ----A---- C:\Windows\system32\jscript.dll
2015-05-13 08:57:19 ----A---- C:\Windows\system32\ieui.dll
2015-05-13 08:57:19 ----A---- C:\Windows\system32\ieframe.dll
2015-05-13 08:57:19 ----A---- C:\Windows\system32\dxtmsft.dll
2015-05-13 08:57:18 ----A---- C:\Windows\system32\wininet.dll
2015-05-13 08:57:18 ----A---- C:\Windows\system32\msrating.dll
2015-05-13 08:57:18 ----A---- C:\Windows\system32\MshtmlDac.dll
2015-05-13 08:57:18 ----A---- C:\Windows\system32\mshtml.dll
2015-05-13 08:57:09 ----A---- C:\Windows\system32\services.exe
2015-05-13 08:57:01 ----A---- C:\Windows\system32\UtcResources.dll
2015-05-13 08:57:01 ----A---- C:\Windows\system32\diagtrack.dll
2015-05-13 08:57:00 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-05-13 08:56:58 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2015-05-13 08:56:58 ----A---- C:\Windows\system32\ntdll.dll
2015-05-13 08:56:56 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2015-05-13 08:56:55 ----A---- C:\Windows\SYSWOW64\tdh.dll
2015-05-13 08:56:55 ----A---- C:\Windows\system32\tdh.dll
2015-05-13 08:56:54 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2015-05-13 08:56:54 ----A---- C:\Windows\system32\kernel32.dll
2015-05-13 08:56:54 ----A---- C:\Windows\system32\advapi32.dll
2015-05-13 08:56:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-13 08:56:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 08:56:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-13 08:56:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 08:56:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 08:56:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 08:56:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-13 08:56:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 08:56:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 08:56:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 08:56:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 08:56:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 08:56:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 08:56:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 08:56:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 08:56:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 08:56:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 08:56:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 08:56:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 08:56:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 08:56:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 08:56:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-13 08:56:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 08:56:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 08:56:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 08:56:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 08:56:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 08:56:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-13 08:56:53 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-13 08:56:53 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 08:56:53 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-13 08:56:53 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 08:56:53 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 08:56:53 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 08:56:53 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-13 08:56:53 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 08:56:53 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 08:56:53 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 08:56:53 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 08:56:53 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 08:56:53 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 08:56:53 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 08:56:53 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 08:56:53 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 08:56:53 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 08:56:53 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-13 08:56:53 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 08:56:53 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 08:56:53 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 08:56:53 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-13 08:56:53 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 08:56:53 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 08:56:53 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 08:56:53 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 08:56:53 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 08:56:53 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-13 08:56:53 ----A---- C:\Windows\SYSWOW64\wow32.dll
2015-05-13 08:56:53 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2015-05-13 08:56:53 ----A---- C:\Windows\SYSWOW64\user.exe
2015-05-13 08:56:53 ----A---- C:\Windows\SYSWOW64\typeperf.exe
2015-05-13 08:56:53 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2015-05-13 08:56:53 ----A---- C:\Windows\SYSWOW64\tracerpt.exe
2015-05-13 08:56:53 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2015-05-13 08:56:53 ----A---- C:\Windows\SYSWOW64\srclient.dll
2015-05-13 08:56:53 ----A---- C:\Windows\SYSWOW64\setup16.exe
2015-05-13 08:56:53 ----A---- C:\Windows\SYSWOW64\sechost.dll
2015-05-13 08:56:53 ----A---- C:\Windows\SYSWOW64\secur32.dll
2015-05-13 08:56:53 ----A---- C:\Windows\SYSWOW64\relog.exe
2015-05-13 08:56:53 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2015-05-13 08:56:53 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2015-05-13 08:56:53 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2015-05-13 08:56:53 ----A---- C:\Windows\SYSWOW64\logman.exe
2015-05-13 08:56:53 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2015-05-13 08:56:53 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2015-05-13 08:56:53 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2015-05-13 08:56:53 ----A---- C:\Windows\SYSWOW64\instnm.exe
2015-05-13 08:56:53 ----A---- C:\Windows\SYSWOW64\diskperf.exe
2015-05-13 08:56:53 ----A---- C:\Windows\SYSWOW64\credssp.dll
2015-05-13 08:56:53 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2015-05-13 08:56:53 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2015-05-13 08:56:53 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2015-05-13 08:56:53 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2015-05-13 08:56:53 ----A---- C:\Windows\system32\wow64win.dll
2015-05-13 08:56:53 ----A---- C:\Windows\system32\wow64cpu.dll
2015-05-13 08:56:53 ----A---- C:\Windows\system32\wow64.dll
2015-05-13 08:56:53 ----A---- C:\Windows\system32\winsrv.dll
2015-05-13 08:56:53 ----A---- C:\Windows\system32\wdigest.dll
2015-05-13 08:56:53 ----A---- C:\Windows\system32\typeperf.exe
2015-05-13 08:56:53 ----A---- C:\Windows\system32\TSpkg.dll
2015-05-13 08:56:53 ----A---- C:\Windows\system32\tracerpt.exe
2015-05-13 08:56:53 ----A---- C:\Windows\system32\sspisrv.dll
2015-05-13 08:56:53 ----A---- C:\Windows\system32\sspicli.dll
2015-05-13 08:56:53 ----A---- C:\Windows\system32\srcore.dll
2015-05-13 08:56:53 ----A---- C:\Windows\system32\srclient.dll
2015-05-13 08:56:53 ----A---- C:\Windows\system32\smss.exe
2015-05-13 08:56:53 ----A---- C:\Windows\system32\sechost.dll
2015-05-13 08:56:53 ----A---- C:\Windows\system32\secur32.dll
2015-05-13 08:56:53 ----A---- C:\Windows\system32\rstrui.exe
2015-05-13 08:56:53 ----A---- C:\Windows\system32\relog.exe
2015-05-13 08:56:53 ----A---- C:\Windows\system32\ntvdm64.dll
2015-05-13 08:56:53 ----A---- C:\Windows\system32\ncrypt.dll
2015-05-13 08:56:53 ----A---- C:\Windows\system32\msv1_0.dll
2015-05-13 08:56:53 ----A---- C:\Windows\system32\lsass.exe
2015-05-13 08:56:53 ----A---- C:\Windows\system32\lsasrv.dll
2015-05-13 08:56:53 ----A---- C:\Windows\system32\logman.exe
2015-05-13 08:56:53 ----A---- C:\Windows\system32\KernelBase.dll
2015-05-13 08:56:53 ----A---- C:\Windows\system32\kerberos.dll
2015-05-13 08:56:53 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2015-05-13 08:56:53 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2015-05-13 08:56:53 ----A---- C:\Windows\system32\diskperf.exe
2015-05-13 08:56:53 ----A---- C:\Windows\system32\csrsrv.dll
2015-05-13 08:56:53 ----A---- C:\Windows\system32\credssp.dll
2015-05-13 08:56:53 ----A---- C:\Windows\system32\conhost.exe
2015-05-13 08:56:53 ----A---- C:\Windows\system32\auditpol.exe
2015-05-13 08:56:53 ----A---- C:\Windows\system32\apisetschema.dll
2015-05-13 08:56:53 ----A---- C:\Windows\system32\adtschema.dll
2015-05-13 08:56:52 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2015-05-13 08:56:52 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2015-05-13 08:56:52 ----A---- C:\Windows\system32\msobjs.dll
2015-05-13 08:56:52 ----A---- C:\Windows\system32\msaudite.dll
2015-05-13 08:56:39 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2015-05-13 08:56:39 ----A---- C:\Windows\system32\win32k.sys
2015-05-13 08:56:39 ----A---- C:\Windows\system32\FntCache.dll
2015-05-13 08:56:39 ----A---- C:\Windows\system32\DWrite.dll
2015-05-13 08:56:33 ----A---- C:\Windows\SYSWOW64\InkEd.dll
2015-05-13 08:56:33 ----A---- C:\Windows\system32\jnwmon.dll
2015-05-13 08:56:33 ----A---- C:\Windows\system32\InkEd.dll
2015-05-13 08:56:31 ----A---- C:\Windows\SYSWOW64\wpdshext.dll
2015-05-13 08:56:31 ----A---- C:\Windows\system32\wpdshext.dll
2015-05-13 08:56:30 ----A---- C:\Windows\SYSWOW64\shimeng.dll
2015-05-13 08:56:30 ----A---- C:\Windows\SYSWOW64\sdbinst.exe
2015-05-13 08:56:30 ----A---- C:\Windows\SYSWOW64\poqexec.exe
2015-05-13 08:56:30 ----A---- C:\Windows\SYSWOW64\apphelp.dll
2015-05-13 08:56:30 ----A---- C:\Windows\system32\shimeng.dll
2015-05-13 08:56:30 ----A---- C:\Windows\system32\sdbinst.exe
2015-05-13 08:56:30 ----A---- C:\Windows\system32\poqexec.exe
2015-05-13 08:56:30 ----A---- C:\Windows\system32\apphelp.dll
2015-05-13 08:56:30 ----A---- C:\Windows\system32\aelupsvc.dll
2015-05-11 09:04:21 ----D---- C:\Users\Vašek\AppData\Roaming\Exanima
2015-05-11 08:12:56 ----D---- C:\Users\Vašek\AppData\Roaming\vlc
2015-05-11 08:07:20 ----D---- C:\Users\Vašek\AppData\Roaming\FLV Extract
2015-05-02 10:19:04 ----D---- C:\Windows\rUpdater
2015-05-02 10:19:04 ----D---- C:\Program Files\rUpdater
2015-05-02 10:19:01 ----D---- C:\Program Files (x86)\Free Downloads
2015-04-29 20:33:42 ----D---- C:\Users\Vašek\AppData\Roaming\AceWebExtension
======List of files/folders modified in the last 1 month======
2015-05-19 23:37:01 ----D---- C:\Windows\Prefetch
2015-05-19 23:36:54 ----D---- C:\Program Files\trend micro
2015-05-19 23:30:45 ----D---- C:\Users\Vašek\AppData\Roaming\Skype
2015-05-19 22:59:19 ----D---- C:\Users\Vašek\AppData\Roaming\TS3Client
2015-05-19 21:20:40 ----D---- C:\Windows\Temp
2015-05-19 21:12:15 ----SHD---- C:\System Volume Information
2015-05-19 21:09:21 ----D---- C:\Downloads
2015-05-19 21:06:50 ----D---- C:\Windows\System32
2015-05-19 21:06:50 ----D---- C:\Windows\inf
2015-05-19 21:06:50 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-05-19 21:02:57 ----A---- C:\Windows\SYSWOW64\log.txt
2015-05-19 21:01:21 ----D---- C:\Windows\system32\config
2015-05-19 21:00:03 ----D---- C:\ProgramData\NVIDIA
2015-05-17 09:30:19 ----SHD---- C:\Windows\Installer
2015-05-17 09:30:19 ----D---- C:\ProgramData\Skype
2015-05-17 09:30:19 ----D---- C:\Config.Msi
2015-05-14 14:18:46 ----D---- C:\Program Files (x86)\Internet Explorer
2015-05-14 14:18:40 ----D---- C:\Windows\SysWOW64
2015-05-14 08:06:02 ----D---- C:\Windows\rescache
2015-05-14 07:43:37 ----D---- C:\Windows\Microsoft.NET
2015-05-14 07:42:07 ----RSD---- C:\Windows\assembly
2015-05-14 07:04:49 ----D---- C:\Windows\winsxs
2015-05-14 06:56:18 ----D---- C:\Windows\SYSWOW64\cs-CZ
2015-05-14 06:56:18 ----D---- C:\Windows\system32\cs-CZ
2015-05-14 06:56:17 ----D---- C:\Program Files\Internet Explorer
2015-05-14 06:56:16 ----D---- C:\Windows\SYSWOW64\en-US
2015-05-14 06:56:14 ----D---- C:\Windows\system32\en-US
2015-05-14 06:55:53 ----D---- C:\Windows\AppPatch
2015-05-14 06:55:51 ----D---- C:\Windows\system32\drivers
2015-05-14 06:55:47 ----D---- C:\Program Files\Windows Journal
2015-05-14 06:55:45 ----D---- C:\Windows\system32\AdvancedInstallers
2015-05-14 06:55:36 ----D---- C:\Windows\system32\DriverStore
2015-05-14 06:55:35 ----D---- C:\Windows\system32\drivers\UMDF
2015-05-14 06:53:54 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2015-05-14 00:04:58 ----D---- C:\ProgramData\Microsoft Help
2015-05-14 00:00:23 ----D---- C:\Program Files\Microsoft Silverlight
2015-05-13 08:56:21 ----D---- C:\Windows\system32\catroot2
2015-05-12 21:33:30 ----RSD---- C:\Windows\Fonts
2015-05-08 03:02:28 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2015-05-05 09:40:30 ----D---- C:\Windows\hu
2015-05-02 10:58:03 ----D---- C:\Users\Vašek\AppData\Roaming\Audacity
2015-05-02 10:19:04 ----RD---- C:\Program Files
2015-05-02 10:19:04 ----D---- C:\Windows
2015-05-02 10:19:01 ----D---- C:\Program Files (x86)
2015-04-30 15:01:16 ----D---- C:\Users\Vašek\AppData\Roaming\.ACEStream
2015-04-25 21:36:14 ----D---- C:\ProgramData\Origin
2015-04-25 18:43:24 ----A---- C:\Windows\SYSWOW64\PnkBstrB.exe
2015-04-20 23:27:33 ----D---- C:\Users\Vašek\AppData\Roaming\DisplayFusion
2015-04-20 20:40:43 ----D---- C:\Windows\system32\Tasks
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2011-11-30 568600]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2011-12-04 16152]
R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 speedfan;speedfan; C:\Windows\SysWOW64\speedfan.sys [2012-12-29 28664]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2012-08-24 560184]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2015-05-05 132120]
R1 avkmgr;avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [2013-10-10 28600]
R1 ElRawDisk;ElRawDisk; \??\C:\Windows\system32\drivers\rsdrvx64.sys [2009-02-12 26024]
R1 mwlPSDFilter;mwlPSDFilter; C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [2012-03-08 22648]
R1 mwlPSDNServ;mwlPSDNServ; C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [2012-03-08 20520]
R1 mwlPSDVDisk;mwlPSDVDisk; C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [2012-03-08 62776]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aksdf;aksdf; \??\C:\Windows\system32\drivers\aksdf.sys [2011-11-22 78208]
R2 aksfridge;aksfridge; \??\C:\Windows\system32\drivers\aksfridge.sys [2012-06-28 139592]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2015-05-05 152744]
R2 avnetflt;avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [2015-03-05 44088]
R2 hardlock;hardlock; \??\C:\Windows\system32\drivers\hardlock.sys [2011-09-28 321536]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2013-01-03 43168]
R3 AVer330;AVer330; C:\Windows\system32\DRIVERS\AVer330.sys [2012-09-17 1431424]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-08-17 283200]
R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C; C:\Windows\system32\DRIVERS\e1c62x64.sys [2011-11-30 358576]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-11-16 2950632]
R3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hub.sys [2011-12-04 355096]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2011-12-04 785688]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2015-04-14 25816]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2011-11-09 60184]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2015-02-05 195728]
R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2015-03-28 19600]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2014-11-22 38032]
S2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2013-01-03 312480]
S3 ArvoFltr;ROCCAT Arvo; C:\Windows\system32\drivers\ArvoFltr.sys [2009-05-07 15872]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2013-08-20 103576]
S3 DxkgFilter;Filtering Dxkg; \??\D:\Programy\iDisplay\idisplay.sys [2012-08-31 55720]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2012-09-09 33344]
S3 KYEKBPRO;IMPERATOR PRO Gaming Keyboard; C:\Windows\system32\drivers\KYEKBPRO.sys [2011-10-14 25600]
S3 ManyCam;ManyCam Virtual Webcam; C:\Windows\system32\DRIVERS\mcvidrv_x64.sys [2012-10-11 44928]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [2015-05-05 136408]
S3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [2015-04-14 63704]
S3 mcaudrv_simple;ManyCam Virtual Microphone; C:\Windows\system32\drivers\mcaudrv_x64.sys [2013-01-31 28160]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver; C:\Windows\system32\DRIVERS\netr28x.sys [2011-04-19 1488448]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys []
S3 nmwcdcx64;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbox64.sys []
S3 nmwcdx64;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmbx64.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2013-03-31 19456]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2013-08-20 204568]
S3 tap0901;TAP-Win32 Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2011-12-15 31232]
S3 taphss6;Anchorfree HSS VPN Adapter; C:\Windows\system32\DRIVERS\taphss6.sys [2013-02-22 42184]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-03-31 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2013-03-31 30208]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys []
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2013-08-29 33280]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltx64j.sys []
S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-19 81088]
R2 AVerRECentral;AVerRECentral; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRECentral.exe [2012-07-31 339456]
R2 Avira.OE.ServiceHost;Avira Service Host; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [2015-03-16 201008]
R2 c2cautoupdatesvc;Skype Click to Call Updater; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-07-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-07-14 1767520]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DisplayFusionService;DisplayFusionService; D:\Programy\DisplayFusion\DisplayFusionService.exe [2013-04-26 1498000]
R2 EgisTec Ticket Service;EgisTec Ticket Service; C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-06-21 173424]
R2 GfExperienceService;NVIDIA GeForce Experience Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2015-03-28 1152144]
R2 hasplms;Sentinel Local License Manager; C:\Windows\system32\hasplms.exe [2012-06-28 4941768]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-30 13592]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-02-03 628448]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-02-07 161560]
R2 Live Updater Service;Live Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2012-02-07 255376]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2012-02-07 277784]
R2 NAUpdate;Nero Update; C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-07-23 690472]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2015-03-28 1878672]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2015-03-28 22995600]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2015-04-08 936264]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2015-02-17 76152]
R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS); C:\Program Files\Cyberlink\Shared files\RichVideo64.exe [2012-09-11 390672]
R2 rUpdater;rUpdater; C:\Program Files\rUpdater\rUpdater_srv.exe [2015-04-25 98304]
R2 SplashtopRemoteService;Splashtop® Remote Service; C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2013-10-24 790880]
R2 SSUService;Splashtop Software Updater Service; C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2013-10-09 609056]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-04-08 410952]
R2 TeamViewer;TeamViewer 10; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2014-11-28 5419792]
R2 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0; C:\Program Files (x86)\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe [2012-10-17 49152]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-02-07 363800]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service; D:\Programy\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
R3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2015-05-15 837824]
S2 AntiVirMailService;Avira Mail Protection; D:\Programy\Avira\AntiVir Desktop\avmailc7.exe [2015-05-05 827640]
S2 AntiVirService;Avira Real-Time Protection; D:\Programy\Avira\AntiVir Desktop\avguard.exe [2015-05-05 434424]
S2 AntiVirSchedulerService;Avira Scheduler; D:\Programy\Avira\AntiVir Desktop\sched.exe [2015-05-05 434424]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]
S2 MBAMService;MBAMService; D:\Programy\Malwarebytes Anti-Malware\mbamservice.exe [2015-04-14 1080120]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-02-18 315488]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15 268464]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]
S3 BEService;BattlEye Service; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2015-04-06 967040]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2012-11-09 655624]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-08-10 150464]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-04-21 114688]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2013-12-19 30814400]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-04-22 119408]
S3 Origin Client Service;Origin Client Service; D:\Programy\Origin\OriginClientService.exe [2015-04-15 1931632]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 Survarium-Steam Update Service;Survarium-Steam Update Service; D:\Programy\Steam\steamapps\common\Survarium\game\binaries\x86\survarium_service.exe [2015-04-19 75384]
S3 SwitchBoard;Adobe SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-08-19 1255736]
S4 AntiVirWebService;Avira Web Protection; D:\Programy\Avira\AntiVir Desktop\avwebg7.exe [2015-05-05 1185584]
S4 MBAMScheduler;MBAMScheduler; D:\Programy\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-04-14 1871160]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
svchost - 100% CPU usage (skrytý rootkit ?)
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: svchost - 100% CPU usage (skrytý rootkit ?)
Krasny den Vam preju 
Odinstalujte V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose).
Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )
Odinstalujte - Skype Click to Call - adware z instalace Skypu http://forum.viry.cz/viewtopic.php?p=1374439#p1374439
V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose). Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )
- ukoncete vsechny programy
- kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
- kliknete na Scan, pote na Cleaning
- po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner [Sx].txt), jehoz obsah mi zkopirujte do pristi odpovedi
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: svchost - 100% CPU usage (skrytý rootkit ?)
# AdwCleaner v4.204 - Log vytvořen 20/05/2015 v 00:37:52
# Aktualizováno 12/05/2015 by Xplode
# Databáze : 2015-05-12.2 [Server]
# Operační system : Windows 7 Home Premium Service Pack 1 (x64)
# Uživatelské jméno : Vašek - WSSM
# Spuštěno z : C:\Users\Vašek\Desktop\adwcleaner_4.204.exe
# Nastavení : Čištění
***** [ Služby ] *****
***** [ Soubory / Složky ] *****
Složka Smazáno : C:\ProgramData\apn
Složka Smazáno : C:\ProgramData\Tbccint
Složka Smazáno : C:\ProgramData\Trymedia
Složka Smazáno : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Složka Smazáno : C:\Users\VAEK~1\AppData\Local\Temp\apn
Složka Smazáno : C:\Users\Vašek\AppData\Local\genienext
Složka Smazáno : C:\Users\Vašek\AppData\Local\Mobogenie
Složka Smazáno : C:\Users\Vašek\AppData\Local\Tbccint
Složka Smazáno : C:\Users\Vašek\AppData\LocalLow\Tbccint
Složka Smazáno : C:\Users\Vašek\AppData\Roaming\AceWebExtension
Složka Smazáno : C:\Users\Vašek\Documents\Mobogenie
Složka Smazáno : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ambjmeohlajelahhhniggkkceagdlcgj
Složka Smazáno : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
Soubor Smazáno : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ambjmeohlajelahhhniggkkceagdlcgj_0.localstorage
Soubor Smazáno : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ambjmeohlajelahhhniggkkceagdlcgj_0.localstorage-journal
Soubor Smazáno : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ambjmeohlajelahhhniggkkceagdlcgj
Soubor Smazáno : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_icmlaeflemplmjndnaapfdbbnpncnbda_0.localstorage
Soubor Smazáno : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_icmlaeflemplmjndnaapfdbbnpncnbda_0.localstorage-journal
Soubor Smazáno : C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\aslat8v3.default\searchplugins\ask-search.xml
Soubor Smazáno : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_wlogin.icq.com_0.localstorage
Soubor Smazáno : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_wlogin.icq.com_0.localstorage-journal
***** [ Naplánované úlohy ] *****
Úloha Smazáno : Scheduled Update for Ask Toolbar
***** [ Zástupci ] *****
***** [ Registry ] *****
Klíč Smazáno : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Klíč Smazáno : HKLM\SOFTWARE\Classes\Toolbar.CT3329621
Klíč Smazáno : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{3A1209A4-8568-40F0-9B5E-4A06A2A06417}
Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Klíč Smazáno : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Klíč Smazáno : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3A1209A4-8568-40F0-9B5E-4A06A2A06417}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Klíč Smazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{01AFE5D2-071A-45B3-932F-611F685CF31E}
Klíč Smazáno : HKCU\Software\Ask.com
Klíč Smazáno : HKCU\Software\Conduit
Klíč Smazáno : HKCU\Software\Myfree Codec
Klíč Smazáno : HKCU\Software\Tbccint
Klíč Smazáno : HKCU\Software\Tbccint_HKLM
Klíč Smazáno : HKCU\Software\VIS
Klíč Smazáno : HKCU\Software\AceStream
Klíč Smazáno : HKCU\Software\AppDataLow\AskToolbarInfo
Klíč Smazáno : HKCU\Software\AppDataLow\Toolbar
Klíč Smazáno : HKCU\Software\AppDataLow\Software\AskToolbar
Klíč Smazáno : HKCU\Software\AppDataLow\Software\Tbccint
Klíč Smazáno : HKLM\SOFTWARE\Conduit
Klíč Smazáno : HKLM\SOFTWARE\Myfree Codec
Klíč Smazáno : HKU\.DEFAULT\Software\AskPartnerNetwork
Klíč Smazáno : HKU\.DEFAULT\Software\IObit Apps
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AceStream
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Klíč Smazáno : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Klíč Smazáno : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Klíč Smazáno : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Klíč Smazáno : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Klíč Smazáno : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Klíč Smazáno : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Klíč Smazáno : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Klíč Smazáno : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Klíč Smazáno : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Klíč Smazáno : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Klíč Smazáno : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Klíč Smazáno : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Klíč Smazáno : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Klíč Smazáno : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Klíč Smazáno : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Klíč Smazáno : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Klíč Smazáno : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Klíč Smazáno : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Klíč Smazáno : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Klíč Smazáno : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
***** [ Prohlížeče ] *****
-\\ Internet Explorer v11.0.9600.17801
-\\ Mozilla Firefox v29.0 (cs)
[br0my0x5.default-1389808505168\prefs.js] - Řádek Smazáno : user_pref("smartbar.machineId", "J/PBSJLRH0TYTY7V3B3BNU3CHFI75RXP+EM8HZMTEKKQ2EWHI9A+VRT65X9C8M/+T+DHG3BV6CYOJMWQ9O1BIA");
-\\ Google Chrome v
[C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Smazáno [Search Provider] : hxxp://start.facemoods.com/?a=make&s={searchTerms}&f=4
[C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Smazáno [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=NDV&o=15765&locale=en_US&apn_uid=68D1A0FA-A18D-496D-88DD-D5021D72B33F&apn_ptnrs=NY&apn_sauid=E41BF564-D774-43F6-BEB8-1AF9AD46E530&apn_dtid=YYYYYYYYCZ&q={searchTerms}
[C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Smazáno [Search Provider] : hxxp://www2.delta-search.com/?q={searchTerms}&affID=119816&babsrc=SP_ss&mntrId=FAFC001BB15DE9F7
[C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Smazáno [Search Provider] : hxxp://asksearch.ask.com/redirect?client=cr&src=kw&tb=MYC3&o=APN10457&itbv=11.10.0.779&doi=2013-03-30&locale=en_EU&apn_uid=21A86AD1-1BB7-4F52-99EE-1DD7E6EC533C&apn_ptnrs=^AKH&apn_dtid=^YYYYYY^YY^CZ&apn_dbr=ff_19.0&&q={searchTerms}
[C:\Users\Vašek\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Smazáno [Search Provider] : hxxp://asksearch.ask.com/redirect?client=cr&src=kw&tb=MYC3&o=APN10457&itbv=11.10.0.779&doi=2013-03-30&locale=en_EU&apn_uid=21A86AD1-1BB7-4F52-99EE-1DD7E6EC533C&apn_ptnrs=^AKH&apn_dtid=^YYYYYY^YY^CZ&apn_dbr=ff_19.0&&q={searchTerms}
[C:\Users\Vašek\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Smazáno [Search Provider] : hxxp://asksearch.ask.com/redirect?client=cr&src=kw&tb=MYC3&o=APN10457&itbv=11.10.0.779&doi=2013-03-30&locale=en_EU&apn_uid=21A86AD1-1BB7-4F52-99EE-1DD7E6EC533C&apn_ptnrs=^AKH&apn_dtid=^YYYYYY^YY^CZ&apn_dbr=ff_19.0&&q={searchTerms}
[C:\Users\Vašek\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Smazáno [Default_Search_Provider_Data] : hxxp://asksearch.ask.com/redirect?client=cr&src=kw&tb=MYC3&o=APN10457&itbv=11.10.0.779&doi=2013-03-30&locale=en_EU&apn_uid=21A86AD1-1BB7-4F52-99EE-1DD7E6EC533C&apn_ptnrs=^AKH&apn_dtid=^YYYYYY^YY^CZ&apn_dbr=ff_19.0&&q={searchTerms}
-\\ Chromium v
*************************
AdwCleaner[R0].txt - [55429 bytů] - [20/05/2015 00:34:31]
AdwCleaner[S0].txt - [23869 bytů] - [20/05/2015 00:37:52]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [23928 bytů] ##########
# Aktualizováno 12/05/2015 by Xplode
# Databáze : 2015-05-12.2 [Server]
# Operační system : Windows 7 Home Premium Service Pack 1 (x64)
# Uživatelské jméno : Vašek - WSSM
# Spuštěno z : C:\Users\Vašek\Desktop\adwcleaner_4.204.exe
# Nastavení : Čištění
***** [ Služby ] *****
***** [ Soubory / Složky ] *****
Složka Smazáno : C:\ProgramData\apn
Složka Smazáno : C:\ProgramData\Tbccint
Složka Smazáno : C:\ProgramData\Trymedia
Složka Smazáno : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Složka Smazáno : C:\Users\VAEK~1\AppData\Local\Temp\apn
Složka Smazáno : C:\Users\Vašek\AppData\Local\genienext
Složka Smazáno : C:\Users\Vašek\AppData\Local\Mobogenie
Složka Smazáno : C:\Users\Vašek\AppData\Local\Tbccint
Složka Smazáno : C:\Users\Vašek\AppData\LocalLow\Tbccint
Složka Smazáno : C:\Users\Vašek\AppData\Roaming\AceWebExtension
Složka Smazáno : C:\Users\Vašek\Documents\Mobogenie
Složka Smazáno : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ambjmeohlajelahhhniggkkceagdlcgj
Složka Smazáno : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
[/!\] Ne Smazáno ( Junction ) : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
Soubor Smazáno : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ambjmeohlajelahhhniggkkceagdlcgj_0.localstorage
Soubor Smazáno : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ambjmeohlajelahhhniggkkceagdlcgj_0.localstorage-journal
Soubor Smazáno : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ambjmeohlajelahhhniggkkceagdlcgj
Soubor Smazáno : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_icmlaeflemplmjndnaapfdbbnpncnbda_0.localstorage
Soubor Smazáno : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_icmlaeflemplmjndnaapfdbbnpncnbda_0.localstorage-journal
Soubor Smazáno : C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\aslat8v3.default\searchplugins\ask-search.xml
Soubor Smazáno : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_wlogin.icq.com_0.localstorage
Soubor Smazáno : C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_wlogin.icq.com_0.localstorage-journal
***** [ Naplánované úlohy ] *****
Úloha Smazáno : Scheduled Update for Ask Toolbar
***** [ Zástupci ] *****
***** [ Registry ] *****
Klíč Smazáno : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Klíč Smazáno : HKLM\SOFTWARE\Classes\Toolbar.CT3329621
Klíč Smazáno : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{3A1209A4-8568-40F0-9B5E-4A06A2A06417}
Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Klíč Smazáno : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Klíč Smazáno : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3A1209A4-8568-40F0-9B5E-4A06A2A06417}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Klíč Smazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{01AFE5D2-071A-45B3-932F-611F685CF31E}
Klíč Smazáno : HKCU\Software\Ask.com
Klíč Smazáno : HKCU\Software\Conduit
Klíč Smazáno : HKCU\Software\Myfree Codec
Klíč Smazáno : HKCU\Software\Tbccint
Klíč Smazáno : HKCU\Software\Tbccint_HKLM
Klíč Smazáno : HKCU\Software\VIS
Klíč Smazáno : HKCU\Software\AceStream
Klíč Smazáno : HKCU\Software\AppDataLow\AskToolbarInfo
Klíč Smazáno : HKCU\Software\AppDataLow\Toolbar
Klíč Smazáno : HKCU\Software\AppDataLow\Software\AskToolbar
Klíč Smazáno : HKCU\Software\AppDataLow\Software\Tbccint
Klíč Smazáno : HKLM\SOFTWARE\Conduit
Klíč Smazáno : HKLM\SOFTWARE\Myfree Codec
Klíč Smazáno : HKU\.DEFAULT\Software\AskPartnerNetwork
Klíč Smazáno : HKU\.DEFAULT\Software\IObit Apps
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AceStream
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Klíč Smazáno : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Klíč Smazáno : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Klíč Smazáno : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Klíč Smazáno : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Klíč Smazáno : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Klíč Smazáno : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Klíč Smazáno : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Klíč Smazáno : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Klíč Smazáno : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Klíč Smazáno : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Klíč Smazáno : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Klíč Smazáno : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Klíč Smazáno : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Klíč Smazáno : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Klíč Smazáno : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Klíč Smazáno : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Klíč Smazáno : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Klíč Smazáno : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Klíč Smazáno : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Klíč Smazáno : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
***** [ Prohlížeče ] *****
-\\ Internet Explorer v11.0.9600.17801
-\\ Mozilla Firefox v29.0 (cs)
[br0my0x5.default-1389808505168\prefs.js] - Řádek Smazáno : user_pref("smartbar.machineId", "J/PBSJLRH0TYTY7V3B3BNU3CHFI75RXP+EM8HZMTEKKQ2EWHI9A+VRT65X9C8M/+T+DHG3BV6CYOJMWQ9O1BIA");
-\\ Google Chrome v
[C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Smazáno [Search Provider] : hxxp://start.facemoods.com/?a=make&s={searchTerms}&f=4
[C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Smazáno [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=NDV&o=15765&locale=en_US&apn_uid=68D1A0FA-A18D-496D-88DD-D5021D72B33F&apn_ptnrs=NY&apn_sauid=E41BF564-D774-43F6-BEB8-1AF9AD46E530&apn_dtid=YYYYYYYYCZ&q={searchTerms}
[C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Smazáno [Search Provider] : hxxp://www2.delta-search.com/?q={searchTerms}&affID=119816&babsrc=SP_ss&mntrId=FAFC001BB15DE9F7
[C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Smazáno [Search Provider] : hxxp://asksearch.ask.com/redirect?client=cr&src=kw&tb=MYC3&o=APN10457&itbv=11.10.0.779&doi=2013-03-30&locale=en_EU&apn_uid=21A86AD1-1BB7-4F52-99EE-1DD7E6EC533C&apn_ptnrs=^AKH&apn_dtid=^YYYYYY^YY^CZ&apn_dbr=ff_19.0&&q={searchTerms}
[C:\Users\Vašek\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Smazáno [Search Provider] : hxxp://asksearch.ask.com/redirect?client=cr&src=kw&tb=MYC3&o=APN10457&itbv=11.10.0.779&doi=2013-03-30&locale=en_EU&apn_uid=21A86AD1-1BB7-4F52-99EE-1DD7E6EC533C&apn_ptnrs=^AKH&apn_dtid=^YYYYYY^YY^CZ&apn_dbr=ff_19.0&&q={searchTerms}
[C:\Users\Vašek\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Smazáno [Search Provider] : hxxp://asksearch.ask.com/redirect?client=cr&src=kw&tb=MYC3&o=APN10457&itbv=11.10.0.779&doi=2013-03-30&locale=en_EU&apn_uid=21A86AD1-1BB7-4F52-99EE-1DD7E6EC533C&apn_ptnrs=^AKH&apn_dtid=^YYYYYY^YY^CZ&apn_dbr=ff_19.0&&q={searchTerms}
[C:\Users\Vašek\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Smazáno [Default_Search_Provider_Data] : hxxp://asksearch.ask.com/redirect?client=cr&src=kw&tb=MYC3&o=APN10457&itbv=11.10.0.779&doi=2013-03-30&locale=en_EU&apn_uid=21A86AD1-1BB7-4F52-99EE-1DD7E6EC533C&apn_ptnrs=^AKH&apn_dtid=^YYYYYY^YY^CZ&apn_dbr=ff_19.0&&q={searchTerms}
-\\ Chromium v
*************************
AdwCleaner[R0].txt - [55429 bytů] - [20/05/2015 00:34:31]
AdwCleaner[S0].txt - [23869 bytů] - [20/05/2015 00:37:52]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [23928 bytů] ##########
Re: svchost - 100% CPU usage (skrytý rootkit ?)
Dejte log FRST.txt, prilozte i Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: svchost - 100% CPU usage (skrytý rootkit ?)
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-05-2015
Ran by Vašek (administrator) on WSSM on 20-05-2015 07:20:26
Running from C:\Users\Vašek\Desktop
Loaded Profiles: Vašek (Available profiles: Vašek & gta)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Egis Technology Inc. ) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVerMedia) C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRECentral.exe
(Binary Fortress Software) D:\Programy\DisplayFusion\DisplayFusionService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files\Cyberlink\Shared files\RichVideo64.exe
() C:\Program Files\rUpdater\rUpdater_srv.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(UltiDev LLC) C:\Program Files (x86)\UltiDev\Cassini Web Server for ASP.NET 2.0\ULTIDEVCASSINWEBSERVER2A.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
(SHAPE) D:\Programy\iDisplay\iDisplay.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Some Company) C:\Program Files\rUpdater\rUpdater_agent.exe
() C:\Program Files\Win Drive\poclbm.exe
() D:\Programy\Rainmeter.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Avira Operations GmbH & Co. KG) D:\Programy\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Thermaltake) D:\Programy\ThermalTake Mouse Level 10M\L10mMonitor.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
() D:\Programy\iDisplay\adb.exe
(CyberLink) C:\Program Files (x86)\Cyberlink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
(Mozilla Corporation) D:\Programy\Mozilla Firefox\firefox.exe
(forum.viry.cz) C:\Users\Vašek\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13353064 2011-11-14] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-28] (NVIDIA Corporation)
HKLM\...\Run: [rUpdater2] => C:\Program Files\rUpdater\rUpdater_agent.exe [2410496 2015-04-25] (Some Company)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-06-22] (Egis Technology Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291096 2011-12-04] (Intel Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => D:\Programy\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Tt eSPORTS Level 10 M Gaming Mouse] => D:\Programy\ThermalTake Mouse Level 10M\L10mMonitor.exe [121224 2012-09-28] (Thermaltake)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-266349663-400684417-2290147511-1003\...\Run: [WindowsDriverScan] => C:\Program Files\Win Drive\Drive.lnk [1427 2013-12-04] ()
HKU\S-1-5-21-266349663-400684417-2290147511-1003\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-266349663-400684417-2290147511-1003\...\Run: [AceWebException] => C:\Users\Vašek\AppData\Roaming\AceWebExtension\updater\ace_web_extension.exe
HKU\S-1-5-21-266349663-400684417-2290147511-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\SNAPMA~1.SCR [1016337 2013-11-07] (Jan Kolarik & Ondrej Vaverka)
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
AppInit_DLLs: => File Not Found
Startup: C:\Users\Vašek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2015-04-24]
ShortcutTarget: Rainmeter.lnk -> D:\Programy\Rainmeter.exe ()
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vašek\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vašek\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vašek\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vašek\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vašek\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vašek\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vašek\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-266349663-400684417-2290147511-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-266349663-400684417-2290147511-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\S-1-5-21-266349663-400684417-2290147511-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.phpnuke.org/?lang=en&cid=457c4dfc
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-266349663-400684417-2290147511-1003 -> {41F6F0C2-69FA-4497-A62C-5C36A846E8CE} URL = http://search.phpnuke.org/?lang=en&cid= ... earchTerms}
SearchScopes: HKU\S-1-5-21-266349663-400684417-2290147511-1003 -> {47FA3079-0A1B-42DC-A488-8787B6E563D8} URL =
BHO: No Name -> {4D594333-0076-A76A-76A7-7A786E7484D7} -> No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll [2014-06-30] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll [2014-06-30] (Oracle Corporation)
BHO-x32: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> D:\Programy\BitComet\tools\BitCometBHO_1.5.4.11.dll [2011-04-11] (BitComet)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre8\bin\ssv.dll [2014-06-30] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre8\bin\jp2ssv.dll [2014-06-30] (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Programy\SkypeRecorder\Skype4COM.dll [2011-09-07] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Vašek\AppData\Roaming\Mozilla\Firefox\Profiles\br0my0x5.default-1389808505168
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll [2014-06-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll [2014-06-30] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2014-05-28] (Adobe Systems, Inc.)
FF Plugin-x32: @esn/esnlaunch,version=1.138.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.3 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files (x86)\Java\jre8\bin\dtplugin\npDeployJava1.dll [2014-06-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files (x86)\Java\jre8\bin\plugin2\npjp2.dll [2014-06-30] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-04-08] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-04-08] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> D:\Programy\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-29] (Adobe Systems)
FF Plugin HKU\S-1-5-21-266349663-400684417-2290147511-1003: @acestream.net/acestreamplugin,version=3.0.4 -> C:\Users\Vašek\AppData\Roaming\ACEStream\player\npace_plugin.dll [2014-12-07] (Innovative Digital Technologies)
FF Plugin HKU\S-1-5-21-266349663-400684417-2290147511-1003: ubisoft.com/uplaypc -> D:\Hry\Trials Evolution\datapack\orbit\npuplaypc.dll No File
FF Extension: Enhanced Steam - C:\Users\Vašek\AppData\Roaming\Mozilla\Firefox\Profiles\br0my0x5.default-1389808505168\Extensions\jid1-YdiFiTEkQgInxA@jetpack.xpi [2015-02-20]
FF Extension: Multi Links - C:\Users\Vašek\AppData\Roaming\Mozilla\Firefox\Profiles\br0my0x5.default-1389808505168\Extensions\multilinks@plugin.xpi [2014-12-11]
FF Extension: Adblock Plus - C:\Users\Vašek\AppData\Roaming\Mozilla\Firefox\Profiles\br0my0x5.default-1389808505168\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-05]
StartMenuInternet: FIREFOX.EXE - D:\Programy\Mozilla Firefox\firefox.exe
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://search.phpnuke.org/?lang=en&cid=457c4dfc"
CHR Plugin: (Shockwave Flash) - C:\Users\Marek\AppData\Local\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Marek\AppData\Local\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Marek\AppData\Local\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll No File
CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U13) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Torrent Stream P2P Multimedia Plug-in 2) - C:\Users\Vašek\AppData\Roaming\TorrentStream\player\npts_plugin.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Uplay PC) - D:\Hry\The Settlers 7 - Paths to a Kingdom\Data\Base\_Dbg\Bin\Release\orbit\npuplaypc.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Profile: C:\Users\Vašek\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Vašek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-01-21]
CHR Extension: (Google Drive) - C:\Users\Vašek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-21]
CHR Extension: (YouTube) - C:\Users\Vašek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-21]
CHR Extension: (Google Search) - C:\Users\Vašek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-21]
CHR Extension: (Avira Browser Safety) - C:\Users\Vašek\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-11-03]
CHR Extension: (Skype Click to Call) - C:\Users\Vašek\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-03-16]
CHR Extension: (Google Wallet) - C:\Users\Vašek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR Extension: (Gmail) - C:\Users\Vašek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-21]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
StartMenuInternet: Google Chrome.FUHAIAKXE4EH4OUDF442WAYFHM - C:\Users\Marek\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; D:\Programy\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirSchedulerService; D:\Programy\Avira\AntiVir Desktop\sched.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; D:\Programy\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; D:\Programy\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AVerRECentral; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRECentral.exe [339456 2012-07-31] (AVerMedia) [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [967040 2015-04-06] ()
S3 BITCOMET_HELPER_SERVICE; D:\Programy\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
R2 DisplayFusionService; D:\Programy\DisplayFusion\DisplayFusionService.exe [1498000 2013-04-26] (Binary Fortress Software)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-28] (NVIDIA Corporation)
R2 hasplms; C:\Windows\system32\hasplms.exe [4941768 2012-06-28] (SafeNet Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
S4 MBAMScheduler; D:\Programy\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; D:\Programy\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-28] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-28] (NVIDIA Corporation)
S3 Origin Client Service; D:\Programy\Origin\OriginClientService.exe [1931632 2015-04-15] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-02-17] ()
R2 RichVideo64; C:\Program Files\Cyberlink\Shared files\RichVideo64.exe [390672 2012-09-11] ()
R2 rUpdater; C:\Program Files\rUpdater\rUpdater_srv.exe [98304 2015-04-25] () [File not signed]
S3 Survarium-Steam Update Service; D:\Programy\Steam\steamapps\common\Survarium\game\binaries\x86\survarium_service.exe [75384 2015-04-19] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5419792 2014-11-28] (TeamViewer GmbH)
R2 UltiDev Cassini Web Server for ASP.NET 2.0; C:\Program Files (x86)\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe [49152 2012-10-17] (UltiDev LLC) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 ArvoFltr; C:\Windows\System32\drivers\ArvoFltr.sys [15872 2009-05-07] (ROCCAT Development, Inc.) [File not signed]
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [312480 2013-01-03] ()
R3 AVer330; C:\Windows\System32\DRIVERS\AVer330.sys [1431424 2012-09-17] (AVerMedia TECHNOLOGIES, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-05] (Avira Operations GmbH & Co. KG)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-08-17] (DT Soft Ltd)
S3 DxkgFilter; D:\Programy\iDisplay\idisplay.sys [55720 2012-08-31] ()
R1 ElRawDisk; C:\Windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [321536 2011-09-28] (SafeNet Inc.)
S3 KYEKBPRO; C:\Windows\System32\drivers\KYEKBPRO.sys [25600 2011-10-14] ( )
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43168 2013-01-03] ()
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-11] (ManyCam LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-05] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-28] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-08-24] (Duplex Secure Ltd.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-02-22] (Anchorfree Inc.)
U3 av56y0j5; C:\Windows\System32\Drivers\av56y0j5.sys [0 ] (Intel Corporation) <==== ATTENTION (zero size file/folder)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 nmwcd; system32\drivers\ccdcmbx64.sys [X]
S3 nmwcdcx64; system32\drivers\ccdcmbox64.sys [X]
S3 nmwcdx64; system32\drivers\ccdcmbx64.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 upperdev; system32\DRIVERS\usbser_lowerfltx64.sys [X]
S3 UsbserFilt; system32\DRIVERS\usbser_lowerfltx64j.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-20 07:20 - 2015-05-20 07:20 - 00029253 _____ () C:\Users\Vašek\Desktop\FRST.txt
2015-05-20 07:19 - 2015-05-20 07:20 - 00000000 ____D () C:\FRST
2015-05-20 07:19 - 2015-05-20 07:19 - 00112640 _____ (forum.viry.cz) C:\Users\Vašek\Desktop\FRSTLauncher.exe
2015-05-20 07:18 - 2015-05-20 07:18 - 02107904 _____ (Farbar) C:\Users\Vašek\Desktop\FRST64.exe
2015-05-20 00:34 - 2015-05-20 00:40 - 00000000 ____D () C:\AdwCleaner
2015-05-19 23:48 - 2015-05-19 23:48 - 02209792 _____ () C:\Users\Vašek\Desktop\adwcleaner_4.204.exe
2015-05-19 23:36 - 2015-05-19 23:37 - 00000000 ____D () C:\rsit
2015-05-19 23:36 - 2015-05-19 23:36 - 01222144 _____ () C:\Users\Vašek\Downloads\RSITx64.exe
2015-05-18 23:59 - 2015-05-19 00:03 - 690837504 _____ () C:\Users\Vašek\Downloads\sila.lidskosti.nicholas.winton.2002.tvrip.xvid.cz-cze.avi
2015-05-18 23:56 - 2015-05-19 00:06 - 1464384468 _____ () C:\Users\Vašek\Downloads\Domov---Home-2009-novinky-document-dabing-cz.avi
2015-05-18 23:40 - 2015-05-18 23:45 - 1092951360 _____ () C:\Users\Vašek\Downloads\Stastni to lide, Rok v tajze (Happy People, A Year in the Taiga) 2010.avi
2015-05-17 18:40 - 2015-05-17 18:40 - 00000000 ____D () C:\Users\Vašek\AppData\Local\Arktos Entertainment
2015-05-17 18:07 - 2015-05-17 20:07 - 35345575 _____ () C:\Users\Vašek\Desktop\debug.log
2015-05-17 16:12 - 2015-05-17 16:12 - 00000211 _____ () C:\Users\Vašek\Desktop\Infestation Survivor Stories.url
2015-05-17 15:51 - 2015-05-17 15:51 - 00000739 _____ () C:\Users\Vašek\Desktop\Wolfenstein The Old Blood.lnk
2015-05-17 15:20 - 2015-05-17 15:20 - 00000000 ____D () C:\Users\Vašek\Desktop\Basement.v0.1.7
2015-05-15 15:39 - 2015-05-15 15:40 - 00000000 ____D () C:\Users\Vašek\Desktop\Nová složka (4)
2015-05-14 12:51 - 2015-05-14 12:52 - 17928270 _____ () C:\Users\Vašek\Downloads\bazen.zip
2015-05-14 00:01 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 00:01 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 08:57 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 08:57 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 08:57 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-13 08:57 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 08:57 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 08:57 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 08:57 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 08:57 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 08:57 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 08:57 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 08:57 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 08:57 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 08:57 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 08:57 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 08:57 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 08:57 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 08:57 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 08:57 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 08:57 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 08:57 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 08:57 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 08:57 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 08:57 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 08:57 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 08:57 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 08:57 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 08:57 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 08:57 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 08:57 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 08:57 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 08:57 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 08:57 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 08:57 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 08:57 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 08:57 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 08:57 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 08:57 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 08:57 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 08:57 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 08:57 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 08:57 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 08:57 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 08:57 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 08:57 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 08:57 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 08:57 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 08:57 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 08:57 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 08:57 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 08:57 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 08:57 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 08:57 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 08:57 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 08:57 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 08:57 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 08:57 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 08:57 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 08:57 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 08:57 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 08:57 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 08:57 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 08:57 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 08:57 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 08:57 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 08:57 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 08:57 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 08:57 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 08:57 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 08:56 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 08:56 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 08:56 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-13 08:56 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 08:56 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-13 08:56 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-13 08:56 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-13 08:56 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 08:56 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-13 08:56 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-13 08:56 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-13 08:56 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 08:56 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 08:56 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-13 08:56 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-13 08:56 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 08:56 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 08:56 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-13 08:56 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 08:56 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-13 08:56 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-13 08:56 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 08:56 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 08:56 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 08:56 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-13 08:56 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-13 08:56 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-13 08:56 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-13 08:56 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-13 08:56 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-13 08:56 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-13 08:56 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-13 08:56 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-13 08:56 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 08:56 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-13 08:56 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 08:56 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 08:56 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 08:56 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 08:56 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-13 08:56 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-13 08:56 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-13 08:56 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-13 08:56 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-13 08:56 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 08:56 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 08:56 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 08:56 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-13 08:56 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 08:56 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-13 08:56 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 08:56 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-13 08:56 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-13 08:56 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 08:56 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-13 08:56 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-13 08:56 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-13 08:56 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-13 08:56 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-13 08:56 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 08:56 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-13 08:56 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-13 08:56 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 08:56 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 08:56 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-13 08:56 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-13 08:56 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 08:56 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 08:56 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 08:56 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-13 08:56 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-13 08:56 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-13 08:56 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-13 08:56 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 08:56 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 08:56 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 08:56 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 08:56 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 08:56 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 08:56 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 08:56 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-13 08:56 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-13 08:56 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 08:56 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-13 08:56 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-13 08:56 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-13 08:56 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-13 08:56 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 08:56 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-13 08:56 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 08:56 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-12 21:32 - 2015-05-12 21:33 - 01398884 _____ () C:\Users\Vašek\Downloads\kc-fonts_serial-publication.zip
2015-05-12 15:22 - 2015-05-15 14:17 - 00000000 ____D () C:\Users\Vašek\Desktop\Nová složka (3)
2015-05-12 00:14 - 2015-05-12 00:18 - 891740160 _____ () C:\Users\Vašek\Downloads\planeta-zeme-po-vymreni-lidstva.avi
2015-05-11 23:28 - 2015-05-11 23:28 - 00010824 _____ () C:\Users\Vašek\Desktop\NC 2015.xlsx
2015-05-11 21:13 - 2015-05-11 21:13 - 00268800 _____ () C:\Users\Vašek\Downloads\VY_32_INOVACE_14_MM.ppt
2015-05-11 10:11 - 2015-05-11 10:14 - 00000000 ____D () C:\Users\Vašek\Documents\Project CARS
2015-05-11 10:11 - 2015-05-11 10:11 - 00000000 ____D () C:\Users\Vašek\Documents\wmd_symbol_cache
2015-05-11 09:40 - 2015-05-11 09:40 - 00028656 _____ () C:\Users\Vašek\Downloads\[kickass.to]car.mechanic.simulator.2015.codex (1).torrent
2015-05-11 09:35 - 2015-05-11 09:35 - 00028656 _____ () C:\Users\Vašek\Downloads\[kickass.to]car.mechanic.simulator.2015.codex.torrent
2015-05-11 09:04 - 2015-05-16 11:48 - 00000000 ____D () C:\Users\Vašek\AppData\Roaming\Exanima
2015-05-11 08:14 - 2015-05-11 08:14 - 00464106 _____ () C:\Users\Vašek\Downloads\flvmdigui105.zip
2015-05-11 08:14 - 2015-05-11 08:14 - 00233257 _____ () C:\Users\Vašek\Downloads\flvmdi296exe.zip
2015-05-11 08:12 - 2015-05-11 08:58 - 00000000 ____D () C:\Users\Vašek\AppData\Roaming\vlc
2015-05-11 08:12 - 2015-05-11 08:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-05-11 08:11 - 2015-05-11 08:12 - 28849904 _____ () C:\Users\Vašek\Downloads\vlc-2.2.1-win32.exe
2015-05-11 08:07 - 2015-05-11 08:08 - 00000000 ____D () C:\Users\Vašek\AppData\Roaming\FLV Extract
2015-05-11 08:06 - 2015-05-11 08:06 - 00996125 _____ () C:\Users\Vašek\Downloads\MP4Box-0.4.5.zip
2015-05-11 08:06 - 2015-05-11 08:06 - 00081428 _____ () C:\Users\Vašek\Downloads\FLV_Extract.zip
2015-05-11 07:34 - 2015-05-11 07:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EASEUS Deleted File Recovery 3.0.1
2015-05-11 07:31 - 2015-05-11 07:31 - 03865258 _____ () C:\Users\Vašek\Downloads\EDR.zip
2015-05-09 20:54 - 2015-05-09 20:58 - 2529825142 _____ () C:\Users\Vašek\Downloads\Shaun.the.Sheep.The.Movie.2015.720p.WEB-DL.XviD.AC3-RARBG.avi
2015-05-09 10:25 - 2015-05-09 10:25 - 00014897 _____ () C:\Users\Vašek\Downloads\[kickass.to]exanima.v0.5.0.torrent
2015-05-07 23:41 - 2015-05-07 23:41 - 00079824 _____ () C:\Users\Vašek\Downloads\[kickass.to]project.cars.reloaded.torrent
2015-05-07 23:40 - 2015-05-07 23:40 - 00089533 _____ () C:\Users\Vašek\Downloads\[kickass.to]wolfenstein.the.old.blood.codex.torrent
2015-05-07 09:45 - 2015-05-07 10:06 - 384302154 _____ () C:\Users\Vašek\Downloads\Ulice-2817---5.5.-2015.avi
2015-05-06 15:36 - 2015-05-18 21:58 - 00000065 _____ () C:\Users\Vašek\Desktop\todo.txt
2015-05-04 19:35 - 2015-05-04 19:35 - 00054747 _____ () C:\Users\Vašek\Downloads\DPD_objednavkovy_formular.xlsx
2015-05-03 22:29 - 2015-05-03 22:35 - 2691641350 _____ () C:\Users\Vašek\Downloads\KOD.ENIGMY.The.Imitation.Game.2014.1080p.BRRip.x264.AC3.CZTIT.mkv
2015-05-03 22:28 - 2015-05-03 22:33 - 1840162816 _____ () C:\Users\Vašek\Downloads\Pout (The Way) 2010 CZ dabing.avi
2015-05-03 22:21 - 2015-05-03 22:25 - 1567920128 _____ () C:\Users\Vašek\Downloads\Nic-nas-nerozdeli-CZ-RADIOSUBA.avi
2015-05-03 22:21 - 2015-05-03 22:23 - 1007814656 _____ () C:\Users\Vašek\Downloads\INTERSTATE-60-DALNICE-60---CZ-dvdrip.avi
2015-05-02 12:10 - 2015-05-02 12:10 - 00000730 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-02 10:30 - 2015-05-02 10:30 - 00303104 _____ () C:\Users\Vašek\Downloads\lame_enc.dll
2015-05-02 10:19 - 2015-05-02 10:19 - 00000000 ____D () C:\Windows\rUpdater
2015-05-02 10:19 - 2015-05-02 10:19 - 00000000 ____D () C:\Program Files\rUpdater
2015-05-02 10:18 - 2015-05-02 10:18 - 02946656 _____ ( ) C:\Users\Vašek\Downloads\amrtomp3_setup.exe
2015-05-02 10:10 - 2015-05-02 10:10 - 09957947 _____ ( ) C:\Users\Vašek\Downloads\ffmpeg-win-2.2.2.exe
2015-05-01 11:59 - 2015-05-01 11:59 - 00000625 _____ () C:\Users\Public\Desktop\Solarix.lnk
2015-04-27 20:51 - 2015-04-27 20:57 - 800222108 _____ () C:\Users\Vašek\Downloads\Cernobyl---nulta-hodina-2004-CZ-Dokumentarni-Historicky.avi
2015-04-27 20:45 - 2015-04-27 20:46 - 287640606 _____ () C:\Users\Vašek\Downloads\Boj o Černobyl . Dokument Discovery Channel (1).mp4
2015-04-27 11:38 - 2015-04-27 11:39 - 74295331 _____ () C:\Users\Vašek\Downloads\Didier Drogba returns King ● Best Goals in Chelsea F.C. HD.mp4
2015-04-25 20:52 - 2015-04-25 20:52 - 00131116 _____ () C:\Users\Vašek\Downloads\[kickass.to]s.t.a.l.k.e.r.shadow.of.chernobyl.version.2.0.0.5.gog.torrent
2015-04-25 19:42 - 2015-04-25 19:52 - 1625763840 _____ () C:\Users\Vašek\Downloads\Soumrak-mrtvych.avi
2015-04-25 19:37 - 2015-04-25 19:49 - 1782052912 _____ () C:\Users\Vašek\Downloads\Millerovi-na-tripu.avi
2015-04-25 11:47 - 2015-04-25 11:48 - 41284966 _____ () C:\Users\Vašek\Downloads\Zombies__Run__v3.1.5.apk
2015-04-24 14:11 - 2015-04-24 14:11 - 02333416 _____ () C:\Users\Vašek\Downloads\Rainmeter-3.3-r2402-beta.exe
2015-04-24 14:11 - 2015-04-24 14:11 - 00000603 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainmeter.lnk
2015-04-23 21:23 - 2015-04-23 21:27 - 918575104 _____ () C:\Users\Vašek\Downloads\Koupili_jsme_ZOO_novinky_2011_komedie_drama_rodinny_CZ_dabing.avi
2015-04-23 10:08 - 2015-04-23 10:20 - 00000000 ____D () C:\Users\Vašek\Desktop\Práce
2015-04-21 23:44 - 2015-04-21 23:44 - 03823840 _____ () C:\Users\Vašek\Downloads\ReShade%20+%20SweetFX%20Graphics%20Mod%201.0.zip
2015-04-20 20:40 - 2015-04-20 20:40 - 00003090 _____ () C:\Windows\System32\Tasks\Origin
2015-04-20 15:29 - 2015-04-20 15:29 - 02688968 _____ () C:\Users\Vašek\Downloads\Loga.zip
2015-04-20 09:25 - 2015-04-20 09:26 - 79272455 _____ () C:\Users\Vašek\Downloads\kupony.zip
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-20 07:17 - 2012-08-17 18:51 - 00000962 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-266349663-400684417-2290147511-1000UA.job
2015-05-20 07:17 - 2012-03-08 09:00 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-20 03:02 - 2012-07-26 22:36 - 01328695 _____ () C:\Windows\WindowsUpdate.log
2015-05-20 03:01 - 2015-04-06 17:09 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-20 03:01 - 2015-04-06 17:09 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-20 03:01 - 2012-08-24 19:52 - 00000000 ____D () C:\Users\Vašek\AppData\Local\Adobe
2015-05-20 03:01 - 2009-07-14 06:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-20 03:01 - 2009-07-14 06:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-20 00:49 - 2012-07-26 22:27 - 00678098 _____ () C:\Windows\system32\perfh005.dat
2015-05-20 00:49 - 2012-07-26 22:27 - 00146996 _____ () C:\Windows\system32\perfc005.dat
2015-05-20 00:49 - 2009-07-14 07:13 - 01613968 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-20 00:42 - 2015-03-21 04:45 - 00015674 _____ () C:\Windows\setupact.log
2015-05-20 00:42 - 2012-07-26 22:56 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-20 00:42 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-20 00:09 - 2012-10-18 20:28 - 00000000 ____D () C:\Users\Vašek\AppData\Roaming\Skype
2015-05-19 23:56 - 2013-02-27 16:46 - 00000000 ____D () C:\Users\Vašek\AppData\Roaming\TS3Client
2015-05-19 23:51 - 2012-03-08 08:26 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-05-19 23:36 - 2013-05-14 11:21 - 00000000 ____D () C:\Program Files\trend micro
2015-05-19 22:04 - 2014-02-15 02:00 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{11996B44-D394-43CD-ABB9-DBF05E591E20}
2015-05-17 19:28 - 2013-07-28 21:22 - 00000000 ____D () C:\Users\Vašek\AppData\Local\Arma 3
2015-05-17 18:38 - 2012-08-17 18:51 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-266349663-400684417-2290147511-1000Core.job
2015-05-17 18:09 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-05-17 16:15 - 2015-01-06 18:24 - 00000000 ____D () C:\Users\Vašek\Documents\Survarium
2015-05-17 09:30 - 2012-03-08 08:26 - 00000000 ____D () C:\ProgramData\Skype
2015-05-14 14:18 - 2012-10-29 17:57 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-14 08:06 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-05-14 07:04 - 2009-07-14 06:45 - 05216840 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-14 06:55 - 2010-11-21 09:17 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-14 06:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-14 06:53 - 2013-03-14 14:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-14 00:04 - 2012-09-20 18:04 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-14 00:01 - 2013-03-14 14:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-14 00:00 - 2013-03-14 14:46 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-12 23:13 - 2012-08-20 10:30 - 00150336 _____ () C:\Users\Vašek\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-12 21:13 - 2013-07-25 00:54 - 00000132 _____ () C:\Users\Vašek\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-05-10 15:00 - 2013-01-31 23:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2015-05-08 14:34 - 2015-03-19 15:52 - 00000000 ____D () C:\Users\Vašek\Desktop\SUBWAY
2015-05-08 14:34 - 2015-03-15 16:22 - 00000000 ____D () C:\Users\Vašek\Desktop\web design
2015-05-08 14:27 - 2014-05-30 19:50 - 00000000 ____D () C:\Users\Vašek\Desktop\A4
2015-05-08 03:02 - 2012-08-19 00:22 - 01588682 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-05-06 06:51 - 2015-03-23 23:04 - 00258960 _____ () C:\Windows\PFRO.log
2015-05-05 15:09 - 2014-11-22 19:59 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-05 11:48 - 2013-10-21 00:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-05 11:46 - 2013-10-21 00:20 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-05-05 11:46 - 2013-10-21 00:20 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-05-05 09:40 - 2012-03-08 08:47 - 00000000 ____D () C:\Windows\hu
2015-05-02 12:10 - 2014-11-22 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-02 10:58 - 2012-09-06 16:02 - 00000000 ____D () C:\Users\Vašek\AppData\Roaming\Audacity
2015-05-02 10:19 - 2013-06-29 16:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\(Default)
2015-04-30 15:01 - 2014-12-03 21:06 - 00000000 ____D () C:\Users\Vašek\AppData\Roaming\.ACEStream
2015-04-25 21:36 - 2012-08-26 14:49 - 00000000 ___HD () C:\ProgramData\Origin
2015-04-25 18:43 - 2014-10-12 00:01 - 00348672 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2015-04-25 18:43 - 2012-08-27 15:12 - 00348672 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2015-04-25 18:38 - 2012-08-18 20:34 - 00280904 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2015-04-23 13:37 - 2013-11-08 12:24 - 00000000 ____D () C:\Users\Vašek\AppData\Local\DayZ
2015-04-20 23:27 - 2014-05-06 23:39 - 00000000 ____D () C:\Users\Vašek\AppData\Roaming\DisplayFusion
2015-04-20 20:40 - 2015-02-01 19:36 - 00000000 ____D () C:\Users\Vašek\Desktop\WEB
2015-04-20 20:39 - 2015-01-09 15:21 - 00061653 _____ () C:\Windows\temp023423.vbe
==================== Files in the root of some directories =======
2012-07-12 10:28 - 2012-07-12 10:28 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2013-03-22 14:11 - 2013-03-22 14:11 - 0000132 _____ () C:\Users\Vašek\AppData\Roaming\Adobe AIFF Format CS5 Prefs
2013-10-18 20:44 - 2015-04-08 12:29 - 0000132 _____ () C:\Users\Vašek\AppData\Roaming\Adobe BMP Format CS5 Prefs
2014-12-09 01:34 - 2014-12-09 01:57 - 0000132 _____ () C:\Users\Vašek\AppData\Roaming\Adobe GIF Format CS5 Prefs
2013-10-18 21:00 - 2013-11-08 15:12 - 0000132 _____ () C:\Users\Vašek\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
2013-07-25 00:54 - 2015-05-12 21:13 - 0000132 _____ () C:\Users\Vašek\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-01-12 02:50 - 2014-01-12 02:50 - 0000132 _____ () C:\Users\Vašek\AppData\Roaming\Adobe Targa Format CS5 Prefs
2003-04-09 05:28 - 2003-04-09 05:28 - 0233472 ____R () C:\Users\Vašek\AppData\Roaming\MafiaSetup.exe
2014-12-09 02:14 - 2015-01-19 12:08 - 0001456 _____ () C:\Users\Vašek\AppData\Local\Adobe Save for Web 12.0 Prefs
2013-02-08 01:31 - 2013-02-08 01:31 - 0003584 _____ () C:\Users\Vašek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-05-01 21:59 - 2013-05-01 21:59 - 0000093 _____ () C:\Users\Vašek\AppData\Local\fusioncache.dat
2012-09-21 14:56 - 2013-03-26 22:56 - 0007601 _____ () C:\Users\Vašek\AppData\Local\Resmon.ResmonCfg
2012-03-08 09:00 - 2012-07-26 23:15 - 0002485 _____ () C:\ProgramData\clear.fiSDK20.log
2012-03-08 09:02 - 2015-03-20 01:26 - 0000032 _____ () C:\ProgramData\PS.log
Some content of TEMP:
====================
C:\Users\gta\AppData\Local\Temp\avgnt.exe
C:\Users\gta\AppData\Local\Temp\Bass.dll
C:\Users\gta\AppData\Local\Temp\Bass.Net.dll
C:\Users\Marek\AppData\Local\Temp\avgnt.exe
C:\Users\Marek\AppData\Local\Temp\Bit1C88.tmp.exe
C:\Users\Marek\AppData\Local\Temp\Bit1CA.tmp.exe
C:\Users\Marek\AppData\Local\Temp\Bit2188.tmp.exe
C:\Users\Marek\AppData\Local\Temp\Bit4F6A.tmp.exe
C:\Users\Marek\AppData\Local\Temp\Bit87E9.tmp.exe
C:\Users\Marek\AppData\Local\Temp\Bit8C5E.tmp.exe
C:\Users\Marek\AppData\Local\Temp\Bit8DBB.tmp.exe
C:\Users\Marek\AppData\Local\Temp\Bit9DD4.tmp.exe
C:\Users\Marek\AppData\Local\Temp\BitAC57.tmp.exe
C:\Users\Marek\AppData\Local\Temp\BitE313.tmp.exe
C:\Users\Marek\AppData\Local\Temp\BitE32D.tmp.exe
C:\Users\Marek\AppData\Local\Temp\BitE99B.tmp.exe
C:\Users\Marek\AppData\Local\Temp\BitFBCB.tmp.exe
C:\Users\Marek\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\Marek\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Marek\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Marek\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Marek\AppData\Local\Temp\nvSCPAPISvr.exe
C:\Users\Marek\AppData\Local\Temp\nvStInst.exe
C:\Users\Marek\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Marek\AppData\Local\Temp\sfextra.dll
C:\Users\Marek\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Marek\AppData\Local\Temp\sonarinst.exe
C:\Users\Marek\AppData\Local\Temp\Uninstall.exe
C:\Users\Marek\AppData\Local\Temp\{71E0AD67-8D6D-4BD6-8534-697A361EFB0F}-34.0.1847.131_34.0.1847.116_chrome_updater.exe
C:\Users\Vašek\AppData\Local\Temp\avgnt.exe
C:\Users\Vašek\AppData\Local\Temp\Bit204E.tmp.exe
C:\Users\Vašek\AppData\Local\Temp\Bit23C.tmp.exe
C:\Users\Vašek\AppData\Local\Temp\Bit5DF8.tmp.exe
C:\Users\Vašek\AppData\Local\Temp\BitBA2C.tmp.exe
C:\Users\Vašek\AppData\Local\Temp\BitF78F.tmp.exe
C:\Users\Vašek\AppData\Local\Temp\BRSVC_283236928_hlp.exe
C:\Users\Vašek\AppData\Local\Temp\CoJBiBLauncher.exe
C:\Users\Vašek\AppData\Local\Temp\NEventMessages.dll
C:\Users\Vašek\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Vašek\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Vašek\AppData\Local\Temp\nvStInst.exe
C:\Users\Vašek\AppData\Local\Temp\Quarantine.exe
C:\Users\Vašek\AppData\Local\Temp\Skin.dll
C:\Users\Vašek\AppData\Local\Temp\Social%20Club%20v1.1.5.5%20Setup.exe
C:\Users\Vašek\AppData\Local\Temp\sqlite3.dll
C:\Users\Vašek\AppData\Local\Temp\SRLDetectionLibrary5570364733105267946.dll
C:\Users\Vašek\AppData\Local\Temp\uninst.exe
C:\Users\Vašek\AppData\Local\Temp\_isB515.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-14 07:57
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: (Acer) (Fixed) (Total:455.45 GB) (Free:19.75 GB) NTFS
Drive d: (DATA) (Fixed) (Total:455.96 GB) (Free:8.77 GB) NTFS
Drive f: (Download) (Fixed) (Total:465.75 GB) (Free:233.93 GB) NTFS
Available physical RAM: 6024.41 MB
Total physical RAM: 8140.59 MB
Percentage of memory in use: 25%
==================== MBR and Partition Table ==================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 16323044)
Partition 1: (Not Active) - (Size=20 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=455.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=456 GB) - (Type=07 NTFS)
Disk: 1 (Size: 465.8 GB) (Disk ID: BE794183)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
==================== Scheduled Tasks (whitelisted) ==================
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-266349663-400684417-2290147511-1000Core.job => C:\Users\Marek\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-266349663-400684417-2290147511-1000UA.job => C:\Users\Marek\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Alternate Data Streams (whitelisted) ==================
AlternateDataStreams: C:\ProgramData\Temp:6DDED7D9
AlternateDataStreams: C:\ProgramData\Temp:76650B61
AlternateDataStreams: C:\ProgramData\Temp:C76EDAC3
AlternateDataStreams: C:\Users\Marek\AppData\Local\temp:KqN6mk4cjL4L4aRGiYsV
AlternateDataStreams: C:\Users\Marek\AppData\Local\Temporary Internet Files:ijisQ2zflRxkv9EHwlVHqr8LNR
AlternateDataStreams: C:\Users\Vašek\AppData\Local\Temp:KqN6mk4cjL4L4aRGiYsV
AlternateDataStreams: C:\Users\Vašek\AppData\Local\Temporary Internet Files:ijisQ2zflRxkv9EHwlVHqr8LNR
==================== Security Center ==================
AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Va�ek\Desktop" je 23288 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AirDroid 3
D:\Programy\AirDroid\AirDroid.exe /start [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnTBMon
"C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon
"c:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeathTaker
D:\Programy\DeathTaker\mousehid.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DisplayFusion
"D:\Programy\DisplayFusion\DisplayFusion.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Imperator pro
"D:\Programy\Imperator Pro\IMProhid.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent
D:\Programy\Kies\KiesTrayAgent.exe [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Remote Mouse
C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler
C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Va�ek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk
C:\Users\VAEK~1\AppData\Roaming\Dropbox\bin\Dropbox.exe
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Ran by Vašek (administrator) on WSSM on 20-05-2015 07:20:26
Running from C:\Users\Vašek\Desktop
Loaded Profiles: Vašek (Available profiles: Vašek & gta)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Egis Technology Inc. ) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVerMedia) C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRECentral.exe
(Binary Fortress Software) D:\Programy\DisplayFusion\DisplayFusionService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files\Cyberlink\Shared files\RichVideo64.exe
() C:\Program Files\rUpdater\rUpdater_srv.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(UltiDev LLC) C:\Program Files (x86)\UltiDev\Cassini Web Server for ASP.NET 2.0\ULTIDEVCASSINWEBSERVER2A.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
(SHAPE) D:\Programy\iDisplay\iDisplay.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Some Company) C:\Program Files\rUpdater\rUpdater_agent.exe
() C:\Program Files\Win Drive\poclbm.exe
() D:\Programy\Rainmeter.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Avira Operations GmbH & Co. KG) D:\Programy\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Thermaltake) D:\Programy\ThermalTake Mouse Level 10M\L10mMonitor.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
() D:\Programy\iDisplay\adb.exe
(CyberLink) C:\Program Files (x86)\Cyberlink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
(Mozilla Corporation) D:\Programy\Mozilla Firefox\firefox.exe
(forum.viry.cz) C:\Users\Vašek\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13353064 2011-11-14] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-28] (NVIDIA Corporation)
HKLM\...\Run: [rUpdater2] => C:\Program Files\rUpdater\rUpdater_agent.exe [2410496 2015-04-25] (Some Company)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-06-22] (Egis Technology Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291096 2011-12-04] (Intel Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => D:\Programy\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Tt eSPORTS Level 10 M Gaming Mouse] => D:\Programy\ThermalTake Mouse Level 10M\L10mMonitor.exe [121224 2012-09-28] (Thermaltake)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-266349663-400684417-2290147511-1003\...\Run: [WindowsDriverScan] => C:\Program Files\Win Drive\Drive.lnk [1427 2013-12-04] ()
HKU\S-1-5-21-266349663-400684417-2290147511-1003\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-266349663-400684417-2290147511-1003\...\Run: [AceWebException] => C:\Users\Vašek\AppData\Roaming\AceWebExtension\updater\ace_web_extension.exe
HKU\S-1-5-21-266349663-400684417-2290147511-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\SNAPMA~1.SCR [1016337 2013-11-07] (Jan Kolarik & Ondrej Vaverka)
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
AppInit_DLLs: => File Not Found
Startup: C:\Users\Vašek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2015-04-24]
ShortcutTarget: Rainmeter.lnk -> D:\Programy\Rainmeter.exe ()
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vašek\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vašek\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vašek\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vašek\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vašek\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vašek\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Vašek\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-266349663-400684417-2290147511-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-266349663-400684417-2290147511-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\S-1-5-21-266349663-400684417-2290147511-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.phpnuke.org/?lang=en&cid=457c4dfc
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-266349663-400684417-2290147511-1003 -> {41F6F0C2-69FA-4497-A62C-5C36A846E8CE} URL = http://search.phpnuke.org/?lang=en&cid= ... earchTerms}
SearchScopes: HKU\S-1-5-21-266349663-400684417-2290147511-1003 -> {47FA3079-0A1B-42DC-A488-8787B6E563D8} URL =
BHO: No Name -> {4D594333-0076-A76A-76A7-7A786E7484D7} -> No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll [2014-06-30] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll [2014-06-30] (Oracle Corporation)
BHO-x32: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> D:\Programy\BitComet\tools\BitCometBHO_1.5.4.11.dll [2011-04-11] (BitComet)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre8\bin\ssv.dll [2014-06-30] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre8\bin\jp2ssv.dll [2014-06-30] (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Programy\SkypeRecorder\Skype4COM.dll [2011-09-07] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Vašek\AppData\Roaming\Mozilla\Firefox\Profiles\br0my0x5.default-1389808505168
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll [2014-06-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll [2014-06-30] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2014-05-28] (Adobe Systems, Inc.)
FF Plugin-x32: @esn/esnlaunch,version=1.138.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.3 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files (x86)\Java\jre8\bin\dtplugin\npDeployJava1.dll [2014-06-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files (x86)\Java\jre8\bin\plugin2\npjp2.dll [2014-06-30] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-04-08] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-04-08] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> D:\Programy\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-29] (Adobe Systems)
FF Plugin HKU\S-1-5-21-266349663-400684417-2290147511-1003: @acestream.net/acestreamplugin,version=3.0.4 -> C:\Users\Vašek\AppData\Roaming\ACEStream\player\npace_plugin.dll [2014-12-07] (Innovative Digital Technologies)
FF Plugin HKU\S-1-5-21-266349663-400684417-2290147511-1003: ubisoft.com/uplaypc -> D:\Hry\Trials Evolution\datapack\orbit\npuplaypc.dll No File
FF Extension: Enhanced Steam - C:\Users\Vašek\AppData\Roaming\Mozilla\Firefox\Profiles\br0my0x5.default-1389808505168\Extensions\jid1-YdiFiTEkQgInxA@jetpack.xpi [2015-02-20]
FF Extension: Multi Links - C:\Users\Vašek\AppData\Roaming\Mozilla\Firefox\Profiles\br0my0x5.default-1389808505168\Extensions\multilinks@plugin.xpi [2014-12-11]
FF Extension: Adblock Plus - C:\Users\Vašek\AppData\Roaming\Mozilla\Firefox\Profiles\br0my0x5.default-1389808505168\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-05]
StartMenuInternet: FIREFOX.EXE - D:\Programy\Mozilla Firefox\firefox.exe
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://search.phpnuke.org/?lang=en&cid=457c4dfc"
CHR Plugin: (Shockwave Flash) - C:\Users\Marek\AppData\Local\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Marek\AppData\Local\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Marek\AppData\Local\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll No File
CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U13) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Torrent Stream P2P Multimedia Plug-in 2) - C:\Users\Vašek\AppData\Roaming\TorrentStream\player\npts_plugin.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Uplay PC) - D:\Hry\The Settlers 7 - Paths to a Kingdom\Data\Base\_Dbg\Bin\Release\orbit\npuplaypc.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Profile: C:\Users\Vašek\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Vašek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-01-21]
CHR Extension: (Google Drive) - C:\Users\Vašek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-21]
CHR Extension: (YouTube) - C:\Users\Vašek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-21]
CHR Extension: (Google Search) - C:\Users\Vašek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-21]
CHR Extension: (Avira Browser Safety) - C:\Users\Vašek\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-11-03]
CHR Extension: (Skype Click to Call) - C:\Users\Vašek\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-03-16]
CHR Extension: (Google Wallet) - C:\Users\Vašek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR Extension: (Gmail) - C:\Users\Vašek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-21]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
StartMenuInternet: Google Chrome.FUHAIAKXE4EH4OUDF442WAYFHM - C:\Users\Marek\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; D:\Programy\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirSchedulerService; D:\Programy\Avira\AntiVir Desktop\sched.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; D:\Programy\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; D:\Programy\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AVerRECentral; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRECentral.exe [339456 2012-07-31] (AVerMedia) [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [967040 2015-04-06] ()
S3 BITCOMET_HELPER_SERVICE; D:\Programy\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
R2 DisplayFusionService; D:\Programy\DisplayFusion\DisplayFusionService.exe [1498000 2013-04-26] (Binary Fortress Software)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-28] (NVIDIA Corporation)
R2 hasplms; C:\Windows\system32\hasplms.exe [4941768 2012-06-28] (SafeNet Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
S4 MBAMScheduler; D:\Programy\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; D:\Programy\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-28] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-28] (NVIDIA Corporation)
S3 Origin Client Service; D:\Programy\Origin\OriginClientService.exe [1931632 2015-04-15] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-02-17] ()
R2 RichVideo64; C:\Program Files\Cyberlink\Shared files\RichVideo64.exe [390672 2012-09-11] ()
R2 rUpdater; C:\Program Files\rUpdater\rUpdater_srv.exe [98304 2015-04-25] () [File not signed]
S3 Survarium-Steam Update Service; D:\Programy\Steam\steamapps\common\Survarium\game\binaries\x86\survarium_service.exe [75384 2015-04-19] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5419792 2014-11-28] (TeamViewer GmbH)
R2 UltiDev Cassini Web Server for ASP.NET 2.0; C:\Program Files (x86)\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe [49152 2012-10-17] (UltiDev LLC) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 ArvoFltr; C:\Windows\System32\drivers\ArvoFltr.sys [15872 2009-05-07] (ROCCAT Development, Inc.) [File not signed]
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [312480 2013-01-03] ()
R3 AVer330; C:\Windows\System32\DRIVERS\AVer330.sys [1431424 2012-09-17] (AVerMedia TECHNOLOGIES, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-05] (Avira Operations GmbH & Co. KG)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-08-17] (DT Soft Ltd)
S3 DxkgFilter; D:\Programy\iDisplay\idisplay.sys [55720 2012-08-31] ()
R1 ElRawDisk; C:\Windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [321536 2011-09-28] (SafeNet Inc.)
S3 KYEKBPRO; C:\Windows\System32\drivers\KYEKBPRO.sys [25600 2011-10-14] ( )
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43168 2013-01-03] ()
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-11] (ManyCam LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-05] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-28] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-08-24] (Duplex Secure Ltd.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-02-22] (Anchorfree Inc.)
U3 av56y0j5; C:\Windows\System32\Drivers\av56y0j5.sys [0 ] (Intel Corporation) <==== ATTENTION (zero size file/folder)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 nmwcd; system32\drivers\ccdcmbx64.sys [X]
S3 nmwcdcx64; system32\drivers\ccdcmbox64.sys [X]
S3 nmwcdx64; system32\drivers\ccdcmbx64.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 upperdev; system32\DRIVERS\usbser_lowerfltx64.sys [X]
S3 UsbserFilt; system32\DRIVERS\usbser_lowerfltx64j.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-20 07:20 - 2015-05-20 07:20 - 00029253 _____ () C:\Users\Vašek\Desktop\FRST.txt
2015-05-20 07:19 - 2015-05-20 07:20 - 00000000 ____D () C:\FRST
2015-05-20 07:19 - 2015-05-20 07:19 - 00112640 _____ (forum.viry.cz) C:\Users\Vašek\Desktop\FRSTLauncher.exe
2015-05-20 07:18 - 2015-05-20 07:18 - 02107904 _____ (Farbar) C:\Users\Vašek\Desktop\FRST64.exe
2015-05-20 00:34 - 2015-05-20 00:40 - 00000000 ____D () C:\AdwCleaner
2015-05-19 23:48 - 2015-05-19 23:48 - 02209792 _____ () C:\Users\Vašek\Desktop\adwcleaner_4.204.exe
2015-05-19 23:36 - 2015-05-19 23:37 - 00000000 ____D () C:\rsit
2015-05-19 23:36 - 2015-05-19 23:36 - 01222144 _____ () C:\Users\Vašek\Downloads\RSITx64.exe
2015-05-18 23:59 - 2015-05-19 00:03 - 690837504 _____ () C:\Users\Vašek\Downloads\sila.lidskosti.nicholas.winton.2002.tvrip.xvid.cz-cze.avi
2015-05-18 23:56 - 2015-05-19 00:06 - 1464384468 _____ () C:\Users\Vašek\Downloads\Domov---Home-2009-novinky-document-dabing-cz.avi
2015-05-18 23:40 - 2015-05-18 23:45 - 1092951360 _____ () C:\Users\Vašek\Downloads\Stastni to lide, Rok v tajze (Happy People, A Year in the Taiga) 2010.avi
2015-05-17 18:40 - 2015-05-17 18:40 - 00000000 ____D () C:\Users\Vašek\AppData\Local\Arktos Entertainment
2015-05-17 18:07 - 2015-05-17 20:07 - 35345575 _____ () C:\Users\Vašek\Desktop\debug.log
2015-05-17 16:12 - 2015-05-17 16:12 - 00000211 _____ () C:\Users\Vašek\Desktop\Infestation Survivor Stories.url
2015-05-17 15:51 - 2015-05-17 15:51 - 00000739 _____ () C:\Users\Vašek\Desktop\Wolfenstein The Old Blood.lnk
2015-05-17 15:20 - 2015-05-17 15:20 - 00000000 ____D () C:\Users\Vašek\Desktop\Basement.v0.1.7
2015-05-15 15:39 - 2015-05-15 15:40 - 00000000 ____D () C:\Users\Vašek\Desktop\Nová složka (4)
2015-05-14 12:51 - 2015-05-14 12:52 - 17928270 _____ () C:\Users\Vašek\Downloads\bazen.zip
2015-05-14 00:01 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 00:01 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 08:57 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 08:57 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 08:57 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-13 08:57 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 08:57 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 08:57 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 08:57 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 08:57 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 08:57 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 08:57 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 08:57 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 08:57 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 08:57 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 08:57 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 08:57 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 08:57 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 08:57 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 08:57 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 08:57 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 08:57 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 08:57 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 08:57 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 08:57 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 08:57 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 08:57 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 08:57 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 08:57 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 08:57 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 08:57 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 08:57 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 08:57 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 08:57 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 08:57 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 08:57 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 08:57 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 08:57 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 08:57 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 08:57 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 08:57 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 08:57 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 08:57 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 08:57 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 08:57 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 08:57 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 08:57 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 08:57 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 08:57 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 08:57 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 08:57 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 08:57 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 08:57 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 08:57 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 08:57 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 08:57 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 08:57 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 08:57 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 08:57 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 08:57 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 08:57 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 08:57 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 08:57 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 08:57 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 08:57 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 08:57 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 08:57 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 08:57 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 08:57 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 08:57 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 08:56 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 08:56 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 08:56 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-13 08:56 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 08:56 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-13 08:56 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-13 08:56 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-13 08:56 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 08:56 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-13 08:56 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-13 08:56 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-13 08:56 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 08:56 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 08:56 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-13 08:56 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-13 08:56 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 08:56 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 08:56 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-13 08:56 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 08:56 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-13 08:56 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-13 08:56 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 08:56 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 08:56 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 08:56 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-13 08:56 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-13 08:56 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-13 08:56 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-13 08:56 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-13 08:56 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-13 08:56 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-13 08:56 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-13 08:56 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-13 08:56 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 08:56 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-13 08:56 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 08:56 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 08:56 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 08:56 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 08:56 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-13 08:56 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-13 08:56 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-13 08:56 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-13 08:56 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-13 08:56 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 08:56 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 08:56 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 08:56 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-13 08:56 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 08:56 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-13 08:56 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 08:56 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-13 08:56 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-13 08:56 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 08:56 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-13 08:56 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-13 08:56 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-13 08:56 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-13 08:56 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-13 08:56 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 08:56 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-13 08:56 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-13 08:56 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 08:56 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 08:56 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-13 08:56 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-13 08:56 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 08:56 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 08:56 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 08:56 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-13 08:56 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-13 08:56 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-13 08:56 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 08:56 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-13 08:56 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 08:56 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 08:56 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 08:56 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 08:56 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 08:56 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 08:56 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 08:56 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-13 08:56 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-13 08:56 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 08:56 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-13 08:56 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-13 08:56 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-13 08:56 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-13 08:56 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 08:56 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-13 08:56 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 08:56 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-12 21:32 - 2015-05-12 21:33 - 01398884 _____ () C:\Users\Vašek\Downloads\kc-fonts_serial-publication.zip
2015-05-12 15:22 - 2015-05-15 14:17 - 00000000 ____D () C:\Users\Vašek\Desktop\Nová složka (3)
2015-05-12 00:14 - 2015-05-12 00:18 - 891740160 _____ () C:\Users\Vašek\Downloads\planeta-zeme-po-vymreni-lidstva.avi
2015-05-11 23:28 - 2015-05-11 23:28 - 00010824 _____ () C:\Users\Vašek\Desktop\NC 2015.xlsx
2015-05-11 21:13 - 2015-05-11 21:13 - 00268800 _____ () C:\Users\Vašek\Downloads\VY_32_INOVACE_14_MM.ppt
2015-05-11 10:11 - 2015-05-11 10:14 - 00000000 ____D () C:\Users\Vašek\Documents\Project CARS
2015-05-11 10:11 - 2015-05-11 10:11 - 00000000 ____D () C:\Users\Vašek\Documents\wmd_symbol_cache
2015-05-11 09:40 - 2015-05-11 09:40 - 00028656 _____ () C:\Users\Vašek\Downloads\[kickass.to]car.mechanic.simulator.2015.codex (1).torrent
2015-05-11 09:35 - 2015-05-11 09:35 - 00028656 _____ () C:\Users\Vašek\Downloads\[kickass.to]car.mechanic.simulator.2015.codex.torrent
2015-05-11 09:04 - 2015-05-16 11:48 - 00000000 ____D () C:\Users\Vašek\AppData\Roaming\Exanima
2015-05-11 08:14 - 2015-05-11 08:14 - 00464106 _____ () C:\Users\Vašek\Downloads\flvmdigui105.zip
2015-05-11 08:14 - 2015-05-11 08:14 - 00233257 _____ () C:\Users\Vašek\Downloads\flvmdi296exe.zip
2015-05-11 08:12 - 2015-05-11 08:58 - 00000000 ____D () C:\Users\Vašek\AppData\Roaming\vlc
2015-05-11 08:12 - 2015-05-11 08:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-05-11 08:11 - 2015-05-11 08:12 - 28849904 _____ () C:\Users\Vašek\Downloads\vlc-2.2.1-win32.exe
2015-05-11 08:07 - 2015-05-11 08:08 - 00000000 ____D () C:\Users\Vašek\AppData\Roaming\FLV Extract
2015-05-11 08:06 - 2015-05-11 08:06 - 00996125 _____ () C:\Users\Vašek\Downloads\MP4Box-0.4.5.zip
2015-05-11 08:06 - 2015-05-11 08:06 - 00081428 _____ () C:\Users\Vašek\Downloads\FLV_Extract.zip
2015-05-11 07:34 - 2015-05-11 07:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EASEUS Deleted File Recovery 3.0.1
2015-05-11 07:31 - 2015-05-11 07:31 - 03865258 _____ () C:\Users\Vašek\Downloads\EDR.zip
2015-05-09 20:54 - 2015-05-09 20:58 - 2529825142 _____ () C:\Users\Vašek\Downloads\Shaun.the.Sheep.The.Movie.2015.720p.WEB-DL.XviD.AC3-RARBG.avi
2015-05-09 10:25 - 2015-05-09 10:25 - 00014897 _____ () C:\Users\Vašek\Downloads\[kickass.to]exanima.v0.5.0.torrent
2015-05-07 23:41 - 2015-05-07 23:41 - 00079824 _____ () C:\Users\Vašek\Downloads\[kickass.to]project.cars.reloaded.torrent
2015-05-07 23:40 - 2015-05-07 23:40 - 00089533 _____ () C:\Users\Vašek\Downloads\[kickass.to]wolfenstein.the.old.blood.codex.torrent
2015-05-07 09:45 - 2015-05-07 10:06 - 384302154 _____ () C:\Users\Vašek\Downloads\Ulice-2817---5.5.-2015.avi
2015-05-06 15:36 - 2015-05-18 21:58 - 00000065 _____ () C:\Users\Vašek\Desktop\todo.txt
2015-05-04 19:35 - 2015-05-04 19:35 - 00054747 _____ () C:\Users\Vašek\Downloads\DPD_objednavkovy_formular.xlsx
2015-05-03 22:29 - 2015-05-03 22:35 - 2691641350 _____ () C:\Users\Vašek\Downloads\KOD.ENIGMY.The.Imitation.Game.2014.1080p.BRRip.x264.AC3.CZTIT.mkv
2015-05-03 22:28 - 2015-05-03 22:33 - 1840162816 _____ () C:\Users\Vašek\Downloads\Pout (The Way) 2010 CZ dabing.avi
2015-05-03 22:21 - 2015-05-03 22:25 - 1567920128 _____ () C:\Users\Vašek\Downloads\Nic-nas-nerozdeli-CZ-RADIOSUBA.avi
2015-05-03 22:21 - 2015-05-03 22:23 - 1007814656 _____ () C:\Users\Vašek\Downloads\INTERSTATE-60-DALNICE-60---CZ-dvdrip.avi
2015-05-02 12:10 - 2015-05-02 12:10 - 00000730 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-02 10:30 - 2015-05-02 10:30 - 00303104 _____ () C:\Users\Vašek\Downloads\lame_enc.dll
2015-05-02 10:19 - 2015-05-02 10:19 - 00000000 ____D () C:\Windows\rUpdater
2015-05-02 10:19 - 2015-05-02 10:19 - 00000000 ____D () C:\Program Files\rUpdater
2015-05-02 10:18 - 2015-05-02 10:18 - 02946656 _____ ( ) C:\Users\Vašek\Downloads\amrtomp3_setup.exe
2015-05-02 10:10 - 2015-05-02 10:10 - 09957947 _____ ( ) C:\Users\Vašek\Downloads\ffmpeg-win-2.2.2.exe
2015-05-01 11:59 - 2015-05-01 11:59 - 00000625 _____ () C:\Users\Public\Desktop\Solarix.lnk
2015-04-27 20:51 - 2015-04-27 20:57 - 800222108 _____ () C:\Users\Vašek\Downloads\Cernobyl---nulta-hodina-2004-CZ-Dokumentarni-Historicky.avi
2015-04-27 20:45 - 2015-04-27 20:46 - 287640606 _____ () C:\Users\Vašek\Downloads\Boj o Černobyl . Dokument Discovery Channel (1).mp4
2015-04-27 11:38 - 2015-04-27 11:39 - 74295331 _____ () C:\Users\Vašek\Downloads\Didier Drogba returns King ● Best Goals in Chelsea F.C. HD.mp4
2015-04-25 20:52 - 2015-04-25 20:52 - 00131116 _____ () C:\Users\Vašek\Downloads\[kickass.to]s.t.a.l.k.e.r.shadow.of.chernobyl.version.2.0.0.5.gog.torrent
2015-04-25 19:42 - 2015-04-25 19:52 - 1625763840 _____ () C:\Users\Vašek\Downloads\Soumrak-mrtvych.avi
2015-04-25 19:37 - 2015-04-25 19:49 - 1782052912 _____ () C:\Users\Vašek\Downloads\Millerovi-na-tripu.avi
2015-04-25 11:47 - 2015-04-25 11:48 - 41284966 _____ () C:\Users\Vašek\Downloads\Zombies__Run__v3.1.5.apk
2015-04-24 14:11 - 2015-04-24 14:11 - 02333416 _____ () C:\Users\Vašek\Downloads\Rainmeter-3.3-r2402-beta.exe
2015-04-24 14:11 - 2015-04-24 14:11 - 00000603 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainmeter.lnk
2015-04-23 21:23 - 2015-04-23 21:27 - 918575104 _____ () C:\Users\Vašek\Downloads\Koupili_jsme_ZOO_novinky_2011_komedie_drama_rodinny_CZ_dabing.avi
2015-04-23 10:08 - 2015-04-23 10:20 - 00000000 ____D () C:\Users\Vašek\Desktop\Práce
2015-04-21 23:44 - 2015-04-21 23:44 - 03823840 _____ () C:\Users\Vašek\Downloads\ReShade%20+%20SweetFX%20Graphics%20Mod%201.0.zip
2015-04-20 20:40 - 2015-04-20 20:40 - 00003090 _____ () C:\Windows\System32\Tasks\Origin
2015-04-20 15:29 - 2015-04-20 15:29 - 02688968 _____ () C:\Users\Vašek\Downloads\Loga.zip
2015-04-20 09:25 - 2015-04-20 09:26 - 79272455 _____ () C:\Users\Vašek\Downloads\kupony.zip
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-20 07:17 - 2012-08-17 18:51 - 00000962 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-266349663-400684417-2290147511-1000UA.job
2015-05-20 07:17 - 2012-03-08 09:00 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-20 03:02 - 2012-07-26 22:36 - 01328695 _____ () C:\Windows\WindowsUpdate.log
2015-05-20 03:01 - 2015-04-06 17:09 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-20 03:01 - 2015-04-06 17:09 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-20 03:01 - 2012-08-24 19:52 - 00000000 ____D () C:\Users\Vašek\AppData\Local\Adobe
2015-05-20 03:01 - 2009-07-14 06:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-20 03:01 - 2009-07-14 06:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-20 00:49 - 2012-07-26 22:27 - 00678098 _____ () C:\Windows\system32\perfh005.dat
2015-05-20 00:49 - 2012-07-26 22:27 - 00146996 _____ () C:\Windows\system32\perfc005.dat
2015-05-20 00:49 - 2009-07-14 07:13 - 01613968 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-20 00:42 - 2015-03-21 04:45 - 00015674 _____ () C:\Windows\setupact.log
2015-05-20 00:42 - 2012-07-26 22:56 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-20 00:42 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-20 00:09 - 2012-10-18 20:28 - 00000000 ____D () C:\Users\Vašek\AppData\Roaming\Skype
2015-05-19 23:56 - 2013-02-27 16:46 - 00000000 ____D () C:\Users\Vašek\AppData\Roaming\TS3Client
2015-05-19 23:51 - 2012-03-08 08:26 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-05-19 23:36 - 2013-05-14 11:21 - 00000000 ____D () C:\Program Files\trend micro
2015-05-19 22:04 - 2014-02-15 02:00 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{11996B44-D394-43CD-ABB9-DBF05E591E20}
2015-05-17 19:28 - 2013-07-28 21:22 - 00000000 ____D () C:\Users\Vašek\AppData\Local\Arma 3
2015-05-17 18:38 - 2012-08-17 18:51 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-266349663-400684417-2290147511-1000Core.job
2015-05-17 18:09 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-05-17 16:15 - 2015-01-06 18:24 - 00000000 ____D () C:\Users\Vašek\Documents\Survarium
2015-05-17 09:30 - 2012-03-08 08:26 - 00000000 ____D () C:\ProgramData\Skype
2015-05-14 14:18 - 2012-10-29 17:57 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-14 08:06 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-05-14 07:04 - 2009-07-14 06:45 - 05216840 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-14 06:55 - 2010-11-21 09:17 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-14 06:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-14 06:53 - 2013-03-14 14:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-14 00:04 - 2012-09-20 18:04 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-14 00:01 - 2013-03-14 14:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-14 00:00 - 2013-03-14 14:46 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-12 23:13 - 2012-08-20 10:30 - 00150336 _____ () C:\Users\Vašek\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-12 21:13 - 2013-07-25 00:54 - 00000132 _____ () C:\Users\Vašek\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-05-10 15:00 - 2013-01-31 23:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2015-05-08 14:34 - 2015-03-19 15:52 - 00000000 ____D () C:\Users\Vašek\Desktop\SUBWAY
2015-05-08 14:34 - 2015-03-15 16:22 - 00000000 ____D () C:\Users\Vašek\Desktop\web design
2015-05-08 14:27 - 2014-05-30 19:50 - 00000000 ____D () C:\Users\Vašek\Desktop\A4
2015-05-08 03:02 - 2012-08-19 00:22 - 01588682 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-05-06 06:51 - 2015-03-23 23:04 - 00258960 _____ () C:\Windows\PFRO.log
2015-05-05 15:09 - 2014-11-22 19:59 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-05 11:48 - 2013-10-21 00:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-05 11:46 - 2013-10-21 00:20 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-05-05 11:46 - 2013-10-21 00:20 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-05-05 09:40 - 2012-03-08 08:47 - 00000000 ____D () C:\Windows\hu
2015-05-02 12:10 - 2014-11-22 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-02 10:58 - 2012-09-06 16:02 - 00000000 ____D () C:\Users\Vašek\AppData\Roaming\Audacity
2015-05-02 10:19 - 2013-06-29 16:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\(Default)
2015-04-30 15:01 - 2014-12-03 21:06 - 00000000 ____D () C:\Users\Vašek\AppData\Roaming\.ACEStream
2015-04-25 21:36 - 2012-08-26 14:49 - 00000000 ___HD () C:\ProgramData\Origin
2015-04-25 18:43 - 2014-10-12 00:01 - 00348672 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2015-04-25 18:43 - 2012-08-27 15:12 - 00348672 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2015-04-25 18:38 - 2012-08-18 20:34 - 00280904 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2015-04-23 13:37 - 2013-11-08 12:24 - 00000000 ____D () C:\Users\Vašek\AppData\Local\DayZ
2015-04-20 23:27 - 2014-05-06 23:39 - 00000000 ____D () C:\Users\Vašek\AppData\Roaming\DisplayFusion
2015-04-20 20:40 - 2015-02-01 19:36 - 00000000 ____D () C:\Users\Vašek\Desktop\WEB
2015-04-20 20:39 - 2015-01-09 15:21 - 00061653 _____ () C:\Windows\temp023423.vbe
==================== Files in the root of some directories =======
2012-07-12 10:28 - 2012-07-12 10:28 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2013-03-22 14:11 - 2013-03-22 14:11 - 0000132 _____ () C:\Users\Vašek\AppData\Roaming\Adobe AIFF Format CS5 Prefs
2013-10-18 20:44 - 2015-04-08 12:29 - 0000132 _____ () C:\Users\Vašek\AppData\Roaming\Adobe BMP Format CS5 Prefs
2014-12-09 01:34 - 2014-12-09 01:57 - 0000132 _____ () C:\Users\Vašek\AppData\Roaming\Adobe GIF Format CS5 Prefs
2013-10-18 21:00 - 2013-11-08 15:12 - 0000132 _____ () C:\Users\Vašek\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
2013-07-25 00:54 - 2015-05-12 21:13 - 0000132 _____ () C:\Users\Vašek\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-01-12 02:50 - 2014-01-12 02:50 - 0000132 _____ () C:\Users\Vašek\AppData\Roaming\Adobe Targa Format CS5 Prefs
2003-04-09 05:28 - 2003-04-09 05:28 - 0233472 ____R () C:\Users\Vašek\AppData\Roaming\MafiaSetup.exe
2014-12-09 02:14 - 2015-01-19 12:08 - 0001456 _____ () C:\Users\Vašek\AppData\Local\Adobe Save for Web 12.0 Prefs
2013-02-08 01:31 - 2013-02-08 01:31 - 0003584 _____ () C:\Users\Vašek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-05-01 21:59 - 2013-05-01 21:59 - 0000093 _____ () C:\Users\Vašek\AppData\Local\fusioncache.dat
2012-09-21 14:56 - 2013-03-26 22:56 - 0007601 _____ () C:\Users\Vašek\AppData\Local\Resmon.ResmonCfg
2012-03-08 09:00 - 2012-07-26 23:15 - 0002485 _____ () C:\ProgramData\clear.fiSDK20.log
2012-03-08 09:02 - 2015-03-20 01:26 - 0000032 _____ () C:\ProgramData\PS.log
Some content of TEMP:
====================
C:\Users\gta\AppData\Local\Temp\avgnt.exe
C:\Users\gta\AppData\Local\Temp\Bass.dll
C:\Users\gta\AppData\Local\Temp\Bass.Net.dll
C:\Users\Marek\AppData\Local\Temp\avgnt.exe
C:\Users\Marek\AppData\Local\Temp\Bit1C88.tmp.exe
C:\Users\Marek\AppData\Local\Temp\Bit1CA.tmp.exe
C:\Users\Marek\AppData\Local\Temp\Bit2188.tmp.exe
C:\Users\Marek\AppData\Local\Temp\Bit4F6A.tmp.exe
C:\Users\Marek\AppData\Local\Temp\Bit87E9.tmp.exe
C:\Users\Marek\AppData\Local\Temp\Bit8C5E.tmp.exe
C:\Users\Marek\AppData\Local\Temp\Bit8DBB.tmp.exe
C:\Users\Marek\AppData\Local\Temp\Bit9DD4.tmp.exe
C:\Users\Marek\AppData\Local\Temp\BitAC57.tmp.exe
C:\Users\Marek\AppData\Local\Temp\BitE313.tmp.exe
C:\Users\Marek\AppData\Local\Temp\BitE32D.tmp.exe
C:\Users\Marek\AppData\Local\Temp\BitE99B.tmp.exe
C:\Users\Marek\AppData\Local\Temp\BitFBCB.tmp.exe
C:\Users\Marek\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\Marek\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Marek\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Marek\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Marek\AppData\Local\Temp\nvSCPAPISvr.exe
C:\Users\Marek\AppData\Local\Temp\nvStInst.exe
C:\Users\Marek\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Marek\AppData\Local\Temp\sfextra.dll
C:\Users\Marek\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Marek\AppData\Local\Temp\sonarinst.exe
C:\Users\Marek\AppData\Local\Temp\Uninstall.exe
C:\Users\Marek\AppData\Local\Temp\{71E0AD67-8D6D-4BD6-8534-697A361EFB0F}-34.0.1847.131_34.0.1847.116_chrome_updater.exe
C:\Users\Vašek\AppData\Local\Temp\avgnt.exe
C:\Users\Vašek\AppData\Local\Temp\Bit204E.tmp.exe
C:\Users\Vašek\AppData\Local\Temp\Bit23C.tmp.exe
C:\Users\Vašek\AppData\Local\Temp\Bit5DF8.tmp.exe
C:\Users\Vašek\AppData\Local\Temp\BitBA2C.tmp.exe
C:\Users\Vašek\AppData\Local\Temp\BitF78F.tmp.exe
C:\Users\Vašek\AppData\Local\Temp\BRSVC_283236928_hlp.exe
C:\Users\Vašek\AppData\Local\Temp\CoJBiBLauncher.exe
C:\Users\Vašek\AppData\Local\Temp\NEventMessages.dll
C:\Users\Vašek\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Vašek\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Vašek\AppData\Local\Temp\nvStInst.exe
C:\Users\Vašek\AppData\Local\Temp\Quarantine.exe
C:\Users\Vašek\AppData\Local\Temp\Skin.dll
C:\Users\Vašek\AppData\Local\Temp\Social%20Club%20v1.1.5.5%20Setup.exe
C:\Users\Vašek\AppData\Local\Temp\sqlite3.dll
C:\Users\Vašek\AppData\Local\Temp\SRLDetectionLibrary5570364733105267946.dll
C:\Users\Vašek\AppData\Local\Temp\uninst.exe
C:\Users\Vašek\AppData\Local\Temp\_isB515.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-14 07:57
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: (Acer) (Fixed) (Total:455.45 GB) (Free:19.75 GB) NTFS
Drive d: (DATA) (Fixed) (Total:455.96 GB) (Free:8.77 GB) NTFS
Drive f: (Download) (Fixed) (Total:465.75 GB) (Free:233.93 GB) NTFS
Available physical RAM: 6024.41 MB
Total physical RAM: 8140.59 MB
Percentage of memory in use: 25%
==================== MBR and Partition Table ==================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 16323044)
Partition 1: (Not Active) - (Size=20 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=455.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=456 GB) - (Type=07 NTFS)
Disk: 1 (Size: 465.8 GB) (Disk ID: BE794183)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
==================== Scheduled Tasks (whitelisted) ==================
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-266349663-400684417-2290147511-1000Core.job => C:\Users\Marek\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-266349663-400684417-2290147511-1000UA.job => C:\Users\Marek\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Alternate Data Streams (whitelisted) ==================
AlternateDataStreams: C:\ProgramData\Temp:6DDED7D9
AlternateDataStreams: C:\ProgramData\Temp:76650B61
AlternateDataStreams: C:\ProgramData\Temp:C76EDAC3
AlternateDataStreams: C:\Users\Marek\AppData\Local\temp:KqN6mk4cjL4L4aRGiYsV
AlternateDataStreams: C:\Users\Marek\AppData\Local\Temporary Internet Files:ijisQ2zflRxkv9EHwlVHqr8LNR
AlternateDataStreams: C:\Users\Vašek\AppData\Local\Temp:KqN6mk4cjL4L4aRGiYsV
AlternateDataStreams: C:\Users\Vašek\AppData\Local\Temporary Internet Files:ijisQ2zflRxkv9EHwlVHqr8LNR
==================== Security Center ==================
AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Va�ek\Desktop" je 23288 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AirDroid 3
D:\Programy\AirDroid\AirDroid.exe /start [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnTBMon
"C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon
"c:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeathTaker
D:\Programy\DeathTaker\mousehid.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DisplayFusion
"D:\Programy\DisplayFusion\DisplayFusion.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Imperator pro
"D:\Programy\Imperator Pro\IMProhid.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent
D:\Programy\Kies\KiesTrayAgent.exe [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Remote Mouse
C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler
C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Va�ek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk
C:\Users\VAEK~1\AppData\Roaming\Dropbox\bin\Dropbox.exe
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Re: svchost - 100% CPU usage (skrytý rootkit ?)
Koukám že tam zůstal SKYPE Click to Call i když jsem ho přes ovl. pan. smazal, zkusím na něj Revo unninstaler nebo něco...
Re: svchost - 100% CPU usage (skrytý rootkit ?)
Otestujte na virustotal.com C:\Program Files\rUpdater\rUpdater_srv.exe - pokud uz byl soubor otestovany, zvolte Reanalyse. Do pristiho prispevku dejte link (odkaz) s vysledky analyzy. Velikost plochy by nemela presahovat 200 MB. Zpomaluje se pak start i samotny chod celeho PC. Doporucuji hlavne velke soubory a slozky premistit napr. do Dokumentu a na plochu umistit pouze zastupce.Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: svchost - 100% CPU usage (skrytý rootkit ?)
- Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
- ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
- znovu spustte FRST a kliknete na Fix
- po restartu bude na plose ulozen fixlog, jehoz obsah mi vlozte do pristi odpovedi
Kód: Vybrat vše
Start CloseProcesses: Folder: C:\Windows\rUpdater Folder: C:\Program Files\rUpdater Folder: C:\Program Files\Win Drive File: C:\Windows\temp023423.vbe HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-28] (NVIDIA Corporation) HKLM\...\Run: [rUpdater2] => C:\Program Files\rUpdater\rUpdater_agent.exe [2410496 2015-04-25] (Some Company) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation) HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKU\S-1-5-21-266349663-400684417-2290147511-1003\...\Run: [WindowsDriverScan] => C:\Program Files\Win Drive\Drive.lnk [1427 2013-12-04] () HKU\S-1-5-21-266349663-400684417-2290147511-1003\...\Run: [AdobeBridge] => [X] HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} AppInit_DLLs: => File Not Found HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-266349663-400684417-2290147511-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-266349663-400684417-2290147511-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.phpnuke.org/?lang=en&cid=457c4dfc SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-266349663-400684417-2290147511-1003 -> {41F6F0C2-69FA-4497-A62C-5C36A846E8CE} URL = http://search.phpnuke.org/?lang=en&cid=457c4dfc&q={searchTerms} SearchScopes: HKU\S-1-5-21-266349663-400684417-2290147511-1003 -> {47FA3079-0A1B-42DC-A488-8787B6E563D8} URL = BHO: No Name -> {4D594333-0076-A76A-76A7-7A786E7484D7} -> No File FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @esn/esnlaunch,version=1.138.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=2.1.3 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll No File FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin HKU\S-1-5-21-266349663-400684417-2290147511-1003: ubisoft.com/uplaypc -> D:\Hry\Trials Evolution\datapack\orbit\npuplaypc.dll No File CHR Plugin: (Native Client) - C:\Users\Marek\AppData\Local\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll No File CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll No File CHR Plugin: (Java(TM) Platform SE 7 U13) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File CHR Plugin: (Torrent Stream P2P Multimedia Plug-in 2) - C:\Users\Vašek\AppData\Roaming\TorrentStream\player\npts_plugin.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\Windows\SysWOW64\npDeployJava1.dll No File CHR Plugin: (Uplay PC) - D:\Hry\The Settlers 7 - Paths to a Kingdom\Data\Base\_Dbg\Bin\Release\orbit\npuplaypc.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File CHR Extension: (Skype Click to Call) - C:\Users\Vašek\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-03-16] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 nmwcd; system32\drivers\ccdcmbx64.sys [X] S3 nmwcdcx64; system32\drivers\ccdcmbox64.sys [X] S3 nmwcdx64; system32\drivers\ccdcmbx64.sys [X] S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X] S3 upperdev; system32\DRIVERS\usbser_lowerfltx64.sys [X] S3 UsbserFilt; system32\DRIVERS\usbser_lowerfltx64j.sys [X] 2015-05-20 07:19 - 2015-05-20 07:19 - 00112640 _____ (forum.viry.cz) C:\Users\Vašek\Desktop\FRSTLauncher.exe 2015-05-20 00:34 - 2015-05-20 00:40 - 00000000 ____D () C:\AdwCleaner 2015-05-19 23:48 - 2015-05-19 23:48 - 02209792 _____ () C:\Users\Vašek\Desktop\adwcleaner_4.204.exe 2015-05-19 23:36 - 2015-05-19 23:37 - 00000000 ____D () C:\rsit 2015-05-19 23:36 - 2015-05-19 23:36 - 01222144 _____ () C:\Users\Vašek\Downloads\RSITx64.exe 2015-05-02 10:18 - 2015-05-02 10:18 - 02946656 _____ ( ) C:\Users\Vašek\Downloads\amrtomp3_setup.exe 2015-05-19 23:36 - 2013-05-14 11:21 - 00000000 ____D () C:\Program Files\trend micro 2015-04-20 20:39 - 2015-01-09 15:21 - 00061653 _____ () C:\Windows\temp023423.vbe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-266349663-400684417-2290147511-1000Core.job => C:\Users\Marek\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-266349663-400684417-2290147511-1000UA.job => C:\Users\Marek\AppData\Local\Google\Update\GoogleUpdate.exe AlternateDataStreams: C:\ProgramData\Temp:6DDED7D9 AlternateDataStreams: C:\ProgramData\Temp:76650B61 AlternateDataStreams: C:\ProgramData\Temp:C76EDAC3 AlternateDataStreams: C:\Users\Marek\AppData\Local\temp:KqN6mk4cjL4L4aRGiYsV AlternateDataStreams: C:\Users\Marek\AppData\Local\Temporary Internet Files:ijisQ2zflRxkv9EHwlVHqr8LNR AlternateDataStreams: C:\Users\Vašek\AppData\Local\Temp:KqN6mk4cjL4L4aRGiYsV AlternateDataStreams: C:\Users\Vašek\AppData\Local\Temporary Internet Files:ijisQ2zflRxkv9EHwlVHqr8LNR DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnTBMon DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon CMD: dir "C:\Windows\System32\Tasks" Hosts: EmptyTemp: End
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: svchost - 100% CPU usage (skrytý rootkit ?)
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-05-2015
Ran by Vašek at 2015-05-20 14:12:53 Run:1
Running from C:\Users\Vašek\Desktop
Loaded Profiles: Vašek (Available profiles: Vašek & gta)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
CloseProcesses:
Folder: C:\Windows\rUpdater
Folder: C:\Program Files\rUpdater
Folder: C:\Program Files\Win Drive
File: C:\Windows\temp023423.vbe
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-28] (NVIDIA Corporation)
HKLM\...\Run: [rUpdater2] => C:\Program Files\rUpdater\rUpdater_agent.exe [2410496 2015-04-25] (Some Company)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-266349663-400684417-2290147511-1003\...\Run: [WindowsDriverScan] => C:\Program Files\Win Drive\Drive.lnk [1427 2013-12-04] ()
HKU\S-1-5-21-266349663-400684417-2290147511-1003\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
AppInit_DLLs: => File Not Found
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-266349663-400684417-2290147511-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-266349663-400684417-2290147511-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.phpnuke.org/?lang=en&cid=457c4dfc
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-266349663-400684417-2290147511-1003 -> {41F6F0C2-69FA-4497-A62C-5C36A846E8CE} URL = http://search.phpnuke.org/?lang=en&cid= ... earchTerms}
SearchScopes: HKU\S-1-5-21-266349663-400684417-2290147511-1003 -> {47FA3079-0A1B-42DC-A488-8787B6E563D8} URL =
BHO: No Name -> {4D594333-0076-A76A-76A7-7A786E7484D7} -> No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @esn/esnlaunch,version=1.138.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.3 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin HKU\S-1-5-21-266349663-400684417-2290147511-1003: ubisoft.com/uplaypc -> D:\Hry\Trials Evolution\datapack\orbit\npuplaypc.dll No File
CHR Plugin: (Native Client) - C:\Users\Marek\AppData\Local\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll No File
CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U13) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Torrent Stream P2P Multimedia Plug-in 2) - C:\Users\Vašek\AppData\Roaming\TorrentStream\player\npts_plugin.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Uplay PC) - D:\Hry\The Settlers 7 - Paths to a Kingdom\Data\Base\_Dbg\Bin\Release\orbit\npuplaypc.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (Skype Click to Call) - C:\Users\Vašek\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-03-16]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 nmwcd; system32\drivers\ccdcmbx64.sys [X]
S3 nmwcdcx64; system32\drivers\ccdcmbox64.sys [X]
S3 nmwcdx64; system32\drivers\ccdcmbx64.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 upperdev; system32\DRIVERS\usbser_lowerfltx64.sys [X]
S3 UsbserFilt; system32\DRIVERS\usbser_lowerfltx64j.sys [X]
2015-05-20 07:19 - 2015-05-20 07:19 - 00112640 _____ (forum.viry.cz) C:\Users\Vašek\Desktop\FRSTLauncher.exe
2015-05-20 00:34 - 2015-05-20 00:40 - 00000000 ____D () C:\AdwCleaner
2015-05-19 23:48 - 2015-05-19 23:48 - 02209792 _____ () C:\Users\Vašek\Desktop\adwcleaner_4.204.exe
2015-05-19 23:36 - 2015-05-19 23:37 - 00000000 ____D () C:\rsit
2015-05-19 23:36 - 2015-05-19 23:36 - 01222144 _____ () C:\Users\Vašek\Downloads\RSITx64.exe
2015-05-02 10:18 - 2015-05-02 10:18 - 02946656 _____ ( ) C:\Users\Vašek\Downloads\amrtomp3_setup.exe
2015-05-19 23:36 - 2013-05-14 11:21 - 00000000 ____D () C:\Program Files\trend micro
2015-04-20 20:39 - 2015-01-09 15:21 - 00061653 _____ () C:\Windows\temp023423.vbe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-266349663-400684417-2290147511-1000Core.job => C:\Users\Marek\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-266349663-400684417-2290147511-1000UA.job => C:\Users\Marek\AppData\Local\Google\Update\GoogleUpdate.exe
AlternateDataStreams: C:\ProgramData\Temp:6DDED7D9
AlternateDataStreams: C:\ProgramData\Temp:76650B61
AlternateDataStreams: C:\ProgramData\Temp:C76EDAC3
AlternateDataStreams: C:\Users\Marek\AppData\Local\temp:KqN6mk4cjL4L4aRGiYsV
AlternateDataStreams: C:\Users\Marek\AppData\Local\Temporary Internet Files:ijisQ2zflRxkv9EHwlVHqr8LNR
AlternateDataStreams: C:\Users\Vašek\AppData\Local\Temp:KqN6mk4cjL4L4aRGiYsV
AlternateDataStreams: C:\Users\Vašek\AppData\Local\Temporary Internet Files:ijisQ2zflRxkv9EHwlVHqr8LNR
DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnTBMon
DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon
CMD: dir "C:\Windows\System32\Tasks"
Hosts:
EmptyTemp:
End
*****************
Processes closed successfully.
========================= Folder: C:\Windows\rUpdater ========================
====== End of Folder: ======
========================= Folder: C:\Program Files\rUpdater ========================
2015-04-25 17:11 - 2015-04-25 17:11 - 0080896 _____ () C:\Program Files\rUpdater\rupd_dll.dll
2015-04-25 17:12 - 2015-04-25 17:12 - 2410496 _____ (Some Company) C:\Program Files\rUpdater\rUpdater_agent.exe
2015-04-25 17:12 - 2015-04-25 17:12 - 0098304 _____ () C:\Program Files\rUpdater\rUpdater_srv.exe
====== End of Folder: ======
========================= Folder: C:\Program Files\Win Drive ========================
2014-01-26 20:33 - 2012-04-11 04:31 - 0074240 _____ () C:\Program Files\Win Drive\_ctypes.pyd
2014-01-26 20:33 - 2012-04-11 04:31 - 0285184 _____ () C:\Program Files\Win Drive\_hashlib.pyd
2014-01-26 20:33 - 2012-04-11 04:31 - 0040960 _____ () C:\Program Files\Win Drive\_socket.pyd
2014-01-26 20:33 - 2012-10-27 16:21 - 0008192 _____ () C:\Program Files\Win Drive\_win32sysloader.pyd
2014-01-26 20:33 - 2012-08-18 13:09 - 0004096 _____ (Microsoft Corporation) C:\Program Files\Win Drive\API-MS-Win-Core-LocalRegistry-L1-1-0.dll
2014-01-26 20:33 - 2012-06-15 14:20 - 0219648 _____ () C:\Program Files\Win Drive\boost_python-vc90-mt-1_48.dll
2014-01-26 20:33 - 2013-12-03 20:52 - 0210760 _____ () C:\Program Files\Win Drive\daa46b277f76001f9104e6627449767f.elf
2014-01-26 20:33 - 2012-11-18 17:32 - 0000103 _____ () C:\Program Files\Win Drive\defaults.ini
2014-01-26 20:33 - 2013-12-04 18:31 - 0001427 _____ () C:\Program Files\Win Drive\Drive.lnk
2014-01-26 20:33 - 2012-12-04 00:40 - 0212992 _____ () C:\Program Files\Win Drive\guiminer.exe
2014-01-26 20:33 - 2012-11-18 17:32 - 0017214 _____ () C:\Program Files\Win Drive\guiminer_de.po
2014-01-26 20:33 - 2012-11-19 02:41 - 0017955 _____ () C:\Program Files\Win Drive\guiminer_eo.po
2014-01-26 20:33 - 2012-11-18 17:32 - 0017588 _____ () C:\Program Files\Win Drive\guiminer_es.po
2014-01-26 20:33 - 2012-11-18 17:32 - 0018643 _____ () C:\Program Files\Win Drive\guiminer_fr.po
2014-01-26 20:33 - 2012-11-18 17:32 - 0018367 _____ () C:\Program Files\Win Drive\guiminer_hu.po
2014-01-26 20:33 - 2012-11-18 17:32 - 0019379 _____ () C:\Program Files\Win Drive\guiminer_it.po
2014-01-26 20:33 - 2012-11-18 17:32 - 0018161 _____ () C:\Program Files\Win Drive\guiminer_nl.po
2014-01-26 20:33 - 2012-12-04 00:36 - 0018561 _____ () C:\Program Files\Win Drive\guiminer_pt.po
2014-01-26 20:33 - 2012-11-18 17:32 - 0022058 _____ () C:\Program Files\Win Drive\guiminer_ru.po
2014-01-26 20:33 - 2012-11-18 17:32 - 0018473 _____ () C:\Program Files\Win Drive\guiminer_zh.po
2014-01-26 20:33 - 2012-12-04 00:40 - 2558451 _____ () C:\Program Files\Win Drive\library.zip
2014-01-26 20:33 - 2012-11-18 17:32 - 0035821 _____ () C:\Program Files\Win Drive\LICENSE.txt
2014-01-26 20:33 - 2012-11-18 17:32 - 0099678 _____ () C:\Program Files\Win Drive\logo.ico
2014-01-26 20:33 - 2009-07-14 03:15 - 0064000 _____ (Microsoft Corporation) C:\Program Files\Win Drive\MPR.dll
2014-01-26 20:33 - 2010-04-30 14:51 - 0569680 _____ (Microsoft Corporation) C:\Program Files\Win Drive\msvcp90.dll
2014-01-26 20:33 - 2013-08-11 16:41 - 0044032 _____ (NirSoft) C:\Program Files\Win Drive\nircmd.exe
2014-01-26 20:33 - 2012-09-20 04:41 - 2222455 _____ () C:\Program Files\Win Drive\numpy.core._dotblas.pyd
2014-01-26 20:33 - 2012-09-20 04:41 - 1311275 _____ () C:\Program Files\Win Drive\numpy.core.multiarray.pyd
2014-01-26 20:33 - 2012-09-20 04:41 - 0174793 _____ () C:\Program Files\Win Drive\numpy.core.scalarmath.pyd
2014-01-26 20:33 - 2012-09-20 04:41 - 0410432 _____ () C:\Program Files\Win Drive\numpy.core.umath.pyd
2014-01-26 20:33 - 2012-09-20 04:41 - 0046383 _____ () C:\Program Files\Win Drive\numpy.fft.fftpack_lite.pyd
2014-01-26 20:33 - 2012-09-20 04:41 - 0041019 _____ () C:\Program Files\Win Drive\numpy.lib._compiled_base.pyd
2014-01-26 20:33 - 2012-09-20 04:42 - 2382083 _____ () C:\Program Files\Win Drive\numpy.linalg.lapack_lite.pyd
2014-01-26 20:33 - 2012-09-20 04:42 - 0515437 _____ () C:\Program Files\Win Drive\numpy.random.mtrand.pyd
2014-01-26 20:33 - 2012-11-18 17:32 - 0009649 _____ () C:\Program Files\Win Drive\phatk.cl
2014-01-26 20:33 - 2012-12-04 00:40 - 0019968 _____ () C:\Program Files\Win Drive\po_to_mo.exe
2014-01-26 20:33 - 2012-12-04 00:40 - 0024064 _____ () C:\Program Files\Win Drive\poclbm.exe
2014-01-26 20:33 - 2012-06-19 18:01 - 0577536 _____ () C:\Program Files\Win Drive\pyopencl._cl.pyd
2014-01-26 20:33 - 2012-06-19 18:01 - 0023552 _____ () C:\Program Files\Win Drive\pyopencl._pvt_struct.pyd
2014-01-26 20:33 - 2012-04-11 04:31 - 2303488 _____ (Python Software Foundation) C:\Program Files\Win Drive\python27.dll
2014-01-26 20:33 - 2012-10-27 16:22 - 0364544 _____ () C:\Program Files\Win Drive\pythoncom27.dll
2014-01-26 20:33 - 2012-10-27 16:20 - 0110080 _____ () C:\Program Files\Win Drive\pywintypes27.dll
2014-01-26 20:33 - 2012-11-19 02:38 - 0006919 _____ () C:\Program Files\Win Drive\README.txt
2014-01-26 20:33 - 2012-04-11 04:31 - 0009728 _____ () C:\Program Files\Win Drive\select.pyd
2014-01-26 20:33 - 2012-11-18 17:32 - 0009495 _____ () C:\Program Files\Win Drive\servers.ini
2014-01-26 20:33 - 2013-12-04 18:41 - 0000254 _____ () C:\Program Files\Win Drive\START.bat
2014-01-26 20:33 - 2012-10-27 16:21 - 0098816 _____ () C:\Program Files\Win Drive\win32api.pyd
2014-01-26 20:33 - 2012-10-27 16:20 - 0025600 _____ () C:\Program Files\Win Drive\win32pdh.pyd
2014-01-26 20:33 - 2012-10-27 16:20 - 0024064 _____ () C:\Program Files\Win Drive\win32pipe.pyd
2014-01-26 20:33 - 2012-10-27 16:20 - 0035840 _____ () C:\Program Files\Win Drive\win32process.pyd
2014-01-26 20:33 - 2012-10-27 16:26 - 0778752 _____ () C:\Program Files\Win Drive\win32ui.pyd
2014-01-26 20:33 - 2012-10-27 16:20 - 0025088 _____ () C:\Program Files\Win Drive\win32wnet.pyd
2014-01-26 20:33 - 2011-07-16 03:38 - 0966144 _____ () C:\Program Files\Win Drive\wx._controls_.pyd
2014-01-26 20:33 - 2011-07-16 03:37 - 0981504 _____ () C:\Program Files\Win Drive\wx._core_.pyd
2014-01-26 20:33 - 2011-07-16 03:38 - 0746496 _____ () C:\Program Files\Win Drive\wx._gdi_.pyd
2014-01-26 20:33 - 2011-07-16 03:38 - 0674816 _____ () C:\Program Files\Win Drive\wx._misc_.pyd
2014-01-26 20:33 - 2011-07-16 03:38 - 0670720 _____ () C:\Program Files\Win Drive\wx._windows_.pyd
2014-01-26 20:33 - 2011-07-16 03:33 - 0122368 _____ (wxWidgets development team) C:\Program Files\Win Drive\wxbase28uh_net_vc.dll
2014-01-26 20:33 - 2011-07-16 03:33 - 1300992 _____ (wxWidgets development team) C:\Program Files\Win Drive\wxbase28uh_vc.dll
2014-01-26 20:33 - 2011-07-16 03:34 - 0730112 _____ (wxWidgets development team) C:\Program Files\Win Drive\wxmsw28uh_adv_vc.dll
2014-01-26 20:33 - 2011-07-16 03:34 - 3165184 _____ (wxWidgets development team) C:\Program Files\Win Drive\wxmsw28uh_core_vc.dll
2014-01-26 20:33 - 2011-07-16 03:34 - 0479744 _____ (wxWidgets development team) C:\Program Files\Win Drive\wxmsw28uh_html_vc.dll
2014-01-26 20:33 - 2013-12-09 11:09 - 0000000 ____D () C:\Program Files\Win Drive\locale
2014-01-26 20:33 - 2013-12-09 11:09 - 0000000 ____D () C:\Program Files\Win Drive\locale\de
2014-01-26 20:33 - 2013-12-09 11:09 - 0000000 ____D () C:\Program Files\Win Drive\locale\de\LC_MESSAGES
2014-01-26 20:33 - 2012-12-04 00:36 - 0010798 _____ () C:\Program Files\Win Drive\locale\de\LC_MESSAGES\guiminer.mo
2014-01-26 20:33 - 2013-12-09 11:09 - 0000000 ____D () C:\Program Files\Win Drive\locale\eo
2014-01-26 20:33 - 2013-12-09 11:09 - 0000000 ____D () C:\Program Files\Win Drive\locale\eo\LC_MESSAGES
2014-01-26 20:33 - 2012-12-04 00:36 - 0012724 _____ () C:\Program Files\Win Drive\locale\eo\LC_MESSAGES\guiminer.mo
2014-01-26 20:33 - 2013-12-09 11:09 - 0000000 ____D () C:\Program Files\Win Drive\locale\es
2014-01-26 20:33 - 2013-12-09 11:09 - 0000000 ____D () C:\Program Files\Win Drive\locale\es\LC_MESSAGES
2014-01-26 20:33 - 2012-12-04 00:36 - 0011452 _____ () C:\Program Files\Win Drive\locale\es\LC_MESSAGES\guiminer.mo
2014-01-26 20:33 - 2013-12-09 11:09 - 0000000 ____D () C:\Program Files\Win Drive\locale\fr
2014-01-26 20:33 - 2013-12-09 11:09 - 0000000 ____D () C:\Program Files\Win Drive\locale\fr\LC_MESSAGES
2014-01-26 20:33 - 2012-12-04 00:36 - 0011378 _____ () C:\Program Files\Win Drive\locale\fr\LC_MESSAGES\guiminer.mo
2014-01-26 20:33 - 2013-12-09 11:09 - 0000000 ____D () C:\Program Files\Win Drive\locale\hu
2014-01-26 20:33 - 2013-12-09 11:09 - 0000000 ____D () C:\Program Files\Win Drive\locale\hu\LC_MESSAGES
2014-01-26 20:33 - 2012-12-04 00:36 - 0011258 _____ () C:\Program Files\Win Drive\locale\hu\LC_MESSAGES\guiminer.mo
2014-01-26 20:33 - 2013-12-09 11:09 - 0000000 ____D () C:\Program Files\Win Drive\locale\it
2014-01-26 20:33 - 2013-12-09 11:09 - 0000000 ____D () C:\Program Files\Win Drive\locale\it\LC_MESSAGES
2014-01-26 20:33 - 2012-12-04 00:36 - 0012532 _____ () C:\Program Files\Win Drive\locale\it\LC_MESSAGES\guiminer.mo
2014-01-26 20:33 - 2013-12-09 11:09 - 0000000 ____D () C:\Program Files\Win Drive\locale\pt
2014-01-26 20:33 - 2013-12-09 11:09 - 0000000 ____D () C:\Program Files\Win Drive\locale\pt\LC_MESSAGES
2014-01-26 20:33 - 2012-12-04 00:36 - 0013477 _____ () C:\Program Files\Win Drive\locale\pt\LC_MESSAGES\guiminer.mo
2014-01-26 20:33 - 2013-12-09 11:09 - 0000000 ____D () C:\Program Files\Win Drive\locale\ru
2014-01-26 20:33 - 2013-12-09 11:09 - 0000000 ____D () C:\Program Files\Win Drive\locale\ru\LC_MESSAGES
2014-01-26 20:33 - 2012-12-04 00:36 - 0015562 _____ () C:\Program Files\Win Drive\locale\ru\LC_MESSAGES\guiminer.mo
2014-01-26 20:33 - 2013-12-09 11:09 - 0000000 ____D () C:\Program Files\Win Drive\locale\zh
2014-01-26 20:33 - 2013-12-09 11:09 - 0000000 ____D () C:\Program Files\Win Drive\locale\zh\LC_MESSAGES
2014-01-26 20:33 - 2012-12-04 00:36 - 0012751 _____ () C:\Program Files\Win Drive\locale\zh\LC_MESSAGES\guiminer.mo
====== End of Folder: ======
========================= File: C:\Windows\temp023423.vbe ========================
MD5: 908D414D24F32E9FC63327B4708AFC36
Creation and modification date: 2015-01-09 15:21 - 2015-04-20 20:39
Size: 0061653
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product Name:
Description:
File Version:
Product Version:
Copyright:
====== End Of File: ======
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeAAMUpdater-1.0 => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\NvBackend => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\rUpdater2 => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\BCSSync => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SwitchBoard => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AdobeCS5.5ServiceManager => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AdobeCS6ServiceManager => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => value deleted successfully.
HKU\S-1-5-21-266349663-400684417-2290147511-1003\Software\Microsoft\Windows\CurrentVersion\Run\\WindowsDriverScan => value deleted successfully.
HKU\S-1-5-21-266349663-400684417-2290147511-1003\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\IsMyWinLockerReboot => value deleted successfully.
"AppInit_DLLs: => File Not Found" => Value Data not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-266349663-400684417-2290147511-1003\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\S-1-5-21-266349663-400684417-2290147511-1003\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-266349663-400684417-2290147511-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{41F6F0C2-69FA-4497-A62C-5C36A846E8CE}" => Key deleted successfully.
HKCR\CLSID\{41F6F0C2-69FA-4497-A62C-5C36A846E8CE} => Key not found.
"HKU\S-1-5-21-266349663-400684417-2290147511-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{47FA3079-0A1B-42DC-A488-8787B6E563D8}" => Key deleted successfully.
HKCR\CLSID\{47FA3079-0A1B-42DC-A488-8787B6E563D8} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D594333-0076-A76A-76A7-7A786E7484D7}" => Key deleted successfully.
"HKCR\CLSID\{4D594333-0076-A76A-76A7-7A786E7484D7}" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=1.138.0" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=2.1.3" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=2.3.0" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKU\S-1-5-21-266349663-400684417-2290147511-1003\Software\MozillaPlugins\ubisoft.com/uplaypc" => Key deleted successfully.
D:\Hry\Trials Evolution\datapack\orbit\npuplaypc.dll not found.
C:\Users\Marek\AppData\Local\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll not found.
C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll not found.
C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll not found.
C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll not found.
C:\Users\Vašek\AppData\Roaming\TorrentStream\player\npts_plugin.dll not found.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll not found.
C:\Windows\SysWOW64\npDeployJava1.dll not found.
D:\Hry\The Settlers 7 - Paths to a Kingdom\Data\Base\_Dbg\Bin\Release\orbit\npuplaypc.dll not found.
c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll not found.
C:\Users\Vašek\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl" => Key deleted successfully.
C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx => Moved successfully.
catchme => Service deleted successfully.
nmwcd => Service deleted successfully.
nmwcdcx64 => Service deleted successfully.
nmwcdx64 => Service deleted successfully.
pccsmcfd => Service deleted successfully.
upperdev => Service deleted successfully.
UsbserFilt => Service deleted successfully.
C:\Users\Vašek\Desktop\FRSTLauncher.exe => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\Users\Vašek\Desktop\adwcleaner_4.204.exe => Moved successfully.
C:\rsit => Moved successfully.
C:\Users\Vašek\Downloads\RSITx64.exe => Moved successfully.
C:\Users\Vašek\Downloads\amrtomp3_setup.exe => Moved successfully.
C:\Program Files\trend micro => Moved successfully.
C:\Windows\temp023423.vbe => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-266349663-400684417-2290147511-1000Core.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-266349663-400684417-2290147511-1000UA.job => Moved successfully.
C:\ProgramData\Temp => ":6DDED7D9" ADS removed successfully.
C:\ProgramData\Temp => ":76650B61" ADS removed successfully.
C:\ProgramData\Temp => ":C76EDAC3" ADS removed successfully.
C:\Users\Marek\AppData\Local\temp => ":KqN6mk4cjL4L4aRGiYsV" ADS removed successfully.
"C:\Users\Marek\AppData\Local\Temporary Internet Files" => ":ijisQ2zflRxkv9EHwlVHqr8LNR" ADS not found.
C:\Users\Vašek\AppData\Local\Temp => ":KqN6mk4cjL4L4aRGiYsV" ADS removed successfully.
"C:\Users\Vašek\AppData\Local\Temporary Internet Files" => ":ijisQ2zflRxkv9EHwlVHqr8LNR" ADS not found.
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnTBMon => Key Deleted successfully.
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon => Key Deleted successfully.
========= dir "C:\Windows\System32\Tasks" =========
Svazek v jednotce C je Acer.
S�riov� ��slo svazku je 64F5-A598.
V�pis adres��e C:\Windows\System32\Tasks
20.05.2015 00:40 <DIR> .
20.05.2015 00:40 <DIR> ..
23.12.2014 16:52 3�886 Adobe Acrobat Update Task
15.04.2015 07:56 3�768 Adobe Flash Player Updater
16.01.2013 13:23 3�508 AdobeAAMUpdater-1.0-MARAMERRY-FIFA 13
25.09.2012 02:06 3�502 AdobeAAMUpdater-1.0-Marek-PC-Va�ek
09.08.2014 13:27 2�772 CCleanerSkipUAC
08.03.2012 09:06 3�200 DeviceDetector
08.03.2012 08:54 3�340 EgisUpdate
17.11.2014 19:33 3�536 GoogleUpdateTaskUserS-1-5-21-266349663-400684417-2290147511-1000Core
17.11.2014 19:33 3�932 GoogleUpdateTaskUserS-1-5-21-266349663-400684417-2290147511-1000UA
19.02.2015 21:52 3�270 iDisplayStartup
08.03.2012 08:33 <DIR> Microsoft
23.04.2013 13:45 <DIR> NCH Software
20.09.2012 18:06 <DIR> OfficeSoftwareProtectionPlatform
20.04.2015 20:40 3�090 Origin
08.03.2012 08:54 3�272 PMMUpdate
08.03.2012 08:29 3�986 UALU notificatin
19.05.2015 22:04 3�954 User_Feed_Synchronization-{11996B44-D394-43CD-ABB9-DBF05E591E20}
12.12.2013 18:00 <DIR> WPD
19.01.2013 18:31 3�294 {26A82DCA-CB73-45EF-ABA9-84103BBCBE5C}
03.07.2014 22:36 3�126 {63DD9998-9D10-42C5-9BF3-CEC07EC9F60A}
24.03.2013 23:39 3�042 {B7504F28-BE5E-4840-9F2D-0EB7F1706BF4}
02.07.2014 10:38 3�126 {B759C828-3D3D-4298-9475-E1CD5A3F449E}
26.05.2014 11:13 3�126 {F54BCD02-87F5-4B8C-810C-46F4004A9B99}
Soubor�: 19, Bajt�: 64�730
Adres���: 6, Voln�ch bajt�: 20�090�494�976
========= End of CMD: =========
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 26.2 GB temporary data.
The system needed a reboot.
==== End of Fixlog 14:17:12 ====
Ran by Vašek at 2015-05-20 14:12:53 Run:1
Running from C:\Users\Vašek\Desktop
Loaded Profiles: Vašek (Available profiles: Vašek & gta)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
CloseProcesses:
Folder: C:\Windows\rUpdater
Folder: C:\Program Files\rUpdater
Folder: C:\Program Files\Win Drive
File: C:\Windows\temp023423.vbe
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-28] (NVIDIA Corporation)
HKLM\...\Run: [rUpdater2] => C:\Program Files\rUpdater\rUpdater_agent.exe [2410496 2015-04-25] (Some Company)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-266349663-400684417-2290147511-1003\...\Run: [WindowsDriverScan] => C:\Program Files\Win Drive\Drive.lnk [1427 2013-12-04] ()
HKU\S-1-5-21-266349663-400684417-2290147511-1003\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
AppInit_DLLs: => File Not Found
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-266349663-400684417-2290147511-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-266349663-400684417-2290147511-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.phpnuke.org/?lang=en&cid=457c4dfc
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-266349663-400684417-2290147511-1003 -> {41F6F0C2-69FA-4497-A62C-5C36A846E8CE} URL = http://search.phpnuke.org/?lang=en&cid= ... earchTerms}
SearchScopes: HKU\S-1-5-21-266349663-400684417-2290147511-1003 -> {47FA3079-0A1B-42DC-A488-8787B6E563D8} URL =
BHO: No Name -> {4D594333-0076-A76A-76A7-7A786E7484D7} -> No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @esn/esnlaunch,version=1.138.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.3 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin HKU\S-1-5-21-266349663-400684417-2290147511-1003: ubisoft.com/uplaypc -> D:\Hry\Trials Evolution\datapack\orbit\npuplaypc.dll No File
CHR Plugin: (Native Client) - C:\Users\Marek\AppData\Local\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll No File
CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U13) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Torrent Stream P2P Multimedia Plug-in 2) - C:\Users\Vašek\AppData\Roaming\TorrentStream\player\npts_plugin.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Uplay PC) - D:\Hry\The Settlers 7 - Paths to a Kingdom\Data\Base\_Dbg\Bin\Release\orbit\npuplaypc.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (Skype Click to Call) - C:\Users\Vašek\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-03-16]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 nmwcd; system32\drivers\ccdcmbx64.sys [X]
S3 nmwcdcx64; system32\drivers\ccdcmbox64.sys [X]
S3 nmwcdx64; system32\drivers\ccdcmbx64.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 upperdev; system32\DRIVERS\usbser_lowerfltx64.sys [X]
S3 UsbserFilt; system32\DRIVERS\usbser_lowerfltx64j.sys [X]
2015-05-20 07:19 - 2015-05-20 07:19 - 00112640 _____ (forum.viry.cz) C:\Users\Vašek\Desktop\FRSTLauncher.exe
2015-05-20 00:34 - 2015-05-20 00:40 - 00000000 ____D () C:\AdwCleaner
2015-05-19 23:48 - 2015-05-19 23:48 - 02209792 _____ () C:\Users\Vašek\Desktop\adwcleaner_4.204.exe
2015-05-19 23:36 - 2015-05-19 23:37 - 00000000 ____D () C:\rsit
2015-05-19 23:36 - 2015-05-19 23:36 - 01222144 _____ () C:\Users\Vašek\Downloads\RSITx64.exe
2015-05-02 10:18 - 2015-05-02 10:18 - 02946656 _____ ( ) C:\Users\Vašek\Downloads\amrtomp3_setup.exe
2015-05-19 23:36 - 2013-05-14 11:21 - 00000000 ____D () C:\Program Files\trend micro
2015-04-20 20:39 - 2015-01-09 15:21 - 00061653 _____ () C:\Windows\temp023423.vbe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-266349663-400684417-2290147511-1000Core.job => C:\Users\Marek\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-266349663-400684417-2290147511-1000UA.job => C:\Users\Marek\AppData\Local\Google\Update\GoogleUpdate.exe
AlternateDataStreams: C:\ProgramData\Temp:6DDED7D9
AlternateDataStreams: C:\ProgramData\Temp:76650B61
AlternateDataStreams: C:\ProgramData\Temp:C76EDAC3
AlternateDataStreams: C:\Users\Marek\AppData\Local\temp:KqN6mk4cjL4L4aRGiYsV
AlternateDataStreams: C:\Users\Marek\AppData\Local\Temporary Internet Files:ijisQ2zflRxkv9EHwlVHqr8LNR
AlternateDataStreams: C:\Users\Vašek\AppData\Local\Temp:KqN6mk4cjL4L4aRGiYsV
AlternateDataStreams: C:\Users\Vašek\AppData\Local\Temporary Internet Files:ijisQ2zflRxkv9EHwlVHqr8LNR
DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnTBMon
DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon
CMD: dir "C:\Windows\System32\Tasks"
Hosts:
EmptyTemp:
End
*****************
Processes closed successfully.
========================= Folder: C:\Windows\rUpdater ========================
====== End of Folder: ======
========================= Folder: C:\Program Files\rUpdater ========================
2015-04-25 17:11 - 2015-04-25 17:11 - 0080896 _____ () C:\Program Files\rUpdater\rupd_dll.dll
2015-04-25 17:12 - 2015-04-25 17:12 - 2410496 _____ (Some Company) C:\Program Files\rUpdater\rUpdater_agent.exe
2015-04-25 17:12 - 2015-04-25 17:12 - 0098304 _____ () C:\Program Files\rUpdater\rUpdater_srv.exe
====== End of Folder: ======
========================= Folder: C:\Program Files\Win Drive ========================
2014-01-26 20:33 - 2012-04-11 04:31 - 0074240 _____ () C:\Program Files\Win Drive\_ctypes.pyd
2014-01-26 20:33 - 2012-04-11 04:31 - 0285184 _____ () C:\Program Files\Win Drive\_hashlib.pyd
2014-01-26 20:33 - 2012-04-11 04:31 - 0040960 _____ () C:\Program Files\Win Drive\_socket.pyd
2014-01-26 20:33 - 2012-10-27 16:21 - 0008192 _____ () C:\Program Files\Win Drive\_win32sysloader.pyd
2014-01-26 20:33 - 2012-08-18 13:09 - 0004096 _____ (Microsoft Corporation) C:\Program Files\Win Drive\API-MS-Win-Core-LocalRegistry-L1-1-0.dll
2014-01-26 20:33 - 2012-06-15 14:20 - 0219648 _____ () C:\Program Files\Win Drive\boost_python-vc90-mt-1_48.dll
2014-01-26 20:33 - 2013-12-03 20:52 - 0210760 _____ () C:\Program Files\Win Drive\daa46b277f76001f9104e6627449767f.elf
2014-01-26 20:33 - 2012-11-18 17:32 - 0000103 _____ () C:\Program Files\Win Drive\defaults.ini
2014-01-26 20:33 - 2013-12-04 18:31 - 0001427 _____ () C:\Program Files\Win Drive\Drive.lnk
2014-01-26 20:33 - 2012-12-04 00:40 - 0212992 _____ () C:\Program Files\Win Drive\guiminer.exe
2014-01-26 20:33 - 2012-11-18 17:32 - 0017214 _____ () C:\Program Files\Win Drive\guiminer_de.po
2014-01-26 20:33 - 2012-11-19 02:41 - 0017955 _____ () C:\Program Files\Win Drive\guiminer_eo.po
2014-01-26 20:33 - 2012-11-18 17:32 - 0017588 _____ () C:\Program Files\Win Drive\guiminer_es.po
2014-01-26 20:33 - 2012-11-18 17:32 - 0018643 _____ () C:\Program Files\Win Drive\guiminer_fr.po
2014-01-26 20:33 - 2012-11-18 17:32 - 0018367 _____ () C:\Program Files\Win Drive\guiminer_hu.po
2014-01-26 20:33 - 2012-11-18 17:32 - 0019379 _____ () C:\Program Files\Win Drive\guiminer_it.po
2014-01-26 20:33 - 2012-11-18 17:32 - 0018161 _____ () C:\Program Files\Win Drive\guiminer_nl.po
2014-01-26 20:33 - 2012-12-04 00:36 - 0018561 _____ () C:\Program Files\Win Drive\guiminer_pt.po
2014-01-26 20:33 - 2012-11-18 17:32 - 0022058 _____ () C:\Program Files\Win Drive\guiminer_ru.po
2014-01-26 20:33 - 2012-11-18 17:32 - 0018473 _____ () C:\Program Files\Win Drive\guiminer_zh.po
2014-01-26 20:33 - 2012-12-04 00:40 - 2558451 _____ () C:\Program Files\Win Drive\library.zip
2014-01-26 20:33 - 2012-11-18 17:32 - 0035821 _____ () C:\Program Files\Win Drive\LICENSE.txt
2014-01-26 20:33 - 2012-11-18 17:32 - 0099678 _____ () C:\Program Files\Win Drive\logo.ico
2014-01-26 20:33 - 2009-07-14 03:15 - 0064000 _____ (Microsoft Corporation) C:\Program Files\Win Drive\MPR.dll
2014-01-26 20:33 - 2010-04-30 14:51 - 0569680 _____ (Microsoft Corporation) C:\Program Files\Win Drive\msvcp90.dll
2014-01-26 20:33 - 2013-08-11 16:41 - 0044032 _____ (NirSoft) C:\Program Files\Win Drive\nircmd.exe
2014-01-26 20:33 - 2012-09-20 04:41 - 2222455 _____ () C:\Program Files\Win Drive\numpy.core._dotblas.pyd
2014-01-26 20:33 - 2012-09-20 04:41 - 1311275 _____ () C:\Program Files\Win Drive\numpy.core.multiarray.pyd
2014-01-26 20:33 - 2012-09-20 04:41 - 0174793 _____ () C:\Program Files\Win Drive\numpy.core.scalarmath.pyd
2014-01-26 20:33 - 2012-09-20 04:41 - 0410432 _____ () C:\Program Files\Win Drive\numpy.core.umath.pyd
2014-01-26 20:33 - 2012-09-20 04:41 - 0046383 _____ () C:\Program Files\Win Drive\numpy.fft.fftpack_lite.pyd
2014-01-26 20:33 - 2012-09-20 04:41 - 0041019 _____ () C:\Program Files\Win Drive\numpy.lib._compiled_base.pyd
2014-01-26 20:33 - 2012-09-20 04:42 - 2382083 _____ () C:\Program Files\Win Drive\numpy.linalg.lapack_lite.pyd
2014-01-26 20:33 - 2012-09-20 04:42 - 0515437 _____ () C:\Program Files\Win Drive\numpy.random.mtrand.pyd
2014-01-26 20:33 - 2012-11-18 17:32 - 0009649 _____ () C:\Program Files\Win Drive\phatk.cl
2014-01-26 20:33 - 2012-12-04 00:40 - 0019968 _____ () C:\Program Files\Win Drive\po_to_mo.exe
2014-01-26 20:33 - 2012-12-04 00:40 - 0024064 _____ () C:\Program Files\Win Drive\poclbm.exe
2014-01-26 20:33 - 2012-06-19 18:01 - 0577536 _____ () C:\Program Files\Win Drive\pyopencl._cl.pyd
2014-01-26 20:33 - 2012-06-19 18:01 - 0023552 _____ () C:\Program Files\Win Drive\pyopencl._pvt_struct.pyd
2014-01-26 20:33 - 2012-04-11 04:31 - 2303488 _____ (Python Software Foundation) C:\Program Files\Win Drive\python27.dll
2014-01-26 20:33 - 2012-10-27 16:22 - 0364544 _____ () C:\Program Files\Win Drive\pythoncom27.dll
2014-01-26 20:33 - 2012-10-27 16:20 - 0110080 _____ () C:\Program Files\Win Drive\pywintypes27.dll
2014-01-26 20:33 - 2012-11-19 02:38 - 0006919 _____ () C:\Program Files\Win Drive\README.txt
2014-01-26 20:33 - 2012-04-11 04:31 - 0009728 _____ () C:\Program Files\Win Drive\select.pyd
2014-01-26 20:33 - 2012-11-18 17:32 - 0009495 _____ () C:\Program Files\Win Drive\servers.ini
2014-01-26 20:33 - 2013-12-04 18:41 - 0000254 _____ () C:\Program Files\Win Drive\START.bat
2014-01-26 20:33 - 2012-10-27 16:21 - 0098816 _____ () C:\Program Files\Win Drive\win32api.pyd
2014-01-26 20:33 - 2012-10-27 16:20 - 0025600 _____ () C:\Program Files\Win Drive\win32pdh.pyd
2014-01-26 20:33 - 2012-10-27 16:20 - 0024064 _____ () C:\Program Files\Win Drive\win32pipe.pyd
2014-01-26 20:33 - 2012-10-27 16:20 - 0035840 _____ () C:\Program Files\Win Drive\win32process.pyd
2014-01-26 20:33 - 2012-10-27 16:26 - 0778752 _____ () C:\Program Files\Win Drive\win32ui.pyd
2014-01-26 20:33 - 2012-10-27 16:20 - 0025088 _____ () C:\Program Files\Win Drive\win32wnet.pyd
2014-01-26 20:33 - 2011-07-16 03:38 - 0966144 _____ () C:\Program Files\Win Drive\wx._controls_.pyd
2014-01-26 20:33 - 2011-07-16 03:37 - 0981504 _____ () C:\Program Files\Win Drive\wx._core_.pyd
2014-01-26 20:33 - 2011-07-16 03:38 - 0746496 _____ () C:\Program Files\Win Drive\wx._gdi_.pyd
2014-01-26 20:33 - 2011-07-16 03:38 - 0674816 _____ () C:\Program Files\Win Drive\wx._misc_.pyd
2014-01-26 20:33 - 2011-07-16 03:38 - 0670720 _____ () C:\Program Files\Win Drive\wx._windows_.pyd
2014-01-26 20:33 - 2011-07-16 03:33 - 0122368 _____ (wxWidgets development team) C:\Program Files\Win Drive\wxbase28uh_net_vc.dll
2014-01-26 20:33 - 2011-07-16 03:33 - 1300992 _____ (wxWidgets development team) C:\Program Files\Win Drive\wxbase28uh_vc.dll
2014-01-26 20:33 - 2011-07-16 03:34 - 0730112 _____ (wxWidgets development team) C:\Program Files\Win Drive\wxmsw28uh_adv_vc.dll
2014-01-26 20:33 - 2011-07-16 03:34 - 3165184 _____ (wxWidgets development team) C:\Program Files\Win Drive\wxmsw28uh_core_vc.dll
2014-01-26 20:33 - 2011-07-16 03:34 - 0479744 _____ (wxWidgets development team) C:\Program Files\Win Drive\wxmsw28uh_html_vc.dll
2014-01-26 20:33 - 2013-12-09 11:09 - 0000000 ____D () C:\Program Files\Win Drive\locale
2014-01-26 20:33 - 2013-12-09 11:09 - 0000000 ____D () C:\Program Files\Win Drive\locale\de
2014-01-26 20:33 - 2013-12-09 11:09 - 0000000 ____D () C:\Program Files\Win Drive\locale\de\LC_MESSAGES
2014-01-26 20:33 - 2012-12-04 00:36 - 0010798 _____ () C:\Program Files\Win Drive\locale\de\LC_MESSAGES\guiminer.mo
2014-01-26 20:33 - 2013-12-09 11:09 - 0000000 ____D () C:\Program Files\Win Drive\locale\eo
2014-01-26 20:33 - 2013-12-09 11:09 - 0000000 ____D () C:\Program Files\Win Drive\locale\eo\LC_MESSAGES
2014-01-26 20:33 - 2012-12-04 00:36 - 0012724 _____ () C:\Program Files\Win Drive\locale\eo\LC_MESSAGES\guiminer.mo
2014-01-26 20:33 - 2013-12-09 11:09 - 0000000 ____D () C:\Program Files\Win Drive\locale\es
2014-01-26 20:33 - 2013-12-09 11:09 - 0000000 ____D () C:\Program Files\Win Drive\locale\es\LC_MESSAGES
2014-01-26 20:33 - 2012-12-04 00:36 - 0011452 _____ () C:\Program Files\Win Drive\locale\es\LC_MESSAGES\guiminer.mo
2014-01-26 20:33 - 2013-12-09 11:09 - 0000000 ____D () C:\Program Files\Win Drive\locale\fr
2014-01-26 20:33 - 2013-12-09 11:09 - 0000000 ____D () C:\Program Files\Win Drive\locale\fr\LC_MESSAGES
2014-01-26 20:33 - 2012-12-04 00:36 - 0011378 _____ () C:\Program Files\Win Drive\locale\fr\LC_MESSAGES\guiminer.mo
2014-01-26 20:33 - 2013-12-09 11:09 - 0000000 ____D () C:\Program Files\Win Drive\locale\hu
2014-01-26 20:33 - 2013-12-09 11:09 - 0000000 ____D () C:\Program Files\Win Drive\locale\hu\LC_MESSAGES
2014-01-26 20:33 - 2012-12-04 00:36 - 0011258 _____ () C:\Program Files\Win Drive\locale\hu\LC_MESSAGES\guiminer.mo
2014-01-26 20:33 - 2013-12-09 11:09 - 0000000 ____D () C:\Program Files\Win Drive\locale\it
2014-01-26 20:33 - 2013-12-09 11:09 - 0000000 ____D () C:\Program Files\Win Drive\locale\it\LC_MESSAGES
2014-01-26 20:33 - 2012-12-04 00:36 - 0012532 _____ () C:\Program Files\Win Drive\locale\it\LC_MESSAGES\guiminer.mo
2014-01-26 20:33 - 2013-12-09 11:09 - 0000000 ____D () C:\Program Files\Win Drive\locale\pt
2014-01-26 20:33 - 2013-12-09 11:09 - 0000000 ____D () C:\Program Files\Win Drive\locale\pt\LC_MESSAGES
2014-01-26 20:33 - 2012-12-04 00:36 - 0013477 _____ () C:\Program Files\Win Drive\locale\pt\LC_MESSAGES\guiminer.mo
2014-01-26 20:33 - 2013-12-09 11:09 - 0000000 ____D () C:\Program Files\Win Drive\locale\ru
2014-01-26 20:33 - 2013-12-09 11:09 - 0000000 ____D () C:\Program Files\Win Drive\locale\ru\LC_MESSAGES
2014-01-26 20:33 - 2012-12-04 00:36 - 0015562 _____ () C:\Program Files\Win Drive\locale\ru\LC_MESSAGES\guiminer.mo
2014-01-26 20:33 - 2013-12-09 11:09 - 0000000 ____D () C:\Program Files\Win Drive\locale\zh
2014-01-26 20:33 - 2013-12-09 11:09 - 0000000 ____D () C:\Program Files\Win Drive\locale\zh\LC_MESSAGES
2014-01-26 20:33 - 2012-12-04 00:36 - 0012751 _____ () C:\Program Files\Win Drive\locale\zh\LC_MESSAGES\guiminer.mo
====== End of Folder: ======
========================= File: C:\Windows\temp023423.vbe ========================
MD5: 908D414D24F32E9FC63327B4708AFC36
Creation and modification date: 2015-01-09 15:21 - 2015-04-20 20:39
Size: 0061653
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product Name:
Description:
File Version:
Product Version:
Copyright:
====== End Of File: ======
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeAAMUpdater-1.0 => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\NvBackend => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\rUpdater2 => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\BCSSync => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SwitchBoard => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AdobeCS5.5ServiceManager => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AdobeCS6ServiceManager => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => value deleted successfully.
HKU\S-1-5-21-266349663-400684417-2290147511-1003\Software\Microsoft\Windows\CurrentVersion\Run\\WindowsDriverScan => value deleted successfully.
HKU\S-1-5-21-266349663-400684417-2290147511-1003\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\IsMyWinLockerReboot => value deleted successfully.
"AppInit_DLLs: => File Not Found" => Value Data not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-266349663-400684417-2290147511-1003\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\S-1-5-21-266349663-400684417-2290147511-1003\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-266349663-400684417-2290147511-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{41F6F0C2-69FA-4497-A62C-5C36A846E8CE}" => Key deleted successfully.
HKCR\CLSID\{41F6F0C2-69FA-4497-A62C-5C36A846E8CE} => Key not found.
"HKU\S-1-5-21-266349663-400684417-2290147511-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{47FA3079-0A1B-42DC-A488-8787B6E563D8}" => Key deleted successfully.
HKCR\CLSID\{47FA3079-0A1B-42DC-A488-8787B6E563D8} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D594333-0076-A76A-76A7-7A786E7484D7}" => Key deleted successfully.
"HKCR\CLSID\{4D594333-0076-A76A-76A7-7A786E7484D7}" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=1.138.0" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=2.1.3" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=2.3.0" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKU\S-1-5-21-266349663-400684417-2290147511-1003\Software\MozillaPlugins\ubisoft.com/uplaypc" => Key deleted successfully.
D:\Hry\Trials Evolution\datapack\orbit\npuplaypc.dll not found.
C:\Users\Marek\AppData\Local\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll not found.
C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll not found.
C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll not found.
C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll not found.
C:\Users\Vašek\AppData\Roaming\TorrentStream\player\npts_plugin.dll not found.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll not found.
C:\Windows\SysWOW64\npDeployJava1.dll not found.
D:\Hry\The Settlers 7 - Paths to a Kingdom\Data\Base\_Dbg\Bin\Release\orbit\npuplaypc.dll not found.
c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll not found.
C:\Users\Vašek\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl" => Key deleted successfully.
C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx => Moved successfully.
catchme => Service deleted successfully.
nmwcd => Service deleted successfully.
nmwcdcx64 => Service deleted successfully.
nmwcdx64 => Service deleted successfully.
pccsmcfd => Service deleted successfully.
upperdev => Service deleted successfully.
UsbserFilt => Service deleted successfully.
C:\Users\Vašek\Desktop\FRSTLauncher.exe => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\Users\Vašek\Desktop\adwcleaner_4.204.exe => Moved successfully.
C:\rsit => Moved successfully.
C:\Users\Vašek\Downloads\RSITx64.exe => Moved successfully.
C:\Users\Vašek\Downloads\amrtomp3_setup.exe => Moved successfully.
C:\Program Files\trend micro => Moved successfully.
C:\Windows\temp023423.vbe => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-266349663-400684417-2290147511-1000Core.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-266349663-400684417-2290147511-1000UA.job => Moved successfully.
C:\ProgramData\Temp => ":6DDED7D9" ADS removed successfully.
C:\ProgramData\Temp => ":76650B61" ADS removed successfully.
C:\ProgramData\Temp => ":C76EDAC3" ADS removed successfully.
C:\Users\Marek\AppData\Local\temp => ":KqN6mk4cjL4L4aRGiYsV" ADS removed successfully.
"C:\Users\Marek\AppData\Local\Temporary Internet Files" => ":ijisQ2zflRxkv9EHwlVHqr8LNR" ADS not found.
C:\Users\Vašek\AppData\Local\Temp => ":KqN6mk4cjL4L4aRGiYsV" ADS removed successfully.
"C:\Users\Vašek\AppData\Local\Temporary Internet Files" => ":ijisQ2zflRxkv9EHwlVHqr8LNR" ADS not found.
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnTBMon => Key Deleted successfully.
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon => Key Deleted successfully.
========= dir "C:\Windows\System32\Tasks" =========
Svazek v jednotce C je Acer.
S�riov� ��slo svazku je 64F5-A598.
V�pis adres��e C:\Windows\System32\Tasks
20.05.2015 00:40 <DIR> .
20.05.2015 00:40 <DIR> ..
23.12.2014 16:52 3�886 Adobe Acrobat Update Task
15.04.2015 07:56 3�768 Adobe Flash Player Updater
16.01.2013 13:23 3�508 AdobeAAMUpdater-1.0-MARAMERRY-FIFA 13
25.09.2012 02:06 3�502 AdobeAAMUpdater-1.0-Marek-PC-Va�ek
09.08.2014 13:27 2�772 CCleanerSkipUAC
08.03.2012 09:06 3�200 DeviceDetector
08.03.2012 08:54 3�340 EgisUpdate
17.11.2014 19:33 3�536 GoogleUpdateTaskUserS-1-5-21-266349663-400684417-2290147511-1000Core
17.11.2014 19:33 3�932 GoogleUpdateTaskUserS-1-5-21-266349663-400684417-2290147511-1000UA
19.02.2015 21:52 3�270 iDisplayStartup
08.03.2012 08:33 <DIR> Microsoft
23.04.2013 13:45 <DIR> NCH Software
20.09.2012 18:06 <DIR> OfficeSoftwareProtectionPlatform
20.04.2015 20:40 3�090 Origin
08.03.2012 08:54 3�272 PMMUpdate
08.03.2012 08:29 3�986 UALU notificatin
19.05.2015 22:04 3�954 User_Feed_Synchronization-{11996B44-D394-43CD-ABB9-DBF05E591E20}
12.12.2013 18:00 <DIR> WPD
19.01.2013 18:31 3�294 {26A82DCA-CB73-45EF-ABA9-84103BBCBE5C}
03.07.2014 22:36 3�126 {63DD9998-9D10-42C5-9BF3-CEC07EC9F60A}
24.03.2013 23:39 3�042 {B7504F28-BE5E-4840-9F2D-0EB7F1706BF4}
02.07.2014 10:38 3�126 {B759C828-3D3D-4298-9475-E1CD5A3F449E}
26.05.2014 11:13 3�126 {F54BCD02-87F5-4B8C-810C-46F4004A9B99}
Soubor�: 19, Bajt�: 64�730
Adres���: 6, Voln�ch bajt�: 20�090�494�976
========= End of CMD: =========
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 26.2 GB temporary data.
The system needed a reboot.
==== End of Fixlog 14:17:12 ====
Re: svchost - 100% CPU usage (skrytý rootkit ?)
Pozorujete zlepseni? Soubory - C:\FRST\Quarantine\C\Windows\temp023423.vbe.xBAD
- C:\FRST\Quarantine\C\Users\Vašek\Downloads\amrtomp3_setup.exe.xBAD
Ulozte na plochu MBAR - http://www.bleepingcomputer.com/downloa ... i-rootkit/
- Spuste dvojklikem a extrahujte na plochu
- kliknete na Next
- Aktualizujte virovou databazi klikem na Update a pokracujte na Next
- Vsechny 3 moznosti nechte zaskrtnute a zvolte Scan (potrva cca 15 minut)
- zatrhnete vsechny nalezy a take zkontrolujte zatrzitko u Create Restore Point
- kliknete na Cleanup a souhlaste s restartem - Yes
- obsah logu ulozene na plose v mbar\mbar-log-2015-mm-dd (hh-mm-ss).txt vlozte do pristi odpovedi
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: svchost - 100% CPU usage (skrytý rootkit ?)
email jsem poslal i se screenem, mbar mi provede scan, najde bitcoin miner v svchost ale po dokonceni scanu se vypne, bez možnosti provést cleanup
Re: svchost - 100% CPU usage (skrytý rootkit ?)
Za vzorky dekuji.
Kouknete do slozky, kam jste mbar extrahoval. Je tam log s nalezy?
Kouknete do slozky, kam jste mbar extrahoval. Je tam log s nalezy?
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Re: svchost - 100% CPU usage (skrytý rootkit ?)
Ten tam je, jsou tam vidět i ty 2 nálezy
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 11.0.9600.17801
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 3.093000 GHz
Memory total: 8536031232, free: 5942509568
Downloaded database version: v2015.05.20.06
Downloaded database version: v2015.05.16.01
Downloaded database version: v2015.05.13.01
=======================================
Initializing...
------------ Kernel report ------------
05/21/2015 07:14:19
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\sptd.sys
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\SysWOW64\speedfan.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\DRIVERS\iusb3hcs.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\mwlPSDFilter.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys
\SystemRoot\system32\DRIVERS\mwlPSDNServ.sys
\SystemRoot\system32\drivers\mssmbios.sys
\??\C:\Windows\system32\drivers\rsdrvx64.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\blbdrive.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\iusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\e1c62x64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\AVer330.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\Drivers\a4sf1gy5.SYS
\SystemRoot\System32\Drivers\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\system32\DRIVERS\circlass.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\DRIVERS\iusb3hub.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Windows\system32\drivers\aksdf.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\??\C:\Windows\system32\drivers\aksfridge.sys
\SystemRoot\system32\DRIVERS\avnetflt.sys
\??\C:\Windows\system32\drivers\hardlock.sys
\SystemRoot\system32\DRIVERS\lirsgt.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\gdi32.dll
\Windows\System32\msctf.dll
\Windows\System32\comdlg32.dll
\Windows\System32\difxapi.dll
\Windows\System32\ole32.dll
\Windows\System32\user32.dll
\Windows\System32\wininet.dll
\Windows\System32\advapi32.dll
\Windows\System32\lpk.dll
\Windows\System32\imm32.dll
\Windows\System32\shell32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\Wldap32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\iertutil.dll
\Windows\System32\usp10.dll
\Windows\System32\urlmon.dll
\Windows\System32\normaliz.dll
\Windows\System32\setupapi.dll
\Windows\System32\imagehlp.dll
\Windows\System32\psapi.dll
\Windows\System32\sechost.dll
\Windows\System32\kernel32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\ws2_32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\nsi.dll
\Windows\System32\oleaut32.dll
\Windows\System32\wintrust.dll
\Windows\System32\userenv.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\profapi.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
IRP handler 0 of \Driver\USBSTOR points to an unknown module
Unhooking enabled.
Scan started
Database versions:
main: v2015.05.20.06
rootkit: v2015.05.16.01
<<<1>>>
Upper Device Name: \Device\Harddisk6\DR6
Upper Device Object: 0xfffffa800b703790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000098\
Lower Device Object: 0xfffffa800b6e8b60
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk5\DR5
Upper Device Object: 0xfffffa800b701060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000097\
Lower Device Object: 0xfffffa800b6e1060
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xfffffa800b700060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000096\
Lower Device Object: 0xfffffa800b6e2060
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa800b6f7790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000095\
Lower Device Object: 0xfffffa800b6e2750
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa800b6fe790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000094\
Lower Device Object: 0xfffffa800b6ddb60
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8007779790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-3\
Lower Device Object: 0xfffffa800777c050
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8007775790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-2\
Lower Device Object: 0xfffffa8007778050
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007775790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800768ab90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007775790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007663950, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8007778050, DeviceName: \Device\Ide\IAAStorageDevice-2\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a01558ba70, 0xfffffa8007775790, 0xfffffa8009a3e090
Lower DeviceData: 0xfffff8a019adb590, 0xfffffa8007778050, 0xfffffa8006a64370
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 16323044
Partition information:
Partition 0 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 41943040
Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 41945088 Numsec = 204800
Partition file system is NTFS
Partition is bootable
Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 42149888 Numsec = 955150336
Partition 3 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 997300224 Numsec = 956221440
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8007779790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800768bb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007779790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007665950, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa800777c050, DeviceName: \Device\Ide\IAAStorageDevice-3\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a014286f10, 0xfffffa8007779790, 0xfffffa800a587090
Lower DeviceData: 0xfffff8a018e03560, 0xfffffa800777c050, 0xfffffa800a2b8090
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: BE794183
Partition information:
Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 976751937
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 500107862016 bytes
Sector size: 512 bytes
Done!
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa800b6fe790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800b6e9b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800b6fe790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800b6ddb60, DeviceName: \Device\00000094\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa800b6f7790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800b6fdb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800b6f7790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800b6e2750, DeviceName: \Device\00000095\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa800b700060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800b6fb500, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800b700060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800b6e2060, DeviceName: \Device\00000096\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 5, DevicePointer: 0xfffffa800b701060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800b700b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800b701060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800b6e1060, DeviceName: \Device\00000097\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 6, DevicePointer: 0xfffffa800b703790, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800b702040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800b703790, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800b6e8b60, DeviceName: \Device\00000098\, DriverName: \Driver\USBSTOR\
------------ End ----------
Infected: C:\Windows\Temp\svchost.exe --> [Trojan.BitcoinMiner]
Infected: C:\Windows\Temp\svchost.exe --> [Trojan.BitcoinMiner]
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 11.0.9600.17801
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 3.093000 GHz
Memory total: 8536031232, free: 5327040512
=======================================
Initializing...
------------ Kernel report ------------
05/21/2015 07:43:38
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\sptd.sys
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\SysWOW64\speedfan.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\DRIVERS\iusb3hcs.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\mwlPSDFilter.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys
\SystemRoot\system32\DRIVERS\mwlPSDNServ.sys
\SystemRoot\system32\drivers\mssmbios.sys
\??\C:\Windows\system32\drivers\rsdrvx64.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\blbdrive.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\iusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\e1c62x64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\AVer330.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\Drivers\a4sf1gy5.SYS
\SystemRoot\System32\Drivers\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\system32\DRIVERS\circlass.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\DRIVERS\iusb3hub.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Windows\system32\drivers\aksdf.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\??\C:\Windows\system32\drivers\aksfridge.sys
\SystemRoot\system32\DRIVERS\avnetflt.sys
\??\C:\Windows\system32\drivers\hardlock.sys
\SystemRoot\system32\DRIVERS\lirsgt.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\gdi32.dll
\Windows\System32\msctf.dll
\Windows\System32\comdlg32.dll
\Windows\System32\difxapi.dll
\Windows\System32\ole32.dll
\Windows\System32\user32.dll
\Windows\System32\wininet.dll
\Windows\System32\advapi32.dll
\Windows\System32\lpk.dll
\Windows\System32\imm32.dll
\Windows\System32\shell32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\Wldap32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\iertutil.dll
\Windows\System32\usp10.dll
\Windows\System32\urlmon.dll
\Windows\System32\normaliz.dll
\Windows\System32\setupapi.dll
\Windows\System32\imagehlp.dll
\Windows\System32\psapi.dll
\Windows\System32\sechost.dll
\Windows\System32\kernel32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\ws2_32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\nsi.dll
\Windows\System32\oleaut32.dll
\Windows\System32\wintrust.dll
\Windows\System32\userenv.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\profapi.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
IRP handler 0 of \Driver\USBSTOR points to an unknown module
Unhooking enabled.
Scan started
Database versions:
main: v2015.05.20.06
rootkit: v2015.05.16.01
<<<1>>>
Upper Device Name: \Device\Harddisk6\DR6
Upper Device Object: 0xfffffa800b703790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000098\
Lower Device Object: 0xfffffa800b6e8b60
Lower Device Driver Name: \Driver\USBSTOR\
Device already Exists: 0xfffffa800719f090
<<<1>>>
Upper Device Name: \Device\Harddisk5\DR5
Upper Device Object: 0xfffffa800b701060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000097\
Lower Device Object: 0xfffffa800b6e1060
Lower Device Driver Name: \Driver\USBSTOR\
Device already Exists: 0xfffffa8009ac9e40
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xfffffa800b700060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000096\
Lower Device Object: 0xfffffa800b6e2060
Lower Device Driver Name: \Driver\USBSTOR\
Device already Exists: 0xfffffa800a184660
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa800b6f7790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000095\
Lower Device Object: 0xfffffa800b6e2750
Lower Device Driver Name: \Driver\USBSTOR\
Device already Exists: 0xfffffa8009b2c1b0
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa800b6fe790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000094\
Lower Device Object: 0xfffffa800b6ddb60
Lower Device Driver Name: \Driver\USBSTOR\
Device already Exists: 0xfffffa8006f6e2a0
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8007779790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-3\
Lower Device Object: 0xfffffa800777c050
Lower Device Driver Name: \Driver\iaStor\
Device already Exists: 0xfffffa800a2b8090
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8007775790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-2\
Lower Device Object: 0xfffffa8007778050
Lower Device Driver Name: \Driver\iaStor\
Device already Exists: 0xfffffa8006a64370
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007775790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800768ab90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007775790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007663950, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8007778050, DeviceName: \Device\Ide\IAAStorageDevice-2\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a0140a3960, 0xfffffa8007775790, 0xfffffa8009a3e090
Lower DeviceData: 0xfffff8a0003070b0, 0xfffffa8007778050, 0xfffffa8006a64370
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 16323044
Partition information:
Partition 0 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 41943040
Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 41945088 Numsec = 204800
Partition file system is NTFS
Partition is bootable
Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 42149888 Numsec = 955150336
Partition 3 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 997300224 Numsec = 956221440
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8007779790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800768bb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007779790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007665950, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa800777c050, DeviceName: \Device\Ide\IAAStorageDevice-3\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a0182d69a0, 0xfffffa8007779790, 0xfffffa800a587090
Lower DeviceData: 0xfffff8a012f4dc00, 0xfffffa800777c050, 0xfffffa800a2b8090
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: BE794183
Partition information:
Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 976751937
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 500107862016 bytes
Sector size: 512 bytes
Done!
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa800b6fe790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800b6e9b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800b6fe790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800b6ddb60, DeviceName: \Device\00000094\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa800b6f7790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800b6fdb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800b6f7790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800b6e2750, DeviceName: \Device\00000095\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa800b700060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800b6fb500, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800b700060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800b6e2060, DeviceName: \Device\00000096\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 5, DevicePointer: 0xfffffa800b701060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800b700b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800b701060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800b6e1060, DeviceName: \Device\00000097\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 6, DevicePointer: 0xfffffa800b703790, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800b702040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800b703790, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800b6e8b60, DeviceName: \Device\00000098\, DriverName: \Driver\USBSTOR\
------------ End ----------
Infected: C:\Windows\Temp\svchost.exe --> [Trojan.BitcoinMiner]
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 11.0.9600.17801
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 3.093000 GHz
Memory total: 8536031232, free: 5777465344
=======================================
Initializing...
------------ Kernel report ------------
05/21/2015 08:17:31
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\sptd.sys
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\SysWOW64\speedfan.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\DRIVERS\iusb3hcs.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\mwlPSDFilter.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys
\SystemRoot\system32\DRIVERS\mwlPSDNServ.sys
\SystemRoot\system32\drivers\mssmbios.sys
\??\C:\Windows\system32\drivers\rsdrvx64.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\blbdrive.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\iusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\e1c62x64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\AVer330.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\Drivers\a4sf1gy5.SYS
\SystemRoot\System32\Drivers\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\system32\DRIVERS\circlass.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\DRIVERS\iusb3hub.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Windows\system32\drivers\aksdf.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\??\C:\Windows\system32\drivers\aksfridge.sys
\SystemRoot\system32\DRIVERS\avnetflt.sys
\??\C:\Windows\system32\drivers\hardlock.sys
\SystemRoot\system32\DRIVERS\lirsgt.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\gdi32.dll
\Windows\System32\msctf.dll
\Windows\System32\comdlg32.dll
\Windows\System32\difxapi.dll
\Windows\System32\ole32.dll
\Windows\System32\user32.dll
\Windows\System32\wininet.dll
\Windows\System32\advapi32.dll
\Windows\System32\lpk.dll
\Windows\System32\imm32.dll
\Windows\System32\shell32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\Wldap32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\iertutil.dll
\Windows\System32\usp10.dll
\Windows\System32\urlmon.dll
\Windows\System32\normaliz.dll
\Windows\System32\setupapi.dll
\Windows\System32\imagehlp.dll
\Windows\System32\psapi.dll
\Windows\System32\sechost.dll
\Windows\System32\kernel32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\ws2_32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\nsi.dll
\Windows\System32\oleaut32.dll
\Windows\System32\wintrust.dll
\Windows\System32\userenv.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\profapi.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
IRP handler 0 of \Driver\USBSTOR points to an unknown module
Unhooking enabled.
Scan started
Database versions:
main: v2015.05.20.06
rootkit: v2015.05.16.01
<<<1>>>
Upper Device Name: \Device\Harddisk6\DR6
Upper Device Object: 0xfffffa800b703790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000098\
Lower Device Object: 0xfffffa800b6e8b60
Lower Device Driver Name: \Driver\USBSTOR\
Device already Exists: 0xfffffa800719f090
<<<1>>>
Upper Device Name: \Device\Harddisk5\DR5
Upper Device Object: 0xfffffa800b701060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000097\
Lower Device Object: 0xfffffa800b6e1060
Lower Device Driver Name: \Driver\USBSTOR\
Device already Exists: 0xfffffa8009ac9e40
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xfffffa800b700060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000096\
Lower Device Object: 0xfffffa800b6e2060
Lower Device Driver Name: \Driver\USBSTOR\
Device already Exists: 0xfffffa800a184660
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa800b6f7790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000095\
Lower Device Object: 0xfffffa800b6e2750
Lower Device Driver Name: \Driver\USBSTOR\
Device already Exists: 0xfffffa8009b2c1b0
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa800b6fe790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000094\
Lower Device Object: 0xfffffa800b6ddb60
Lower Device Driver Name: \Driver\USBSTOR\
Device already Exists: 0xfffffa8006f6e2a0
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8007779790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-3\
Lower Device Object: 0xfffffa800777c050
Lower Device Driver Name: \Driver\iaStor\
Device already Exists: 0xfffffa800a2b8090
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8007775790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-2\
Lower Device Object: 0xfffffa8007778050
Lower Device Driver Name: \Driver\iaStor\
Device already Exists: 0xfffffa8006a64370
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007775790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800768ab90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007775790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007663950, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8007778050, DeviceName: \Device\Ide\IAAStorageDevice-2\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a011809a30, 0xfffffa8007775790, 0xfffffa8009a3e090
Lower DeviceData: 0xfffff8a01ceeee90, 0xfffffa8007778050, 0xfffffa8006a64370
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 16323044
Partition information:
Partition 0 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 41943040
Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 41945088 Numsec = 204800
Partition file system is NTFS
Partition is bootable
Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 42149888 Numsec = 955150336
Partition 3 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 997300224 Numsec = 956221440
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8007779790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800768bb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007779790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007665950, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa800777c050, DeviceName: \Device\Ide\IAAStorageDevice-3\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a018d9b850, 0xfffffa8007779790, 0xfffffa800a587090
Lower DeviceData: 0xfffff8a015065800, 0xfffffa800777c050, 0xfffffa800a2b8090
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: BE794183
Partition information:
Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 976751937
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 500107862016 bytes
Sector size: 512 bytes
Done!
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa800b6fe790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800b6e9b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800b6fe790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800b6ddb60, DeviceName: \Device\00000094\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa800b6f7790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800b6fdb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800b6f7790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800b6e2750, DeviceName: \Device\00000095\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa800b700060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800b6fb500, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800b700060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800b6e2060, DeviceName: \Device\00000096\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 5, DevicePointer: 0xfffffa800b701060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800b700b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800b701060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800b6e1060, DeviceName: \Device\00000097\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 6, DevicePointer: 0xfffffa800b703790, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800b702040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800b703790, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800b6e8b60, DeviceName: \Device\00000098\, DriverName: \Driver\USBSTOR\
------------ End ----------
Infected: C:\Windows\Temp\svchost.exe --> [Trojan.BitcoinMiner]
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 11.0.9600.17801
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 3.093000 GHz
Memory total: 8536031232, free: 5942509568
Downloaded database version: v2015.05.20.06
Downloaded database version: v2015.05.16.01
Downloaded database version: v2015.05.13.01
=======================================
Initializing...
------------ Kernel report ------------
05/21/2015 07:14:19
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\sptd.sys
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\SysWOW64\speedfan.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\DRIVERS\iusb3hcs.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\mwlPSDFilter.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys
\SystemRoot\system32\DRIVERS\mwlPSDNServ.sys
\SystemRoot\system32\drivers\mssmbios.sys
\??\C:\Windows\system32\drivers\rsdrvx64.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\blbdrive.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\iusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\e1c62x64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\AVer330.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\Drivers\a4sf1gy5.SYS
\SystemRoot\System32\Drivers\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\system32\DRIVERS\circlass.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\DRIVERS\iusb3hub.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Windows\system32\drivers\aksdf.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\??\C:\Windows\system32\drivers\aksfridge.sys
\SystemRoot\system32\DRIVERS\avnetflt.sys
\??\C:\Windows\system32\drivers\hardlock.sys
\SystemRoot\system32\DRIVERS\lirsgt.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\gdi32.dll
\Windows\System32\msctf.dll
\Windows\System32\comdlg32.dll
\Windows\System32\difxapi.dll
\Windows\System32\ole32.dll
\Windows\System32\user32.dll
\Windows\System32\wininet.dll
\Windows\System32\advapi32.dll
\Windows\System32\lpk.dll
\Windows\System32\imm32.dll
\Windows\System32\shell32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\Wldap32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\iertutil.dll
\Windows\System32\usp10.dll
\Windows\System32\urlmon.dll
\Windows\System32\normaliz.dll
\Windows\System32\setupapi.dll
\Windows\System32\imagehlp.dll
\Windows\System32\psapi.dll
\Windows\System32\sechost.dll
\Windows\System32\kernel32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\ws2_32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\nsi.dll
\Windows\System32\oleaut32.dll
\Windows\System32\wintrust.dll
\Windows\System32\userenv.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\profapi.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
IRP handler 0 of \Driver\USBSTOR points to an unknown module
Unhooking enabled.
Scan started
Database versions:
main: v2015.05.20.06
rootkit: v2015.05.16.01
<<<1>>>
Upper Device Name: \Device\Harddisk6\DR6
Upper Device Object: 0xfffffa800b703790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000098\
Lower Device Object: 0xfffffa800b6e8b60
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk5\DR5
Upper Device Object: 0xfffffa800b701060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000097\
Lower Device Object: 0xfffffa800b6e1060
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xfffffa800b700060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000096\
Lower Device Object: 0xfffffa800b6e2060
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa800b6f7790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000095\
Lower Device Object: 0xfffffa800b6e2750
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa800b6fe790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000094\
Lower Device Object: 0xfffffa800b6ddb60
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8007779790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-3\
Lower Device Object: 0xfffffa800777c050
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8007775790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-2\
Lower Device Object: 0xfffffa8007778050
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007775790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800768ab90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007775790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007663950, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8007778050, DeviceName: \Device\Ide\IAAStorageDevice-2\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a01558ba70, 0xfffffa8007775790, 0xfffffa8009a3e090
Lower DeviceData: 0xfffff8a019adb590, 0xfffffa8007778050, 0xfffffa8006a64370
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 16323044
Partition information:
Partition 0 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 41943040
Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 41945088 Numsec = 204800
Partition file system is NTFS
Partition is bootable
Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 42149888 Numsec = 955150336
Partition 3 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 997300224 Numsec = 956221440
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8007779790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800768bb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007779790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007665950, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa800777c050, DeviceName: \Device\Ide\IAAStorageDevice-3\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a014286f10, 0xfffffa8007779790, 0xfffffa800a587090
Lower DeviceData: 0xfffff8a018e03560, 0xfffffa800777c050, 0xfffffa800a2b8090
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: BE794183
Partition information:
Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 976751937
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 500107862016 bytes
Sector size: 512 bytes
Done!
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa800b6fe790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800b6e9b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800b6fe790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800b6ddb60, DeviceName: \Device\00000094\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa800b6f7790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800b6fdb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800b6f7790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800b6e2750, DeviceName: \Device\00000095\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa800b700060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800b6fb500, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800b700060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800b6e2060, DeviceName: \Device\00000096\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 5, DevicePointer: 0xfffffa800b701060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800b700b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800b701060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800b6e1060, DeviceName: \Device\00000097\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 6, DevicePointer: 0xfffffa800b703790, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800b702040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800b703790, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800b6e8b60, DeviceName: \Device\00000098\, DriverName: \Driver\USBSTOR\
------------ End ----------
Infected: C:\Windows\Temp\svchost.exe --> [Trojan.BitcoinMiner]
Infected: C:\Windows\Temp\svchost.exe --> [Trojan.BitcoinMiner]
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 11.0.9600.17801
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 3.093000 GHz
Memory total: 8536031232, free: 5327040512
=======================================
Initializing...
------------ Kernel report ------------
05/21/2015 07:43:38
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\sptd.sys
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\SysWOW64\speedfan.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\DRIVERS\iusb3hcs.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\mwlPSDFilter.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys
\SystemRoot\system32\DRIVERS\mwlPSDNServ.sys
\SystemRoot\system32\drivers\mssmbios.sys
\??\C:\Windows\system32\drivers\rsdrvx64.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\blbdrive.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\iusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\e1c62x64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\AVer330.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\Drivers\a4sf1gy5.SYS
\SystemRoot\System32\Drivers\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\system32\DRIVERS\circlass.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\DRIVERS\iusb3hub.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Windows\system32\drivers\aksdf.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\??\C:\Windows\system32\drivers\aksfridge.sys
\SystemRoot\system32\DRIVERS\avnetflt.sys
\??\C:\Windows\system32\drivers\hardlock.sys
\SystemRoot\system32\DRIVERS\lirsgt.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\gdi32.dll
\Windows\System32\msctf.dll
\Windows\System32\comdlg32.dll
\Windows\System32\difxapi.dll
\Windows\System32\ole32.dll
\Windows\System32\user32.dll
\Windows\System32\wininet.dll
\Windows\System32\advapi32.dll
\Windows\System32\lpk.dll
\Windows\System32\imm32.dll
\Windows\System32\shell32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\Wldap32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\iertutil.dll
\Windows\System32\usp10.dll
\Windows\System32\urlmon.dll
\Windows\System32\normaliz.dll
\Windows\System32\setupapi.dll
\Windows\System32\imagehlp.dll
\Windows\System32\psapi.dll
\Windows\System32\sechost.dll
\Windows\System32\kernel32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\ws2_32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\nsi.dll
\Windows\System32\oleaut32.dll
\Windows\System32\wintrust.dll
\Windows\System32\userenv.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\profapi.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
IRP handler 0 of \Driver\USBSTOR points to an unknown module
Unhooking enabled.
Scan started
Database versions:
main: v2015.05.20.06
rootkit: v2015.05.16.01
<<<1>>>
Upper Device Name: \Device\Harddisk6\DR6
Upper Device Object: 0xfffffa800b703790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000098\
Lower Device Object: 0xfffffa800b6e8b60
Lower Device Driver Name: \Driver\USBSTOR\
Device already Exists: 0xfffffa800719f090
<<<1>>>
Upper Device Name: \Device\Harddisk5\DR5
Upper Device Object: 0xfffffa800b701060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000097\
Lower Device Object: 0xfffffa800b6e1060
Lower Device Driver Name: \Driver\USBSTOR\
Device already Exists: 0xfffffa8009ac9e40
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xfffffa800b700060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000096\
Lower Device Object: 0xfffffa800b6e2060
Lower Device Driver Name: \Driver\USBSTOR\
Device already Exists: 0xfffffa800a184660
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa800b6f7790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000095\
Lower Device Object: 0xfffffa800b6e2750
Lower Device Driver Name: \Driver\USBSTOR\
Device already Exists: 0xfffffa8009b2c1b0
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa800b6fe790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000094\
Lower Device Object: 0xfffffa800b6ddb60
Lower Device Driver Name: \Driver\USBSTOR\
Device already Exists: 0xfffffa8006f6e2a0
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8007779790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-3\
Lower Device Object: 0xfffffa800777c050
Lower Device Driver Name: \Driver\iaStor\
Device already Exists: 0xfffffa800a2b8090
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8007775790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-2\
Lower Device Object: 0xfffffa8007778050
Lower Device Driver Name: \Driver\iaStor\
Device already Exists: 0xfffffa8006a64370
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007775790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800768ab90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007775790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007663950, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8007778050, DeviceName: \Device\Ide\IAAStorageDevice-2\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a0140a3960, 0xfffffa8007775790, 0xfffffa8009a3e090
Lower DeviceData: 0xfffff8a0003070b0, 0xfffffa8007778050, 0xfffffa8006a64370
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 16323044
Partition information:
Partition 0 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 41943040
Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 41945088 Numsec = 204800
Partition file system is NTFS
Partition is bootable
Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 42149888 Numsec = 955150336
Partition 3 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 997300224 Numsec = 956221440
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8007779790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800768bb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007779790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007665950, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa800777c050, DeviceName: \Device\Ide\IAAStorageDevice-3\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a0182d69a0, 0xfffffa8007779790, 0xfffffa800a587090
Lower DeviceData: 0xfffff8a012f4dc00, 0xfffffa800777c050, 0xfffffa800a2b8090
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: BE794183
Partition information:
Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 976751937
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 500107862016 bytes
Sector size: 512 bytes
Done!
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa800b6fe790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800b6e9b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800b6fe790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800b6ddb60, DeviceName: \Device\00000094\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa800b6f7790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800b6fdb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800b6f7790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800b6e2750, DeviceName: \Device\00000095\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa800b700060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800b6fb500, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800b700060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800b6e2060, DeviceName: \Device\00000096\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 5, DevicePointer: 0xfffffa800b701060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800b700b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800b701060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800b6e1060, DeviceName: \Device\00000097\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 6, DevicePointer: 0xfffffa800b703790, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800b702040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800b703790, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800b6e8b60, DeviceName: \Device\00000098\, DriverName: \Driver\USBSTOR\
------------ End ----------
Infected: C:\Windows\Temp\svchost.exe --> [Trojan.BitcoinMiner]
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 11.0.9600.17801
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 3.093000 GHz
Memory total: 8536031232, free: 5777465344
=======================================
Initializing...
------------ Kernel report ------------
05/21/2015 08:17:31
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\sptd.sys
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\SysWOW64\speedfan.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\DRIVERS\iusb3hcs.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\mwlPSDFilter.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys
\SystemRoot\system32\DRIVERS\mwlPSDNServ.sys
\SystemRoot\system32\drivers\mssmbios.sys
\??\C:\Windows\system32\drivers\rsdrvx64.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\blbdrive.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\iusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\e1c62x64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\AVer330.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\Drivers\a4sf1gy5.SYS
\SystemRoot\System32\Drivers\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\system32\DRIVERS\circlass.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\DRIVERS\iusb3hub.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Windows\system32\drivers\aksdf.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\??\C:\Windows\system32\drivers\aksfridge.sys
\SystemRoot\system32\DRIVERS\avnetflt.sys
\??\C:\Windows\system32\drivers\hardlock.sys
\SystemRoot\system32\DRIVERS\lirsgt.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\gdi32.dll
\Windows\System32\msctf.dll
\Windows\System32\comdlg32.dll
\Windows\System32\difxapi.dll
\Windows\System32\ole32.dll
\Windows\System32\user32.dll
\Windows\System32\wininet.dll
\Windows\System32\advapi32.dll
\Windows\System32\lpk.dll
\Windows\System32\imm32.dll
\Windows\System32\shell32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\Wldap32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\iertutil.dll
\Windows\System32\usp10.dll
\Windows\System32\urlmon.dll
\Windows\System32\normaliz.dll
\Windows\System32\setupapi.dll
\Windows\System32\imagehlp.dll
\Windows\System32\psapi.dll
\Windows\System32\sechost.dll
\Windows\System32\kernel32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\ws2_32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\nsi.dll
\Windows\System32\oleaut32.dll
\Windows\System32\wintrust.dll
\Windows\System32\userenv.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\profapi.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
IRP handler 0 of \Driver\USBSTOR points to an unknown module
Unhooking enabled.
Scan started
Database versions:
main: v2015.05.20.06
rootkit: v2015.05.16.01
<<<1>>>
Upper Device Name: \Device\Harddisk6\DR6
Upper Device Object: 0xfffffa800b703790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000098\
Lower Device Object: 0xfffffa800b6e8b60
Lower Device Driver Name: \Driver\USBSTOR\
Device already Exists: 0xfffffa800719f090
<<<1>>>
Upper Device Name: \Device\Harddisk5\DR5
Upper Device Object: 0xfffffa800b701060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000097\
Lower Device Object: 0xfffffa800b6e1060
Lower Device Driver Name: \Driver\USBSTOR\
Device already Exists: 0xfffffa8009ac9e40
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xfffffa800b700060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000096\
Lower Device Object: 0xfffffa800b6e2060
Lower Device Driver Name: \Driver\USBSTOR\
Device already Exists: 0xfffffa800a184660
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa800b6f7790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000095\
Lower Device Object: 0xfffffa800b6e2750
Lower Device Driver Name: \Driver\USBSTOR\
Device already Exists: 0xfffffa8009b2c1b0
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa800b6fe790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000094\
Lower Device Object: 0xfffffa800b6ddb60
Lower Device Driver Name: \Driver\USBSTOR\
Device already Exists: 0xfffffa8006f6e2a0
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8007779790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-3\
Lower Device Object: 0xfffffa800777c050
Lower Device Driver Name: \Driver\iaStor\
Device already Exists: 0xfffffa800a2b8090
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8007775790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-2\
Lower Device Object: 0xfffffa8007778050
Lower Device Driver Name: \Driver\iaStor\
Device already Exists: 0xfffffa8006a64370
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007775790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800768ab90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007775790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007663950, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8007778050, DeviceName: \Device\Ide\IAAStorageDevice-2\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a011809a30, 0xfffffa8007775790, 0xfffffa8009a3e090
Lower DeviceData: 0xfffff8a01ceeee90, 0xfffffa8007778050, 0xfffffa8006a64370
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 16323044
Partition information:
Partition 0 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 41943040
Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 41945088 Numsec = 204800
Partition file system is NTFS
Partition is bootable
Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 42149888 Numsec = 955150336
Partition 3 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 997300224 Numsec = 956221440
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8007779790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800768bb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007779790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007665950, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa800777c050, DeviceName: \Device\Ide\IAAStorageDevice-3\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a018d9b850, 0xfffffa8007779790, 0xfffffa800a587090
Lower DeviceData: 0xfffff8a015065800, 0xfffffa800777c050, 0xfffffa800a2b8090
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: BE794183
Partition information:
Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 976751937
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 500107862016 bytes
Sector size: 512 bytes
Done!
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa800b6fe790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800b6e9b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800b6fe790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800b6ddb60, DeviceName: \Device\00000094\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa800b6f7790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800b6fdb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800b6f7790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800b6e2750, DeviceName: \Device\00000095\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa800b700060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800b6fb500, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800b700060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800b6e2060, DeviceName: \Device\00000096\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 5, DevicePointer: 0xfffffa800b701060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800b700b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800b701060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800b6e1060, DeviceName: \Device\00000097\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 6, DevicePointer: 0xfffffa800b703790, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800b702040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800b703790, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800b6e8b60, DeviceName: \Device\00000098\, DriverName: \Driver\USBSTOR\
------------ End ----------
Infected: C:\Windows\Temp\svchost.exe --> [Trojan.BitcoinMiner]
Re: svchost - 100% CPU usage (skrytý rootkit ?)
Aplikaci rUpdater mate v PC schvalne? Postup kolegy Naughtyho:Po stazeni http://www.xuetr.com/download/PCHunter_free.zip
(rezervni odkaz http://www.epoolsoft.com/pchunter/PCHunter_free.zip ),
rozbaleni, spusteni spravne verze dle operacniho systemu 32b vs 64b, prejdi do zalozky Examination, v ni zaskrkej vsechny volby, dej generovat, po skonceni generovani klik na exportovat - textak do raru a vloz do prispevku (neb bude dlouhy a nevesel by se).
Dejte log FRST.txt, prilozte i Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.
Přispějete na provoz fóra?