Preventivni kontrola

Zpráva

Gambac · #1 Příspěvek od **Gambac** » 29 čer 2015 16:30

Ahoj, prosim o kontrolu, PC posledni mesic pouzivalo vice clenu rodiny a jak znam jejich "co vidim, to klikam", tak radsi prikladam log z HJT.

Diky predem.

Logfile of random's system information tool 1.10 (written by random/random)
Run by Gambac at 2015-06-29 17:30:19
Microsoft Windows 8.1
System drive C: has 143 GB (15%) free of 954 GB
Total RAM: 8120 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:30:20, on 29. 6. 2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files\trend micro\Gambac.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://localoem.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://localoem.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avast Antivirus (avast! Antivirus) - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Razer Game Scanner (Razer Game Scanner Service) - Unknown owner - C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Razer Overlay Subsystem Emergency Service (RzOvlMon) - Razer, Inc. - C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @oem4.inf,%ViaKaraokeSrv.SvcDesc%;VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8402 bytes

======Listing Processes======

wininit.exe

C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k utcsvc
dashost.exe {019c750a-1638-45d6-b0f6fe5a87981d8f}
"C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
"C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\viakaraokesrv.exe
"C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\SysWOW64\PnkBstrB.exe

C:\Windows\System32\WinLogon.exe -SpecialSession
-hiberboot
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session
taskhostex.exe
C:\Windows\Explorer.EXE
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe" 73581af5-9fd3-47be-bb5f-bc0d7b19f25d 0
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" serviceapp
\??\C:\Windows\system32\conhost.exe 0x4
\??\C:\Windows\system32\conhost.exe 0x4
"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
"C:\Windows\system32\GWX\GWX.exe"
"C:\totalcmd\TOTALCMD.EXE"
taskhost.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --profile-directory="Profile 4"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="18312.0.170365081\1206974221" --supports-dual-gpus=false --gpu-driver-bug-workarounds=2,21,44,53 --gpu-vendor-id=0x10de --gpu-device-id=0x0fc6 --gpu-driver-vendor=NVIDIA --gpu-driver-version=9.18.13.5286 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="AffiliationBasedMatching/Enabled/AutofillEnabled/Default/BackgroundRendererProcesses/AllowBelowNormalFromBrowser/BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/*ChromeSuggestions/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group1 pct:10a stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/*NewProfileManagement/Enabled/OmniboxBundledExperimentV1/Hivemind_A1_Stable_R7_Postperiod/*PasswordGeneration/Disabled/PasswordLinkInSettings/Disabled/PermissionBubbleRollout/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledMin4/*RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_97/*UMA-Uniformity-Trial-10-Percent/group_08/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-5-Percent/group_04/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/*VoiceTrigger/Install/*WebRTC-IPv6Default/Disabled/WebRTC-UDPSocketNonBlockingIO/Default/*Win32kLockdown/Enabled/" --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --font-cache-shared-mem-suffix=18312 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --use-image-texture-target=3553 --channel="18312.1.541484379\1576904604" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="AffiliationBasedMatching/Enabled/*AutofillEnabled/Default/BackgroundRendererProcesses/AllowBelowNormalFromBrowser/*BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/*ChromeSuggestions/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group1 pct:10a stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/*NewProfileManagement/Enabled/*OmniboxBundledExperimentV1/Hivemind_A1_Stable_R7_Postperiod/*PasswordGeneration/Disabled/PasswordLinkInSettings/Disabled/PermissionBubbleRollout/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledMin4/*RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_97/*UMA-Uniformity-Trial-10-Percent/group_08/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-5-Percent/group_04/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/*VoiceTrigger/Install/*WebRTC-IPv6Default/Disabled/WebRTC-UDPSocketNonBlockingIO/Default/*Win32kLockdown/Enabled/" --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --font-cache-shared-mem-suffix=18312 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --use-image-texture-target=3553 --channel="18312.3.1925054878\576516266" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="*AffiliationBasedMatching/Enabled/*AutofillEnabled/Default/*BackgroundRendererProcesses/AllowBelowNormalFromBrowser/*BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/*ChromeSuggestions/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group1 pct:10a stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/*NewProfileManagement/Enabled/*OmniboxBundledExperimentV1/Hivemind_A1_Stable_R7_Postperiod/*PasswordGeneration/Disabled/PasswordLinkInSettings/Disabled/PermissionBubbleRollout/Enabled/*PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledMin4/*RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_97/*UMA-Uniformity-Trial-10-Percent/group_08/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-5-Percent/group_04/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/*VoiceTrigger/Install/*WebRTC-IPv6Default/Disabled/WebRTC-UDPSocketNonBlockingIO/Default/*Win32kLockdown/Enabled/" --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --font-cache-shared-mem-suffix=18312 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --use-image-texture-target=3553 --channel="18312.28.1634463532\1748430843" /prefetch:673131151

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="*AffiliationBasedMatching/Enabled/*AutofillEnabled/Default/*BackgroundRendererProcesses/AllowBelowNormalFromBrowser/*BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/*ChromeSuggestions/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group1 pct:10a stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/*NewProfileManagement/Enabled/*OmniboxBundledExperimentV1/Hivemind_A1_Stable_R7_Postperiod/*PasswordGeneration/Disabled/PasswordLinkInSettings/Disabled/PermissionBubbleRollout/Enabled/*PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledMin4/*RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_97/*UMA-Uniformity-Trial-10-Percent/group_08/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-5-Percent/group_04/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/*VoiceTrigger/Install/*WebRTC-IPv6Default/Disabled/WebRTC-UDPSocketNonBlockingIO/Default/*Win32kLockdown/Enabled/" --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --font-cache-shared-mem-suffix=18312 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --use-image-texture-target=3553 --channel="18312.81.165753840\994744206" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="*AffiliationBasedMatching/Enabled/*AutofillEnabled/Default/*BackgroundRendererProcesses/AllowBelowNormalFromBrowser/*BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/*ChromeSuggestions/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group1 pct:10a stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/*NewProfileManagement/Enabled/*OmniboxBundledExperimentV1/Hivemind_A1_Stable_R7_Postperiod/*PasswordGeneration/Disabled/PasswordLinkInSettings/Disabled/PermissionBubbleRollout/Enabled/*PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledMin4/*RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_97/*UMA-Uniformity-Trial-10-Percent/group_08/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-5-Percent/group_04/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/*VoiceTrigger/Install/*WebRTC-IPv6Default/Disabled/WebRTC-UDPSocketNonBlockingIO/Default/*Win32kLockdown/Enabled/" --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --font-cache-shared-mem-suffix=18312 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --use-image-texture-target=3553 --channel="18312.87.1369041264\959651755" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="*AffiliationBasedMatching/Enabled/*AutofillEnabled/Default/*BackgroundRendererProcesses/AllowBelowNormalFromBrowser/*BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/ChromeDashboard/Default/*ChromeSuggestions/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group1 pct:10a stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/*NewProfileManagement/Enabled/*OmniboxBundledExperimentV1/Hivemind_A1_Stable_R7_Postperiod/*PasswordGeneration/Disabled/PasswordLinkInSettings/Disabled/PermissionBubbleRollout/Enabled/*PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledMin4/*RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/SessionRestoreBackgroundLoading/Restore/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_97/*UMA-Uniformity-Trial-10-Percent/group_08/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-5-Percent/group_04/*UMA-Uniformity-Trial-50-Percent/default/*UseDelayAgnosticAEC/DefaultEnabled/*VoiceTrigger/Install/*WebRTC-IPv6Default/Disabled/WebRTC-UDPSocketNonBlockingIO/Default/*Win32kLockdown/Enabled/" --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --font-cache-shared-mem-suffix=18312 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --use-image-texture-target=3553 --channel="18312.88.2113784868\1827689200" /prefetch:673131151
"C:\Users\Gambac\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\NOTEPAD.EXE" C:\rsit\log.txt
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\Users\Gambac\Desktop\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-12-08 463272]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-12-08 171944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2012-06-12 6548112]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2015-05-23 2754704]
"ShadowPlay"=C:\Windows\system32\nvspcap64.dll [2015-05-08 1570672]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"=C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2012-06-08 5123216]
"Razer Synapse"=C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [2014-11-03 585536]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2015-06-19 5515496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2012-07-05 439296]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.yuy2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"vidc.yvyu"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"vidc.uyvy"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2015-06-29 17:26:38 ----D---- C:\Program Files\trend micro
2015-06-29 17:26:37 ----D---- C:\rsit
2015-06-27 19:28:40 ----SHD---- C:\Windows\System Volume Information
2015-06-26 19:59:52 ----A---- C:\Program Files (x86)\resume.20150626.195952.dat
2015-06-24 09:14:57 ----A---- C:\Program Files (x86)\resume.20150624.091457.dat
2015-06-22 16:50:12 ----D---- C:\Program Files (x86)\SystemRequirementsLab
2015-06-22 12:23:25 ----A---- C:\Program Files (x86)\resume.20150622.122325.dat
2015-06-22 11:47:20 ----A---- C:\Program Files (x86)\resume.20150622.114720.dat
2015-06-22 09:48:15 ----A---- C:\Program Files (x86)\resume.20150622.094815.dat
2015-06-22 07:48:05 ----A---- C:\Program Files (x86)\resume.20150622.074805.dat
2015-06-21 11:25:14 ----A---- C:\Program Files (x86)\resume.20150621.112514.dat
2015-06-21 09:25:11 ----A---- C:\Program Files (x86)\resume.20150621.092511.dat
2015-06-21 09:22:49 ----A---- C:\Program Files (x86)\uninstall.exe
2015-06-19 11:05:25 ----A---- C:\Windows\system32\aswBoot.exe
2015-06-19 11:05:13 ----A---- C:\Windows\avastSS.scr
2015-06-10 15:03:30 ----D---- C:\Users\Gambac\AppData\Roaming\LolClient
2015-06-10 13:58:39 ----D---- C:\ProgramData\Riot Games
2015-06-10 13:58:01 ----A---- C:\Windows\SYSWOW64\D3DX9_39.dll
2015-06-10 13:58:01 ----A---- C:\Windows\SYSWOW64\d3dx10_39.dll
2015-06-10 13:58:01 ----A---- C:\Windows\SYSWOW64\D3DCompiler_39.dll
2015-06-10 13:57:13 ----D---- C:\Users\Gambac\AppData\Roaming\Riot Games
2015-06-10 08:23:38 ----A---- C:\Windows\SYSWOW64\msftedit.dll
2015-06-10 08:23:38 ----A---- C:\Windows\system32\msftedit.dll
2015-06-10 08:23:36 ----A---- C:\Windows\SYSWOW64\puiobj.dll
2015-06-10 08:23:36 ----A---- C:\Windows\system32\puiobj.dll
2015-06-10 08:23:36 ----A---- C:\Windows\system32\localspl.dll
2015-06-10 08:23:36 ----A---- C:\Windows\system32\compstui.dll
2015-06-10 08:23:33 ----A---- C:\Windows\SYSWOW64\rastapi.dll
2015-06-10 08:23:33 ----A---- C:\Windows\system32\rastapi.dll
2015-06-10 08:23:32 ----A---- C:\Windows\SYSWOW64\mssrch.dll
2015-06-10 08:23:32 ----A---- C:\Windows\system32\mssrch.dll
2015-06-10 08:23:31 ----A---- C:\Windows\SYSWOW64\tquery.dll
2015-06-10 08:23:31 ----A---- C:\Windows\SYSWOW64\SearchIndexer.exe
2015-06-10 08:23:31 ----A---- C:\Windows\system32\tquery.dll
2015-06-10 08:23:31 ----A---- C:\Windows\system32\SearchIndexer.exe
2015-06-10 08:23:31 ----A---- C:\Windows\system32\mssph.dll
2015-06-10 08:23:30 ----A---- C:\Windows\SYSWOW64\mssph.dll
2015-06-10 08:23:30 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2015-06-10 08:23:30 ----A---- C:\Windows\system32\mssvp.dll
2015-06-10 08:23:29 ----A---- C:\Windows\SYSWOW64\SearchProtocolHost.exe
2015-06-10 08:23:29 ----A---- C:\Windows\SYSWOW64\mssvp.dll
2015-06-10 08:23:29 ----A---- C:\Windows\system32\mssphtb.dll
2015-06-10 08:23:28 ----A---- C:\Windows\system32\UtcResources.dll
2015-06-10 08:23:28 ----A---- C:\Windows\system32\diagtrack.dll
2015-06-10 08:23:27 ----A---- C:\Windows\SYSWOW64\UIAutomationCore.dll
2015-06-10 08:23:27 ----A---- C:\Windows\system32\UIAutomationCore.dll
2015-06-10 08:23:26 ----AC---- C:\Windows\system32\drivers\USBXHCI.SYS
2015-06-10 08:23:25 ----A---- C:\Windows\SYSWOW64\authz.dll
2015-06-10 08:23:25 ----A---- C:\Windows\system32\authz.dll
2015-06-10 08:23:24 ----A---- C:\Windows\system32\comctl32.dll
2015-06-10 08:23:23 ----A---- C:\Windows\SYSWOW64\comctl32.dll
2015-06-10 08:23:17 ----A---- C:\Windows\SYSWOW64\rgb9rast.dll
2015-06-10 08:23:14 ----A---- C:\Windows\system32\mshtml.dll
2015-06-10 08:23:13 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2015-06-10 08:23:11 ----A---- C:\Windows\system32\wininet.dll
2015-06-10 08:23:11 ----A---- C:\Windows\system32\jscript9.dll
2015-06-10 08:23:10 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2015-06-10 08:23:09 ----A---- C:\Windows\SYSWOW64\wininet.dll
2015-06-10 08:23:09 ----A---- C:\Windows\system32\ieframe.dll
2015-06-10 08:23:08 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2015-06-10 08:23:08 ----A---- C:\Windows\system32\iertutil.dll
2015-06-10 08:23:07 ----A---- C:\Windows\system32\urlmon.dll
2015-06-10 08:23:06 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2015-06-10 08:23:05 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2015-06-10 08:23:05 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2015-06-10 08:23:03 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2015-06-10 08:23:03 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2015-06-10 08:23:03 ----A---- C:\Windows\SYSWOW64\jscript.dll
2015-06-10 08:23:03 ----A---- C:\Windows\system32\vbscript.dll
2015-06-10 08:23:03 ----A---- C:\Windows\system32\msfeeds.dll
2015-06-10 08:23:03 ----A---- C:\Windows\system32\actxprxy.dll
2015-06-10 08:23:02 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2015-06-10 08:23:02 ----A---- C:\Windows\system32\jscript9diag.dll
2015-06-10 08:23:02 ----A---- C:\Windows\system32\jscript.dll
2015-06-10 08:23:02 ----A---- C:\Windows\system32\ieapfltr.dll
2015-06-10 08:23:01 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2015-06-10 08:22:57 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2015-06-10 08:22:57 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2015-06-10 08:22:57 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2015-06-10 08:22:57 ----A---- C:\Windows\SYSWOW64\actxprxy.dll
2015-06-10 08:22:57 ----A---- C:\Windows\system32\webcheck.dll
2015-06-10 08:22:57 ----A---- C:\Windows\system32\mshtmled.dll
2015-06-10 08:22:57 ----A---- C:\Windows\system32\inetcomm.dll
2015-06-10 08:22:57 ----A---- C:\Windows\system32\ieui.dll
2015-06-10 08:22:57 ----A---- C:\Windows\system32\iepeers.dll
2015-06-10 08:22:57 ----A---- C:\Windows\system32\iedkcs32.dll
2015-06-10 08:22:57 ----A---- C:\Windows\system32\dxtrans.dll
2015-06-10 08:22:56 ----A---- C:\Windows\SYSWOW64\inetcomm.dll
2015-06-10 08:22:50 ----A---- C:\Windows\system32\win32k.sys
2015-06-07 20:21:07 ----D---- C:\ProgramData\boost_interprocess
2015-06-07 20:21:04 ----A---- C:\Windows\system32\drivers\nvvad64v.sys
2015-06-07 20:21:03 ----A---- C:\Windows\SYSWOW64\nvaudcap32v.dll
2015-06-05 08:46:17 ----A---- C:\Windows\system32\generaltel.dll
2015-06-05 08:46:17 ----A---- C:\Windows\system32\appraiser.dll
2015-06-05 08:46:17 ----A---- C:\Windows\system32\aepic.dll
2015-06-05 08:46:16 ----A---- C:\Windows\system32\invagent.dll
2015-06-05 08:46:16 ----A---- C:\Windows\system32\devinv.dll
2015-06-05 08:46:16 ----A---- C:\Windows\system32\aeinv.dll
2015-06-05 08:46:16 ----A---- C:\Windows\system32\acmigration.dll
2015-06-05 08:46:15 ----A---- C:\Windows\system32\aepdu.dll
2015-06-04 15:06:30 ----D---- C:\Users\Gambac\AppData\Roaming\A
2015-06-01 17:59:21 ----A---- C:\Windows\system32\aspnet_counters.dll
2015-06-01 17:59:18 ----A---- C:\Windows\SYSWOW64\aspnet_counters.dll

======List of files/folders modified in the last 1 month======

2015-06-29 17:26:45 ----D---- C:\Windows\Prefetch
2015-06-29 17:26:38 ----RD---- C:\Program Files
2015-06-29 17:00:00 ----D---- C:\Windows\system32\sru
2015-06-29 15:18:00 ----D---- C:\Windows\Temp
2015-06-29 12:03:31 ----D---- C:\Hry
2015-06-29 07:00:37 ----D---- C:\Windows\Microsoft.NET
2015-06-28 17:50:49 ----SHD---- C:\System Volume Information
2015-06-27 23:12:11 ----D---- C:\Program Files (x86)\Steam
2015-06-27 19:28:40 ----D---- C:\Windows
2015-06-27 19:27:43 ----SD---- C:\Users\Gambac\AppData\Roaming\Microsoft
2015-06-27 12:05:27 ----D---- C:\Windows\system32\config
2015-06-26 23:05:36 ----D---- C:\Windows\system32\drivers
2015-06-26 20:01:42 ----RD---- C:\Program Files (x86)
2015-06-26 10:41:41 ----D---- C:\Windows\SysWOW64
2015-06-26 10:41:40 ----A---- C:\Windows\SYSWOW64\PnkBstrB.exe
2015-06-26 09:34:06 ----D---- C:\Windows\WinSxS
2015-06-25 20:46:38 ----D---- C:\Mix
2015-06-25 20:31:21 ----D---- C:\ProgramData\NVIDIA
2015-06-25 08:24:01 ----D---- C:\Windows\CbsTemp
2015-06-24 09:19:35 ----SHD---- C:\Windows\Installer
2015-06-22 17:49:45 ----RD---- C:\Windows\System32
2015-06-21 23:04:22 ----D---- C:\Program Files (x86)\Battle.net
2015-06-21 12:20:33 ----RSD---- C:\Windows\assembly
2015-06-21 09:19:44 ----D---- C:\Users\Gambac\AppData\Roaming\BitComet
2015-06-21 08:47:24 ----D---- C:\ProgramData\Package Cache
2015-06-21 06:42:24 ----D---- C:\Windows\SYSWOW64\directx
2015-06-21 06:42:20 ----HD---- C:\Windows\msdownld.tmp
2015-06-20 05:02:45 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-06-19 11:06:59 ----D---- C:\Windows\Inf
2015-06-19 11:05:50 ----D---- C:\Windows\system32\DriverStore
2015-06-19 11:05:34 ----D---- C:\Windows\system32\Tasks
2015-06-15 21:27:12 ----D---- C:\Users\Gambac\AppData\Roaming\TS3Client
2015-06-14 09:33:54 ----D---- C:\Windows\rescache
2015-06-12 22:00:26 ----D---- C:\Windows\Logs
2015-06-10 22:26:51 ----RD---- C:\Windows\ToastData
2015-06-10 22:26:48 ----D---- C:\Windows\SYSWOW64\cs-CZ
2015-06-10 22:26:48 ----D---- C:\Windows\PolicyDefinitions
2015-06-10 22:26:48 ----D---- C:\Program Files\Internet Explorer
2015-06-10 22:26:48 ----D---- C:\Program Files (x86)\Internet Explorer
2015-06-10 22:26:47 ----D---- C:\Windows\system32\cs-CZ
2015-06-10 22:26:41 ----SD---- C:\Windows\system32\CompatTel
2015-06-10 22:26:41 ----D---- C:\Windows\system32\appraiser
2015-06-10 22:26:41 ----D---- C:\Windows\apppatch
2015-06-10 13:58:39 ----HD---- C:\ProgramData
2015-06-10 13:57:58 ----D---- C:\Windows\Tasks
2015-06-10 09:52:22 ----D---- C:\Windows\system32\MRT
2015-06-10 09:48:32 ----A---- C:\Windows\system32\MRT.exe
2015-06-10 08:21:47 ----D---- C:\Windows\system32\catroot2
2015-06-09 11:18:10 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-06-09 11:14:32 ----D---- C:\Users\Gambac\AppData\Roaming\vlc
2015-06-08 20:05:58 ----SD---- C:\ProgramData\Microsoft
2015-06-07 23:00:36 ----D---- C:\ProgramData\Origin
2015-06-07 20:34:33 ----D---- C:\ProgramData\NVIDIA Corporation
2015-06-07 09:04:19 ----D---- C:\Program Files (x86)\Battlelog Web Plugins
2015-06-07 09:02:43 ----D---- C:\Users\Gambac\AppData\Roaming\Origin
2015-06-07 09:01:14 ----D---- C:\Program Files (x86)\Origin

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2015-06-19 65736]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2015-06-19 272248]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2015-06-19 93528]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2015-06-19 1047320]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2015-06-26 442264]
R1 dtsoftbus01;@oem21.inf,%DTSoftBus.SVCDESC%;DAEMON Tools Virtual Bus Driver; C:\Windows\System32\drivers\dtsoftbus01.sys [2014-03-14 283064]
R1 RzFilter;RzFilter; \??\C:\Windows\system32\drivers\RzFilter.sys [2014-04-18 74432]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2015-06-19 29168]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2015-06-19 89944]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2015-06-19 137288]
R2 rzpmgrk;rzpmgrk; \??\C:\Windows\system32\drivers\rzpmgrk.sys [2014-11-01 37184]
R2 rzpnk;rzpnk; \??\C:\Windows\system32\drivers\rzpnk.sys [2014-10-23 129600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2012-06-19 4065296]
R3 ISCT;@oem1.inf,%ISCT.DeviceDesc%;Intel(R) Smart Connect Technology Device Driver; C:\Windows\System32\drivers\ISCTD64.sys [2013-02-13 46568]
R3 MEIx64;@oem8.inf,%HECI_SvcDesc%;Intel(R) Management Engine Interface ; C:\Windows\System32\drivers\HECIx64.sys [2013-03-12 64624]
R3 NVHDA;@oem58.inf,%NVHDA.SvcDesc%;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2015-05-13 195912]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2015-05-12 10972304]
R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2015-05-23 19600]
R3 nvvad_WaveExtensible;@oem63.inf,%nvvad_WaveExtensible.SvcDesc%;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2015-04-03 38032]
R3 RTL8168;@oem6.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\Windows\system32\DRIVERS\Rt630x64.sys [2012-12-27 760032]
R3 RzDxgk;RzDxgk; \??\C:\Windows\system32\drivers\RzDxgk.sys [2014-04-18 129472]
R3 rzendpt;@oem94.inf,%rzendpt.SvcDesc%;rzendpt; C:\Windows\System32\drivers\rzendpt.sys [2014-09-05 39592]
R3 rzmpos;@oem97.inf,%rzmpos.SvcDesc%;rzmpos; C:\Windows\System32\drivers\rzmpos.sys [2014-09-05 35496]
R3 rzudd;@oem106.inf,%Razer.SvcDesc%;Razer Mouse Driver; C:\Windows\System32\drivers\rzudd.sys [2014-09-05 160424]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2012-07-05 8934976]
S3 IntcDAud;@oem2.inf,%IntcDAud.SvcDesc%;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2012-06-19 342528]
S3 L1C;@oem5.inf,%L1c.Service.DispName%;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\l1c51x64.sys [2012-04-25 96368]
S3 NvStUSB;@oem11.inf,%NvStUSB.SvcDesc%;NVIDIA Stereoscopic 3D USB driver; C:\Windows\System32\drivers\nvstusb.sys [2013-06-23 450848]
S3 VIAHdAudAddService;@oem4.inf,%UAAFunctionDriverForHdAudio.SvcDesc%;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2012-05-04 2196592]
S3 WDC_SAM;@oem37.inf,%WDC_SAM_ServiceName%;WD SCSI Pass Thru driver; C:\Windows\System32\drivers\wdcsam64.sys [2015-04-30 23200]
S3 WinUsb;@wpdmtp.inf,%WinUsb.SvcDesc%;WinUsb; C:\Windows\System32\drivers\WinUsb.sys [2013-08-22 78848]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-06-19 343336]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2014-10-29 38792]
R2 GfExperienceService;NVIDIA GeForce Experience Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2015-05-08 1152656]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2015-05-23 1893008]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2015-05-23 23006864]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2015-05-12 937288]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2014-10-30 76888]
R2 PnkBstrB;PnkBstrB; C:\Windows\syswow64\PnkBstrB.exe [2015-06-26 281688]
R2 RzOvlMon;Razer Overlay Subsystem Emergency Service; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [2014-04-18 32960]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-05-12 410768]
R2 VIAKaraokeService;@oem4.inf,%ViaKaraokeSrv.SvcDesc%;VIA Karaoke digital mixer Service; C:\Windows\system32\viakaraokesrv.exe [2012-05-04 27760]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-13 116648]
S2 Razer Game Scanner Service;Razer Game Scanner; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [2014-11-01 183488]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\Windows\System32\svchost.exe [2014-10-29 38792]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2013-08-03 43696]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-13 116648]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 Origin Client Service;Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2015-06-07 1997168]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2015-06-04 837312]

-----------------EOF-----------------

#2 Příspěvek od **altrok** » 29 čer 2015 20:14

Zdravim

V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose).

Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )

ukoncete vsechny programy
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Scan, pote na Cleaning
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner [Sx].txt), jehoz obsah mi zkopirujte do pristi odpovedi

Gambac · #3 Příspěvek od **Gambac** » 30 čer 2015 06:17

# AdwCleaner v4.207 - Log vytvořen 30/06/2015 v 07:14:24
# Aktualizováno 21/06/2015 by Xplode
# Databáze : 2015-06-29.1 [Server]
# Operační system : Windows 8.1 (x64)
# Uživatelské jméno : Gambac - GAMBO
# Spuštěno z : C:\Users\Gambac\Desktop\adwcleaner_4.207.exe
# Nastavení : Čištění

***** [ Služby ] *****

***** [ Soubory / Složky ] *****

***** [ Naplánované úlohy ] *****

***** [ Zástupci ] *****

***** [ Registry ] *****

Klíč Smazáno : HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}
Klíč Smazáno : HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}
Klíč Smazáno : HKLM\SOFTWARE\Classes\SDP
Klíč Smazáno : HKLM\SOFTWARE\1350adc3-1d9e-4f60-a1fe-9c4d4804f005
Klíč Smazáno : HKU\.DEFAULT\Software\Goobzo
Data Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>

***** [ Prohlížeče ] *****

-\\ Internet Explorer v11.0.9600.17840

-\\ Google Chrome v43.0.2357.130

-\\ Chromium v

*************************

AdwCleaner[R0].txt - [1221 bytů] - [30/06/2015 07:12:47]
AdwCleaner[S0].txt - [1140 bytů] - [30/06/2015 07:14:24]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1198 bytů] ##########

#4 Příspěvek od **altrok** » 30 čer 2015 08:44

Nainstalujte MBAM a udelejte vlastni sken vsech disku - http://forum.viry.cz/viewtopic.php?f=29&t=137928

Upozorneni: tento sken zabere od 30 minut po nekolik hodin

Gambac · #5 Příspěvek od **Gambac** » 30 čer 2015 08:46

Informace

Nejste oprávněn číst toto fórum

Mam namyslim MBAM.

Muze jej stahnout bez starosti z https://www.malwarebytes.org/ ?

Diky.

#6 Příspěvek od **altrok** » 30 čer 2015 08:54

Omlouvam se, doslo k aktualizaci navodu a zmenil se odkaz na dane tema. Diky za upozorneni.
http://forum.viry.cz/viewtopic.php?f=29&t=144868

Gambac · #7 Příspěvek od **Gambac** » 30 čer 2015 08:57

V pohode

S Mbam jsem uz pracoval, jen jsem si nebyl jisty, jestli neni nejaka upravena verze primo na foru.

Kazdopadne sken uz bezi, jak bude hotovy, tak prilozim log.

Diky.

Gambac · #8 Příspěvek od **Gambac** » 30 čer 2015 10:49

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 30. 6. 2015
Čas skenování: 9:54
Protokol: mbamtxt.txt
Správce: Ano

Verze: 2.1.8.1057
Databáze malwaru: v2015.06.30.01
Databáze rootkitů: v2015.06.26.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 8.1
CPU: x64
Souborový systém: NTFS
Uživatel: Gambac

Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 824338
Uplynulý čas: 1 hod, 52 min, 17 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 10
PUP.Optional.SensePlus.A, HKLM\SOFTWARE\WOW6432NODE\SensePlus-nv, , [ba1f447c8efc4aec7c4319e920e4946c],
PUP.Optional.CrossRider.C, HKLM\SOFTWARE\WOW6432NODE\APPDATALOW\SOFTWARE\Crossrider, , [5a7f14ac1476e254742eae4c54af32ce],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3EE61BA5-F2E6-41EC-B228-3F2339BA7D3C}, , [bc1d9e22fd8dbe782552454c58ad07f9],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4213E1F1-7D0C-4F2B-BFF5-AE1A5C2B1966}, , [ce0be9d72c5e3105f7820091f3129c64],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4637B3D1-7BFA-4545-8700-829A2CEF375E}, , [a534ebd57119fd39f088bad7dd28817f],
PUP.Optional.AppLid.A, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\App Lid, , [0fca4e72deacd95daf290b07e71d42be],
PUP.Optional.CrossRider.A, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, , [3e9b15abaedcd066f09d0b66947131cf],
PUP.Optional.SensePlus.A, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\SensePlus, , [1ebb60609deda591419e2ee1d430d030],
PUP.Optional.Crossrider.C, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\_CrossriderRegNamePlaceHolder_, , [dbfe348c5d2dfb3b38db246bad5855ab],
PUP.Optional.SensePlus.A, HKU\S-1-5-21-1363250933-3302703128-408898543-1004\SOFTWARE\SensePlus-nv, , [ce0bf9c75f2b6fc7b907e51d3fc5c739],

Hodnoty registru: 3
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3ee61ba5-f2e6-41ec-b228-3f2339ba7d3c}|AppName, SensePlus-bg.exe, , [bc1d9e22fd8dbe782552454c58ad07f9]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4213e1f1-7d0c-4f2b-bff5-ae1a5c2b1966}|AppName, SensePlus-codedownloader.exe, , [ce0be9d72c5e3105f7820091f3129c64]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4637b3d1-7bfa-4545-8700-829a2cef375e}|AppName, SensePlus-buttonutil.exe, , [a534ebd57119fd39f088bad7dd28817f]

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 3
PUP.Optional.Amonetize, C:\Users\Gambac\AppData\Local\Temp\grand.theft.auto.v.2015.dlc.s.full.unlocked.retail__10924_i1497772817_il450259.exe, , [4a8f8b3556346dc9bc4263272bdb50b0],
RiskWare.Tool.CK, C:\Hry\Crysis\Bin64\rzr-crys.exe, , [ca0fa818d3b747efa1880a80e11f57a9],
Trojan.VirTool, C:\Hry\Resident Evil 6\steam_api.dll, , [a3367b45d0baf145332562c59e6503fd],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)

(end)

#9 Příspěvek od **altrok** » 30 čer 2015 11:01

Posledni 2 polozky necham na Vas, zbytek smazte.

Dejte log FRST.txt, prilozte i Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101

Gambac · #10 Příspěvek od **Gambac** » 30 čer 2015 11:14

Ty posledni dva jsem taky smazal, predpokladam, ze to byl warez, jelikoz ty hry nemam na Steamu ani Originu koupeny

Addition je v priloze.

Diky.

Log z FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015 01
Ran by Gambac (administrator) on GAMBO on 30-06-2015 12:09:51
Running from C:\Users\Gambac\Desktop
Loaded Profiles: Gambac (Available Profiles: oem & Gambac)
Platform: Windows 8.1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Users\Gambac\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(C. Ghisler & Co.) C:\totalcmd\TOTALCMD.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-05-23] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5123216 2012-06-08] (VIA)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2014-11-03] (Razer Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-19] (Avast Software s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-06-19] (Avast Software s.r.o.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1363250933-3302703128-408898543-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://localoem.msn.com
HKU\S-1-5-21-1363250933-3302703128-408898543-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://localoem.msn.com
HKU\S-1-5-21-1363250933-3302703128-408898543-1004\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.tsbohemia.cz
HKU\S-1-5-21-1363250933-3302703128-408898543-1004\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.tsbohemia.cz
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1363250933-3302703128-408898543-1004 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-12-08] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-12-08] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 213.46.172.37 213.46.172.36
Tcpip\..\Interfaces\{6E56C6C5-F048-4787-9037-B506499320E9}: [DhcpNameServer] 213.46.172.37 213.46.172.36

FireFox:
========
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelogx64.dll [2015-04-23] (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelog.dll [2015-04-23] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2014-12-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-12-08] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-05-12] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-05-12] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)

Chrome:
=======
CHR Profile: C:\Users\Gambac\AppData\Local\Google\Chrome\User Data\Default
CHR Profile: C:\Users\Gambac\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Profile: C:\Users\Gambac\AppData\Local\Google\Chrome\User Data\Profile 4
CHR Extension: (YouTube) - C:\Users\Gambac\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-12]
CHR Extension: (Adblock Plus) - C:\Users\Gambac\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-06-12]
CHR Extension: (Google Search) - C:\Users\Gambac\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-12]
CHR Extension: (AdBlock) - C:\Users\Gambac\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-06-12]
CHR Extension: (Google Wallet) - C:\Users\Gambac\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-12]
CHR Extension: (Gmail) - C:\Users\Gambac\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-19] (Avast Software s.r.o.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-08] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-05-23] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23006864 2015-05-23] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1997168 2015-06-07] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-10-30] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [183488 2014-11-01] ()
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-18] (Razer, Inc.)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2012-05-04] (VIA Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-06-19] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-06-19] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-06-19] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-06-19] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-06-19] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-26] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-06-19] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-06-19] ()
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-03-14] (Disc Soft Ltd)
S3 igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [8934976 2012-07-05] (Intel Corporation) [File not signed]
S3 IntcDAud; C:\Windows\system32\DRIVERS\IntcDAud.sys [342528 2012-06-19] (Intel(R) Corporation) [File not signed]
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-02-13] ()
S3 L1C; C:\Windows\system32\DRIVERS\l1c51x64.sys [96368 2012-04-25] (Atheros Communications, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-23] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2015-04-03] (NVIDIA Corporation)
R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-18] (Razer, Inc.)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39592 2014-09-05] (Razer Inc)
R1 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [74432 2014-04-18] (Razer, Inc.)
R3 rzmpos; C:\Windows\System32\drivers\rzmpos.sys [35496 2014-09-05] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-11-01] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-10-23] (Razer, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-30 12:09 - 2015-06-30 12:10 - 00013177 _____ C:\Users\Gambac\Desktop\FRST.txt
2015-06-30 12:09 - 2015-06-30 12:09 - 02112512 _____ (Farbar) C:\Users\Gambac\Desktop\FRST64.exe
2015-06-30 12:09 - 2015-06-30 12:09 - 00000000 ____D C:\FRST
2015-06-30 11:47 - 2015-06-30 11:47 - 00003493 _____ C:\Users\Gambac\Desktop\mbamtxt.txt
2015-06-30 09:50 - 2015-06-30 09:54 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-30 09:50 - 2015-06-30 09:50 - 00001114 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-30 09:50 - 2015-06-30 09:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-30 09:50 - 2015-06-30 09:50 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-30 09:50 - 2015-06-30 09:50 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-30 09:50 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-30 09:50 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-30 09:50 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-30 09:49 - 2015-06-30 09:49 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Gambac\Desktop\mbam-setup-2.1.8.1057.exe
2015-06-30 07:12 - 2015-06-30 07:14 - 00000000 ____D C:\AdwCleaner
2015-06-30 07:12 - 2015-06-30 07:12 - 02244096 _____ C:\Users\Gambac\Desktop\adwcleaner_4.207.exe
2015-06-30 06:18 - 2015-06-30 06:18 - 00000303 _____ C:\Users\Gambac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Domácí skupina.lnk
2015-06-29 17:26 - 2015-06-30 12:07 - 00000000 ____D C:\Program Files\trend micro
2015-06-29 17:26 - 2015-06-29 17:26 - 01222144 _____ C:\Users\Gambac\Desktop\RSITx64.exe
2015-06-29 17:26 - 2015-06-29 17:26 - 00000000 ____D C:\rsit
2015-06-29 12:03 - 2015-06-29 12:03 - 00000680 _____ C:\Users\Gambac\Desktop\Kholat.lnk
2015-06-29 12:03 - 2015-06-29 12:03 - 00000000 ____D C:\Users\Gambac\AppData\Local\Kholat
2015-06-29 12:03 - 2015-06-29 12:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kholat
2015-06-27 19:28 - 2015-06-27 19:28 - 00000951 _____ C:\Users\Gambac\Desktop\rust – zástupce.lnk
2015-06-26 20:54 - 2015-06-09 22:10 - 00000450 _____ C:\Users\Gambac\Desktop\Rust-Revolution.cz - SERVER LIST.txt
2015-06-26 20:11 - 2015-06-26 20:11 - 00000000 ___SH C:\Users\Gambac\AppData\Local\LumaEmu
2015-06-26 20:00 - 2015-06-26 19:59 - 00241523 ____N C:\Program Files (x86)\Rust Client Experimantal v1261 Db60 Cracked.torrent
2015-06-26 19:59 - 2015-06-24 09:17 - 00002637 _____ C:\Program Files (x86)\resume.20150626.195952.dat
2015-06-26 16:35 - 2015-06-26 16:35 - 00001189 _____ C:\Users\Gambac\Desktop\Watch_Dogs.lnk
2015-06-25 20:47 - 2015-06-25 20:47 - 00000893 _____ C:\Users\Gambac\Desktop\Videa – zástupce.lnk
2015-06-24 09:18 - 2015-06-24 09:18 - 00000955 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Viscera Cleanup Detail Shadow Warrior.lnk
2015-06-24 09:18 - 2015-06-24 09:18 - 00000943 _____ C:\Users\Public\Desktop\Viscera Cleanup Detail Shadow Warrior.lnk
2015-06-24 09:15 - 2015-06-24 09:14 - 00041672 ____N C:\Program Files (x86)\Viscera.Cleanup.Detail.Shadow.Warrior-HI2U.torrent
2015-06-24 09:14 - 2015-06-22 12:35 - 00000058 _____ C:\Program Files (x86)\resume.20150624.091457.dat
2015-06-22 16:59 - 2015-06-22 16:59 - 00000222 _____ C:\Users\Gambac\Desktop\Dying Light.url
2015-06-22 16:50 - 2015-06-22 16:50 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab
2015-06-22 12:23 - 2015-06-22 11:58 - 00002146 _____ C:\Program Files (x86)\resume.20150622.122325.dat
2015-06-22 11:47 - 2015-06-22 11:47 - 00020341 ____N C:\Program Files (x86)\DyingLight-patch-1.6.0-DLC.exe.torrent
2015-06-22 11:47 - 2015-06-22 11:12 - 00036311 _____ C:\Program Files (x86)\resume.20150622.114720.dat
2015-06-22 11:24 - 2015-06-22 11:24 - 00000000 ____D C:\Users\Gambac\Documents\DyingLight
2015-06-22 09:48 - 2015-06-22 09:48 - 00036731 _____ C:\Program Files (x86)\resume.20150622.094815.dat
2015-06-22 07:48 - 2015-06-22 07:48 - 00058231 ____N C:\Program Files (x86)\Dying Light PC full game + DLC ^^nosTEAM^^.torrent
2015-06-22 07:48 - 2015-06-21 12:01 - 00018657 _____ C:\Program Files (x86)\resume.20150622.074805.dat
2015-06-21 12:22 - 2015-06-21 12:22 - 00001134 _____ C:\Users\Gambac\Desktop\EvilWithin.lnk
2015-06-21 12:02 - 2015-06-21 12:02 - 00000607 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Evil Within.lnk
2015-06-21 11:25 - 2015-06-21 11:25 - 00018251 _____ C:\Program Files (x86)\resume.20150621.112514.dat
2015-06-21 09:25 - 2015-06-21 09:24 - 00000058 _____ C:\Program Files (x86)\resume.20150621.092511.dat
2015-06-21 09:22 - 2015-06-21 09:22 - 00000903 _____ C:\Users\Gambac\Desktop\µTorrent.lnk
2015-06-21 09:22 - 2015-04-26 01:36 - 00000049 _____ C:\Program Files (x86)\utorrent.url
2015-06-21 09:22 - 2015-04-25 20:30 - 00294312 _____ (emc) C:\Program Files (x86)\uninstall.exe
2015-06-21 08:42 - 2015-06-21 08:42 - 00000941 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hatred.lnk
2015-06-21 08:42 - 2015-06-21 08:42 - 00000929 _____ C:\Users\Public\Desktop\Hatred.lnk
2015-06-21 08:28 - 2015-06-21 08:28 - 00000318 _____ C:\Users\Gambac\Desktop\SDÍLEJ.CZ Manager.appref-ms
2015-06-21 08:28 - 2015-06-21 08:28 - 00000000 ____D C:\Users\Gambac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SDÍLEJ.CZ
2015-06-21 06:57 - 2015-06-21 06:57 - 00000000 ____D C:\Users\Gambac\AppData\Local\Arktos Entertainment
2015-06-21 06:44 - 2015-06-21 06:44 - 00000000 ____D C:\Users\Gambac\Documents\Arktos
2015-06-21 06:44 - 2015-06-21 06:44 - 00000000 ____D C:\Users\Gambac\AppData\Local\Arktos
2015-06-20 21:04 - 2015-06-20 21:04 - 00000222 _____ C:\Users\Gambac\Desktop\Infestation Survivor Stories.url
2015-06-19 11:05 - 2015-06-19 11:05 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-06-19 11:05 - 2015-06-19 11:05 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-06-10 15:03 - 2015-06-10 15:03 - 00000000 ____D C:\Users\Gambac\AppData\Roaming\LolClient
2015-06-10 13:58 - 2015-06-10 13:58 - 00000000 ____D C:\ProgramData\Riot Games
2015-06-10 13:58 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2015-06-10 13:58 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2015-06-10 13:58 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2015-06-10 13:57 - 2015-06-10 13:58 - 00000000 ____D C:\Users\Gambac\AppData\Roaming\Riot Games
2015-06-10 13:57 - 2015-06-10 13:57 - 00001477 _____ C:\Users\Public\Desktop\League of Legends.lnk
2015-06-10 13:57 - 2015-06-10 13:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2015-06-10 08:23 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 08:23 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-10 08:23 - 2015-05-25 15:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-10 08:23 - 2015-05-25 15:07 - 01430528 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-10 08:23 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-10 08:23 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-10 08:23 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-10 08:23 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-10 08:23 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-10 08:23 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-10 08:23 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-10 08:23 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-10 08:23 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-10 08:23 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-10 08:23 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-10 08:23 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-10 08:23 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-10 08:23 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 08:23 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 08:23 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 08:23 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 08:23 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 08:23 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-10 08:23 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 08:23 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 08:23 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 08:23 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-10 08:23 - 2015-05-22 19:49 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-06-10 08:23 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 08:23 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-10 08:23 - 2015-04-25 04:34 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-10 08:23 - 2015-04-25 04:33 - 00549888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-10 08:23 - 2015-04-16 08:17 - 00325464 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2015-06-10 08:23 - 2015-04-14 00:37 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\authz.dll
2015-06-10 08:23 - 2015-04-14 00:34 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authz.dll
2015-06-10 08:23 - 2015-04-10 02:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2015-06-10 08:23 - 2015-04-10 02:17 - 01018880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2015-06-10 08:23 - 2015-04-09 00:41 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rgb9rast.dll
2015-06-10 08:23 - 2015-04-09 00:07 - 00410336 _____ C:\Windows\system32\ApnDatabase.xml
2015-06-10 08:23 - 2015-04-02 00:42 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-06-10 08:23 - 2015-04-02 00:30 - 02483712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-06-10 08:23 - 2015-04-01 06:21 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2015-06-10 08:23 - 2015-04-01 06:18 - 00468480 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2015-06-10 08:23 - 2015-04-01 06:17 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2015-06-10 08:23 - 2015-04-01 06:08 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2015-06-10 08:23 - 2015-04-01 05:46 - 03633664 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2015-06-10 08:23 - 2015-04-01 05:17 - 02551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2015-06-10 08:23 - 2015-04-01 05:17 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2015-06-10 08:23 - 2015-04-01 04:53 - 00391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2015-06-10 08:23 - 2015-04-01 04:53 - 00272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2015-06-10 08:23 - 2015-04-01 04:45 - 02749952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2015-06-10 08:23 - 2015-04-01 04:45 - 00699392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2015-06-10 08:23 - 2015-04-01 04:14 - 01920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2015-06-10 08:23 - 2015-04-01 04:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2015-06-10 08:23 - 2015-03-20 05:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\compstui.dll
2015-06-10 08:23 - 2015-03-20 05:08 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2015-06-10 08:23 - 2015-03-20 04:37 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2015-06-10 08:23 - 2015-03-20 04:07 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-06-10 08:23 - 2015-03-02 03:43 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\rastapi.dll
2015-06-10 08:23 - 2015-03-02 03:21 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastapi.dll
2015-06-10 08:22 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-10 08:22 - 2015-05-23 04:47 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-06-10 08:22 - 2015-05-23 04:43 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-06-10 08:22 - 2015-05-23 04:38 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-10 08:22 - 2015-05-23 04:28 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-06-10 08:22 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 08:22 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 08:22 - 2015-05-22 20:23 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-06-10 08:22 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 08:22 - 2015-05-22 20:15 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-06-10 08:22 - 2015-05-22 20:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-06-10 08:22 - 2015-05-22 20:08 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-10 08:22 - 2015-05-21 18:47 - 04177920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-08 17:55 - 2015-06-08 17:55 - 00000219 _____ C:\Users\Gambac\Desktop\Team Fortress 2.url
2015-06-07 20:21 - 2015-06-07 20:21 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-06-07 20:21 - 2015-04-03 15:21 - 00048784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-06-07 20:21 - 2015-04-03 15:21 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-06-05 08:46 - 2015-05-22 15:08 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-05 08:46 - 2015-05-21 15:08 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-05 08:46 - 2015-05-21 15:08 - 01020928 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-05 08:46 - 2015-05-21 15:08 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-05 08:46 - 2015-05-21 15:08 - 00422912 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-05 08:46 - 2015-05-21 15:08 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-05 08:46 - 2015-05-21 15:08 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-05 08:46 - 2015-04-17 00:07 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-04 15:06 - 2015-06-04 15:06 - 00000000 ____D C:\Users\Gambac\AppData\Roaming\A
2015-06-04 15:05 - 2015-06-04 15:05 - 00000000 ____D C:\Users\Gambac\AppData\Local\A
2015-06-01 17:59 - 2014-04-16 01:35 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2015-06-01 17:59 - 2014-04-16 01:34 - 00029888 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2015-06-01 17:54 - 2015-06-01 17:54 - 00000000 ____D C:\Users\Gambac\AppData\Local\GWX

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-30 12:09 - 2015-03-04 00:05 - 01372159 _____ C:\Windows\WindowsUpdate.log
2015-06-30 12:06 - 2015-02-07 14:07 - 00000968 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-30 12:05 - 2015-04-18 09:05 - 00052358 _____ C:\Windows\PFRO.log
2015-06-30 12:05 - 2015-03-09 13:43 - 00024160 _____ C:\Windows\setupact.log
2015-06-30 12:05 - 2014-02-03 23:08 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-30 12:05 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\Camera
2015-06-30 12:05 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-30 12:04 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-06-30 12:00 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\sru
2015-06-30 11:18 - 2015-02-07 14:07 - 00000972 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-30 11:11 - 2014-03-17 17:50 - 02818560 ___SH C:\Users\Gambac\Desktop\Thumbs.db
2015-06-30 06:12 - 2014-03-13 20:46 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1363250933-3302703128-408898543-1004
2015-06-29 12:03 - 2014-03-13 20:56 - 00000000 ____D C:\Hry
2015-06-29 11:36 - 2015-03-15 17:11 - 00000000 ____D C:\Users\Gambac\AppData\Local\Deployment
2015-06-27 23:12 - 2014-03-13 21:40 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-27 23:01 - 2014-03-14 19:47 - 00000000 ____D C:\Users\Gambac\AppData\Local\Battle.net
2015-06-26 23:05 - 2014-12-08 22:04 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswsp.sys
2015-06-26 20:01 - 2014-07-09 19:39 - 00010474 _____ C:\Program Files (x86)\resume.dat.old
2015-06-26 20:01 - 2014-07-09 19:39 - 00010466 _____ C:\Program Files (x86)\resume.dat
2015-06-26 20:01 - 2014-07-09 19:39 - 00006308 _____ C:\Program Files (x86)\settings.dat
2015-06-26 20:01 - 2014-07-09 19:39 - 00000711 _____ C:\Program Files (x86)\dht.dat
2015-06-26 20:01 - 2014-07-09 19:39 - 00000099 _____ C:\Program Files (x86)\rss.dat
2015-06-26 19:59 - 2014-07-09 19:39 - 00006286 _____ C:\Program Files (x86)\settings.dat.old
2015-06-26 10:41 - 2014-05-30 20:10 - 00281688 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2015-06-26 10:41 - 2014-05-25 14:42 - 00281688 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2015-06-26 08:06 - 2014-06-15 22:33 - 00000000 ____D C:\Users\Gambac\AppData\Local\Ubisoft Game Launcher
2015-06-26 08:06 - 2014-04-04 20:33 - 00000504 _____ C:\Users\Gambac\Desktop\hesla etc.txt
2015-06-25 20:54 - 2015-04-10 19:29 - 00000000 ____D C:\Users\Gambac\AppData\Local\Popcorn-Time
2015-06-25 20:46 - 2014-05-25 09:20 - 00000000 ____D C:\Mix
2015-06-25 20:38 - 2015-01-04 18:34 - 00001588 _____ C:\Users\Gambac\Desktop\Fahrenheit.lnk
2015-06-25 20:35 - 2014-05-08 23:53 - 00001804 _____ C:\Users\Gambac\Desktop\Outlast.lnk
2015-06-25 20:27 - 2014-09-20 16:21 - 00001077 _____ C:\Users\Gambac\Desktop\Dark Souls II.lnk
2015-06-25 08:36 - 2014-05-25 14:42 - 00281688 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2015-06-25 08:24 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2015-06-24 09:19 - 2015-03-15 18:43 - 00075650 _____ C:\Windows\DirectX.log
2015-06-24 09:17 - 2014-07-09 19:39 - 00004040 _____ C:\Program Files (x86)\dht.dat.old
2015-06-24 09:17 - 2014-07-09 19:39 - 00000099 _____ C:\Program Files (x86)\rss.dat.old
2015-06-21 23:04 - 2014-03-14 19:46 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-06-21 09:22 - 2014-03-17 10:55 - 00000000 ____D C:\Users\Gambac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uTorrent
2015-06-21 09:19 - 2014-05-10 17:58 - 00000000 ____D C:\Users\Gambac\AppData\Roaming\BitComet
2015-06-21 08:47 - 2015-01-04 15:59 - 00000000 ____D C:\ProgramData\Package Cache
2015-06-21 06:42 - 2014-03-20 15:02 - 00000000 ___HD C:\Windows\msdownld.tmp
2015-06-21 06:42 - 2014-03-20 15:02 - 00000000 ____D C:\Windows\SysWOW64\directx
2015-06-20 23:28 - 2014-03-13 20:41 - 00000000 ____D C:\Users\Gambac
2015-06-20 05:02 - 2015-03-12 15:56 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-20 05:02 - 2015-03-12 15:56 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-19 11:05 - 2014-12-08 22:04 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-06-19 11:05 - 2014-12-08 22:04 - 00272248 _____ C:\Windows\system32\Drivers\aswVmm.sys
2015-06-19 11:05 - 2014-12-08 22:04 - 00137288 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-06-19 11:05 - 2014-12-08 22:04 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-06-19 11:05 - 2014-12-08 22:04 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-06-19 11:05 - 2014-12-08 22:04 - 00065736 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2015-06-19 11:05 - 2014-12-08 22:04 - 00029168 _____ C:\Windows\system32\Drivers\aswHwid.sys
2015-06-19 11:05 - 2014-12-08 22:04 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-06-15 21:27 - 2014-03-13 22:53 - 00000000 ____D C:\Users\Gambac\AppData\Roaming\TS3Client
2015-06-14 09:33 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2015-06-11 07:27 - 2013-08-22 16:44 - 00485352 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-10 22:26 - 2015-04-17 22:14 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-10 22:26 - 2015-03-12 13:25 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-10 22:26 - 2013-08-22 17:36 - 00000000 ___RD C:\Windows\ToastData
2015-06-10 22:26 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-10 09:52 - 2014-03-19 18:48 - 00000000 ____D C:\Windows\system32\MRT
2015-06-10 09:48 - 2014-03-19 18:48 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-09 11:18 - 2013-11-01 17:01 - 01771710 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-09 11:18 - 2013-08-23 00:08 - 00746994 _____ C:\Windows\system32\perfh005.dat
2015-06-09 11:18 - 2013-08-23 00:08 - 00155994 _____ C:\Windows\system32\perfc005.dat
2015-06-09 11:14 - 2014-03-20 20:09 - 00000000 ____D C:\Users\Gambac\AppData\Roaming\vlc
2015-06-07 23:00 - 2014-05-30 10:13 - 00000000 ____D C:\ProgramData\Origin
2015-06-07 20:34 - 2014-02-03 23:08 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-06-07 09:04 - 2014-05-30 20:09 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2015-06-07 09:02 - 2014-05-30 10:14 - 00000000 ____D C:\Users\Gambac\AppData\Roaming\Origin
2015-06-07 09:01 - 2014-05-30 10:13 - 00000000 ____D C:\Program Files (x86)\Origin
2015-06-06 22:21 - 2015-04-14 21:31 - 00000080 _____ C:\Users\Gambac\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦

==================== Files in the root of some directories =======

2014-07-09 19:39 - 2015-04-25 20:30 - 0006026 _____ () C:\Program Files (x86)\current.btskin
2014-07-09 19:39 - 2015-06-26 20:01 - 0000711 _____ () C:\Program Files (x86)\dht.dat
2014-07-09 19:39 - 2015-06-24 09:17 - 0004040 _____ () C:\Program Files (x86)\dht.dat.old
2015-06-22 07:48 - 2015-06-22 07:48 - 0058231 ____N () C:\Program Files (x86)\Dying Light PC full game + DLC ^^nosTEAM^^.torrent
2015-06-22 11:47 - 2015-06-22 11:47 - 0020341 ____N () C:\Program Files (x86)\DyingLight-patch-1.6.0-DLC.exe.torrent
2015-06-21 09:25 - 2015-06-21 09:24 - 0000058 _____ () C:\Program Files (x86)\resume.20150621.092511.dat
2015-06-21 11:25 - 2015-06-21 11:25 - 0018251 _____ () C:\Program Files (x86)\resume.20150621.112514.dat
2015-06-22 07:48 - 2015-06-21 12:01 - 0018657 _____ () C:\Program Files (x86)\resume.20150622.074805.dat
2015-06-22 09:48 - 2015-06-22 09:48 - 0036731 _____ () C:\Program Files (x86)\resume.20150622.094815.dat
2015-06-22 11:47 - 2015-06-22 11:12 - 0036311 _____ () C:\Program Files (x86)\resume.20150622.114720.dat
2015-06-22 12:23 - 2015-06-22 11:58 - 0002146 _____ () C:\Program Files (x86)\resume.20150622.122325.dat
2015-06-24 09:14 - 2015-06-22 12:35 - 0000058 _____ () C:\Program Files (x86)\resume.20150624.091457.dat
2015-06-26 19:59 - 2015-06-24 09:17 - 0002637 _____ () C:\Program Files (x86)\resume.20150626.195952.dat
2014-07-09 19:39 - 2015-06-26 20:01 - 0010466 _____ () C:\Program Files (x86)\resume.dat
2014-07-09 19:39 - 2015-06-26 20:01 - 0010474 _____ () C:\Program Files (x86)\resume.dat.old
2014-07-09 19:39 - 2015-06-26 20:01 - 0000099 _____ () C:\Program Files (x86)\rss.dat
2014-07-09 19:39 - 2015-06-24 09:17 - 0000099 _____ () C:\Program Files (x86)\rss.dat.old
2015-06-26 20:00 - 2015-06-26 19:59 - 0241523 ____N () C:\Program Files (x86)\Rust Client Experimantal v1261 Db60 Cracked.torrent
2014-07-09 19:39 - 2015-06-26 20:01 - 0006308 _____ () C:\Program Files (x86)\settings.dat
2014-07-09 19:39 - 2015-06-26 19:59 - 0006286 _____ () C:\Program Files (x86)\settings.dat.old
2014-07-09 19:39 - 2015-04-25 20:30 - 0027702 _____ () C:\Program Files (x86)\toolbar.bmp
2015-06-21 09:22 - 2015-04-25 20:30 - 0294312 _____ (emc) C:\Program Files (x86)\uninstall.exe
2014-07-09 19:39 - 2015-04-25 20:30 - 0189387 _____ () C:\Program Files (x86)\utorrent-221-25534.chm
2014-07-09 19:39 - 2015-02-22 21:30 - 0416168 _____ (BitTorrent, Inc.) C:\Program Files (x86)\utorrent.exe
2014-07-09 19:39 - 2015-04-25 20:30 - 0039237 _____ () C:\Program Files (x86)\utorrent.lng
2015-06-21 09:22 - 2015-04-26 01:36 - 0000049 _____ () C:\Program Files (x86)\utorrent.url
2015-06-24 09:15 - 2015-06-24 09:14 - 0041672 ____N () C:\Program Files (x86)\Viscera.Cleanup.Detail.Shadow.Warrior-HI2U.torrent
2014-07-09 19:39 - 2015-04-25 20:30 - 0184512 _____ () C:\Program Files (x86)\webui.zip
2014-07-24 11:26 - 2002-08-29 19:33 - 0319488 ____R () C:\Users\Gambac\AppData\Roaming\MafiaSetup.exe
2014-07-13 23:23 - 2014-07-13 23:23 - 0000094 _____ () C:\Users\Gambac\AppData\Local\fusioncache.dat
2015-06-26 20:11 - 2015-06-26 20:11 - 0000000 ___SH () C:\Users\Gambac\AppData\Local\LumaEmu

Some files in TEMP:
====================
C:\Users\Gambac\AppData\Local\Temp\Bass.dll
C:\Users\Gambac\AppData\Local\Temp\Bass.Net.dll
C:\Users\Gambac\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Gambac\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Gambac\AppData\Local\Temp\nvStInst.exe
C:\Users\Gambac\AppData\Local\Temp\Quarantine.exe
C:\Users\Gambac\AppData\Local\Temp\sqlite3.dll
C:\Users\Gambac\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-06-28 09:25

==================== End of log ============================

#11 Příspěvek od **altrok** » 30 čer 2015 12:59

Predpokladate spravne

Odinstalujte starou a zranitelnou verzi javy Java 7 Update 25. Pokud javu potrebujete, pak nainstalujte novou z java.com - pozor na adware pri jeji instalaci http://forum.viry.cz/viewtopic.php?p=1374438#p1374438 . Z hlediska bezpecnosti (exploity) je lepsi ji nemit.

Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
znovu spustte FRST a kliknete na Fix

po restartu bude na plose ulozen fixlog, jehoz obsah mi vlozte do pristi odpovedi

Kód: Vybrat vše

Start
CloseProcesses:
File: C:\Program Files (x86)\uninstall.exe
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-05-23] (NVIDIA Corporation)
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
2015-06-30 09:49 - 2015-06-30 09:49 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Gambac\Desktop\mbam-setup-2.1.8.1057.exe
2015-06-30 07:12 - 2015-06-30 07:14 - 00000000 ____D C:\AdwCleaner
2015-06-30 07:12 - 2015-06-30 07:12 - 02244096 _____ C:\Users\Gambac\Desktop\adwcleaner_4.207.exe
2015-06-29 17:26 - 2015-06-30 12:07 - 00000000 ____D C:\Program Files\trend micro
2015-06-29 17:26 - 2015-06-29 17:26 - 01222144 _____ C:\Users\Gambac\Desktop\RSITx64.exe
2015-06-29 17:26 - 2015-06-29 17:26 - 00000000 ____D C:\rsit

Task: {241E7B7B-A1EE-437E-90FD-3F63328DBDEF} - System32\Tasks\{C532A2DB-060A-4EF0-9F46-141567D21D07} => pcalua.exe -a C:\Hry\Mafia\Game.exe -d C:\Hry\Mafia\
Task: {553397E8-5177-44E2-980D-E926C501A0EC} - System32\Tasks\Java Updater => C:\Users\Gambac\AppData\Roaming\nircmd.exe
Task: {59FC6045-6003-4F22-9174-F2A9544661CB} - System32\Tasks\{E4C4F4B1-0793-4D82-9579-80738BBBF5BA} => pcalua.exe -a C:\Users\Gambac\AppData\Roaming\Seznam.cz\szninstall.exe -c -X
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
EmptyTemp:
End

Gambac · #12 Příspěvek od **Gambac** » 30 čer 2015 13:43

Fix result of Farbar Recovery Scan Tool (x64) Version:28-06-2015 01
Ran by Gambac at 2015-06-30 14:39:26 Run:1
Running from C:\Users\Gambac\Desktop
Loaded Profiles: Gambac (Available Profiles: oem & Gambac)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
File: C:\Program Files (x86)\uninstall.exe
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-05-23] (NVIDIA Corporation)
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
2015-06-30 09:49 - 2015-06-30 09:49 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Gambac\Desktop\mbam-setup-2.1.8.1057.exe
2015-06-30 07:12 - 2015-06-30 07:14 - 00000000 ____D C:\AdwCleaner
2015-06-30 07:12 - 2015-06-30 07:12 - 02244096 _____ C:\Users\Gambac\Desktop\adwcleaner_4.207.exe
2015-06-29 17:26 - 2015-06-30 12:07 - 00000000 ____D C:\Program Files\trend micro
2015-06-29 17:26 - 2015-06-29 17:26 - 01222144 _____ C:\Users\Gambac\Desktop\RSITx64.exe
2015-06-29 17:26 - 2015-06-29 17:26 - 00000000 ____D C:\rsit

Task: {241E7B7B-A1EE-437E-90FD-3F63328DBDEF} - System32\Tasks\{C532A2DB-060A-4EF0-9F46-141567D21D07} => pcalua.exe -a C:\Hry\Mafia\Game.exe -d C:\Hry\Mafia\
Task: {553397E8-5177-44E2-980D-E926C501A0EC} - System32\Tasks\Java Updater => C:\Users\Gambac\AppData\Roaming\nircmd.exe
Task: {59FC6045-6003-4F22-9174-F2A9544661CB} - System32\Tasks\{E4C4F4B1-0793-4D82-9579-80738BBBF5BA} => pcalua.exe -a C:\Users\Gambac\AppData\Roaming\Seznam.cz\szninstall.exe -c -X
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
EmptyTemp:
End
*****************

Processes closed successfully.

========================= File: C:\Program Files (x86)\uninstall.exe ========================

MD5: B3EE434A89344CBA85B79B45F90C2685
Creation and modification date: 2015-06-21 09:22 - 2015-04-25 20:30
Size: 0294312
Attributes: ----A
Company Name: emc
Internal Name:
Original Name:
Product Name:
Description: µTorrent Uninstall & Backup
File Version: 2.2.1.25534
Product Version:
Copyright$creamod: © 2015 emc, uTorrent.CZ

====== End of File: ======

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\NvBackend => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
C:\Users\Gambac\Desktop\mbam-setup-2.1.8.1057.exe => moved successfully.
C:\AdwCleaner => moved successfully.
C:\Users\Gambac\Desktop\adwcleaner_4.207.exe => moved successfully.
C:\Program Files\trend micro => moved successfully.
C:\Users\Gambac\Desktop\RSITx64.exe => moved successfully.
C:\rsit => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{241E7B7B-A1EE-437E-90FD-3F63328DBDEF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{241E7B7B-A1EE-437E-90FD-3F63328DBDEF}" => key removed successfully
C:\Windows\System32\Tasks\{C532A2DB-060A-4EF0-9F46-141567D21D07} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C532A2DB-060A-4EF0-9F46-141567D21D07}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{553397E8-5177-44E2-980D-E926C501A0EC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{553397E8-5177-44E2-980D-E926C501A0EC}" => key removed successfully
C:\Windows\System32\Tasks\Java Updater => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Java Updater" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{59FC6045-6003-4F22-9174-F2A9544661CB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{59FC6045-6003-4F22-9174-F2A9544661CB}" => key removed successfully
C:\Windows\System32\Tasks\{E4C4F4B1-0793-4D82-9579-80738BBBF5BA} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E4C4F4B1-0793-4D82-9579-80738BBBF5BA}" => key removed successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully.
EmptyTemp: => 3.5 GB temporary data Removed.

The system needed a reboot..

==== End of Fixlog 14:39:54 ====

#13 Příspěvek od **altrok** » 30 čer 2015 13:55

Takze jeste uklidime.

Stahnete a spustte DelFix - https://toolslib.net/downloads/viewdownload/2-delfix/
Oznacte jen moznost "Remove disinfection tools"
kliknete na Run

A pokud nejsou dotazy ci jine problemy, je to ode mne vse.

Gambac · #14 Příspěvek od **Gambac** » 30 čer 2015 14:02

Hotovo

Diky za čas a jako vždy klobouček

PS: Jeste jeden dotaz (pak muzete uzavrit) - v posledni dobe se dele nacita plocha windows, respektive nacte se za stejne dlouhou dobu, ale pak trva cca minutu nez se objevi zastupci. Muzete to byt velkym poctem zastupců? Cca 100.

#15 Příspěvek od **altrok** » 30 čer 2015 14:09

Nemyslim si, ze by to bylo zpusobeno poctem zastupcu jako spis celkovou velikosti adresare plocha (Desktop). Pokud mate na plose velke soubory a slozky, presunte je napr. do dokumentu a na plochu umistete jen zastupce. Take by mohla pomoct defragmentace disku (pokud nemate SSD).

Samotneho by me zajimalo, zda Vam to pomuze, takze tema necham otevrene a budu rad, kdyz se behem par dnu ozvete, zda defragmentace/snizeni velikosti plochy pomohlo.

Prozatim nemate zac

VIRY.CZ

Preventivni kontrola

Preventivni kontrola

Re: Preventivni kontrola

Re: Preventivni kontrola

Re: Preventivni kontrola

Re: Preventivni kontrola

Re: Preventivni kontrola

Re: Preventivni kontrola

Re: Preventivni kontrola

Re: Preventivni kontrola

Re: Preventivni kontrola

Re: Preventivni kontrola

Re: Preventivni kontrola

Re: Preventivni kontrola

Re: Preventivni kontrola

Re: Preventivni kontrola