Keylogger?

Zpráva

Meggie · #1 Příspěvek od **Meggie** » 08 črc 2015 08:34

Dobrý den,

moc Vás prosím o pomoc, asi před 3 dny mi začala blbnout pc. Hrozné zpomalení, dlouhé načítání stránek, vyskakují mi pořád nějaké reklamy na aktuální stránce nebo se otevře nová s reklamou. U všeho mám napsané: powered by key, ad by the adblock a podobně. Po delším hledání na netu jsem zjistila, že by se mohlo jednat o virus Keylogger. Je to pravda? A jak se toho všeho zbavit? Mám v pc Avast, včera jsem dělala test, něco to našlo a přesunulo do truhly, ale věc stejně pokračuje dále. Moc prosím o rychlou odpověď, dopisuju tenhle týden diplomku a nedá se s tím pracovat.

Mockrát děkuji za jakoukoliv pomoc,
Markéta

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-07-2015
Ran by sweety (administrator) on PC on 08-07-2015 10:17:36
Running from C:\Users\sweety\Downloads
Loaded Profiles: sweety (Available Profiles: sweety & Administrator)
Platform: Windows 8.1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(PS Media s.r.o.) C:\Users\sweety\AppData\Roaming\StartMenu\StartMenu.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wsqmcons.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officec2rclient.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msoia.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\olicenseheartbeat.exe
() C:\Users\sweety\Downloads\RSIT.exe
(Trend Micro Inc.) C:\Program Files (x86)\trend micro\sweety.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\sdclt.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [PowerSkin] => c:\windows\temp\PowerSkin\PowerSkin.exe <===== ATTENTION
HKLM\...\Run: [DisableS3S4] => c:\windows\temp\DisableS3S464\sethigh.cmd <===== ATTENTION
HKLM\...\Run: [AuditSHD] => C:\windows\system32\oobe\auditshd.exe [30208 2014-10-29] (Microsoft Corporation)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764032 2012-08-10] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-08-10] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [90832 2012-06-07] (ASUS)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5264016 2012-08-16] (VIA)
HKLM-x32\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [366720 2012-08-23] (Alcor Micro Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-28] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-07-07] (Avast Software s.r.o.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1033858388-2215584304-1103054407-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-1033858388-2215584304-1103054407-1001\...\Run: [StartMenu] => C:\Users\sweety\AppData\Roaming\StartMenu\StartMenu.exe [3359872 2015-02-09] (PS Media s.r.o.)
HKU\S-1-5-21-1033858388-2215584304-1103054407-1001\...\Run: [ShowDesktopAsRun] => C:\Users\sweety\AppData\Roaming\StartMenu\desktop.scf [81 2014-12-29] ()
HKU\S-1-5-21-1033858388-2215584304-1103054407-1001\...\Run: [PCSpeedUp] => C:\Program Files (x86)\Zrychleni Pocitace\PCSUNotifier.exe [354760 2015-06-29] (Optimal Software s.r.o.)
HKU\S-1-5-21-1033858388-2215584304-1103054407-1001\...\Run: [apphide] => C:\Program Files (x86)\baidu\baidu.exe [61440 2015-06-20] ()
HKU\S-1-5-21-1033858388-2215584304-1103054407-1001\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKU\S-1-5-21-1033858388-2215584304-1103054407-1001\...\Run: [HCDNClient] => C:\IQIYI Video\Common\QyKernel.exe [576104 2015-05-12] (iQIYI.COM)
HKU\S-1-5-21-1033858388-2215584304-1103054407-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Ribbons.scr [132608 2014-10-29] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk [2012-09-22]
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-07] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds& ... earchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds& ... earchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds& ... earchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds& ... earchTerms}
HKU\S-1-5-21-1033858388-2215584304-1103054407-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1033858388-2215584304-1103054407-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkID= ... n.com&OSP=
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-08-10] (Qualcomm Atheros Commnucations)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-07] (Avast Software s.r.o.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-05-12] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-07] (Avast Software s.r.o.)
BHO-x32: No Name -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> No File
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
BHO-x32: °®ĆćŇŐÖúĘÖ -> {FB4F6285-4C32-49F2-950F-A5998F9CEC6C} -> C:\IQIYI Video\Common\Accelerator\IEHelper.dll [2015-04-29] (爱奇艺)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{8BB8FB53-2010-40A8-A652-6C3BAA166B04}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{8BE840B6-453F-4810-BF03-1E0CC0F5AC41}: [DhcpNameServer] 40.52.1.201 40.52.1.203
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsurf.com/?type=sc&ts=1 ... XXW0Q57LEX

FireFox:
========
FF ProfilePath: C:\Users\sweety\AppData\Roaming\Mozilla\Firefox\Profiles\06wxdfhu.default
FF Plugin: @iqiyi.com/npclient -> C:\IQIYI Video\LStyle\npclient.dll [2015-05-12] ()
FF Plugin: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [2015-04-29] (爱奇艺公司)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @iqiyi.com/npclient -> C:\IQIYI Video\LStyle\npclient.dll [2015-05-12] ()
FF Plugin-x32: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [2015-04-29] (爱奇艺公司)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-01-06] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1033858388-2215584304-1103054407-1001: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [2015-04-29] (爱奇艺公司)
FF Extension: shoppingassistookongcom - C:\Users\sweety\AppData\Roaming\Mozilla\Firefox\Profiles\06wxdfhu.default\Extensions\shoppingassist@ookong.com [2015-07-06]
FF Extension: PriuceLessu - C:\Users\sweety\AppData\Roaming\Mozilla\Firefox\Profiles\06wxdfhu.default\Extensions\xUqYmT1@seu.edu [2015-07-02]
FF HKLM-x32\...\Firefox\Extensions: [searchffv2@gmail.com] - C:\Users\sweety\AppData\Roaming\Mozilla\Firefox\Profiles\06wxdfhu.default\extensions\searchffv2@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-07-07]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\prefs.js [2015-07-06]

Chrome:
=======
CHR Profile: C:\Users\sweety\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\sweety\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-29]
CHR Extension: (gomekmidlodglbbmalcneegieacbdmki) - C:\Users\sweety\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-07-06]
CHR Extension: (Google Wallet) - C:\Users\sweety\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-29]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-07]

Opera:
=======
OPR Extension: (gomekmidlodglbbmalcneegieacbdmki) - C:\Users\sweety\AppData\Roaming\Opera Software\Opera Stable\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-07-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-07-07] (Avast Software s.r.o.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2139328 2014-05-27] (Comodo Security Solutions, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-14] (VIA Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-10] (Atheros) [File not signed]
S2 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe" [X]
S2 Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [X]
S2 Update Any Angle; "C:\Program Files (x86)\Any Angle\updateAnyAngle.exe" [X]
S2 Util Any Angle; "C:\Program Files (x86)\Any Angle\bin\utilAnyAngle.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-07-07] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-07-07] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-07] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-07-07] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-07-07] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-07-07] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-07-07] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-07-07] ()
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-04-16] (ASUS Corporation)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-10] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R1 {af4544c3-8164-4ea3-8b1f-aae2249b7524}Gw64; C:\Windows\System32\drivers\{af4544c3-8164-4ea3-8b1f-aae2249b7524}Gw64.sys [48752 2015-07-02] (StdLib)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-08 10:22 - 2015-07-08 10:24 - 57405952 _____ C:\Users\sweety\Downloads\eset-nod32-antivirus_5.0.9564bit.msi
2015-07-08 10:17 - 2015-07-08 10:23 - 00021053 _____ C:\Users\sweety\Downloads\FRST.txt
2015-07-08 10:15 - 2015-07-08 10:18 - 00000000 ____D C:\FRST
2015-07-08 10:14 - 2015-07-08 10:15 - 02112512 _____ (Farbar) C:\Users\sweety\Downloads\FRST64.exe
2015-07-08 09:38 - 2015-07-08 09:38 - 00000000 ____D C:\rsit
2015-07-08 09:38 - 2015-07-08 09:38 - 00000000 ____D C:\Program Files (x86)\trend micro
2015-07-08 09:37 - 2015-07-08 09:37 - 01107968 _____ C:\Users\sweety\Downloads\RSIT (1).exe
2015-07-08 09:36 - 2015-07-08 09:37 - 01107968 _____ C:\Users\sweety\Downloads\RSIT.exe
2015-07-07 19:58 - 2015-07-07 19:58 - 00000000 ____D C:\Users\sweety\AppData\Roaming\AVAST Software
2015-07-07 19:57 - 2015-07-07 19:57 - 00001940 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-07-07 19:57 - 2015-07-07 19:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-07-07 19:56 - 2015-07-07 19:56 - 00442264 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswsp.sys
2015-07-07 19:56 - 2015-07-07 19:56 - 00364472 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\aswBoot.exe
2015-07-07 19:56 - 2015-07-07 19:56 - 00272248 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-07-07 19:56 - 2015-07-07 19:56 - 00137288 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-07-07 19:56 - 2015-07-07 19:56 - 00093528 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-07-07 19:56 - 2015-07-07 19:56 - 00089944 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-07-07 19:56 - 2015-07-07 19:56 - 00065736 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-07-07 19:56 - 2015-07-07 19:56 - 00043112 _____ (Avast Software s.r.o.) C:\WINDOWS\avastSS.scr
2015-07-07 19:56 - 2015-07-07 19:56 - 00029168 _____ C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-07-07 19:56 - 2015-07-07 19:56 - 00003924 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-07-07 19:56 - 2015-07-07 19:55 - 01047320 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-07-07 19:54 - 2015-07-07 19:54 - 05499992 _____ (Avast Software s.r.o.) C:\Users\sweety\Downloads\avast_free_antivirus_setup_online.exe
2015-07-07 19:54 - 2015-07-07 19:54 - 00000000 ____D C:\Program Files\AVAST Software
2015-07-07 19:20 - 2015-07-07 19:20 - 00000000 ____D C:\ProgramData\ESET
2015-07-07 19:20 - 2015-07-07 19:20 - 00000000 ____D C:\Program Files\ESET
2015-07-07 19:13 - 2015-07-07 19:15 - 01761992 _____ (ESET) C:\Users\sweety\Downloads\eset_nod32_antivirus_live_installer_.exe
2015-07-07 18:26 - 2015-07-08 09:00 - 00003076 _____ C:\WINDOWS\System32\Tasks\Advanced System~Protector_startup
2015-07-07 18:26 - 2015-07-07 18:26 - 00003664 _____ C:\WINDOWS\System32\Tasks\Advanced System~Protector
2015-07-07 18:25 - 2015-07-07 18:25 - 00000024 _____ C:\Users\sweety\AppData\Roaming\appdataFr25.bin
2015-07-07 18:23 - 2015-07-07 18:23 - 00000000 ____D C:\Users\sweety\AppData\Roaming\Systweak
2015-07-07 18:22 - 2015-07-07 18:22 - 00001059 _____ C:\Users\Public\Desktop\Advanced System~Protector.lnk
2015-07-07 18:22 - 2015-07-07 18:22 - 00000000 ____D C:\ProgramData\Systweak
2015-07-07 18:22 - 2015-07-07 18:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System~Protector
2015-07-07 18:19 - 2015-07-07 19:49 - 00000000 ____D C:\Program Files (x86)\ASP
2015-07-07 18:18 - 2015-07-07 18:21 - 05530096 _____ (Advanced System Protector ) C:\Users\sweety\Downloads\aspsetup (1).exe
2015-07-07 18:18 - 2015-06-24 18:20 - 00023336 _____ C:\WINDOWS\system32\sasnative64.exe
2015-07-07 18:12 - 2015-07-07 18:14 - 05530096 _____ (Advanced System Protector ) C:\Users\sweety\Downloads\aspsetup.exe
2015-07-06 21:55 - 2015-07-06 21:55 - 00000000 ____D C:\Program Files (x86)\ESET
2015-07-06 21:54 - 2015-07-06 21:54 - 02870984 _____ (ESET) C:\Users\sweety\Downloads\esetsmartinstaller_csy.exe
2015-07-06 21:46 - 2015-07-06 21:46 - 00001274 _____ C:\Users\sweety\Desktop\全网影视.lnk
2015-07-06 20:32 - 2015-07-06 21:28 - 535520800 _____ C:\Users\sweety\Downloads\James Horner - Titanic (Full Soundtrack).flv
2015-07-02 20:46 - 2015-07-02 20:47 - 00000000 ____D C:\ProgramData\LocalStorage
2015-07-02 20:42 - 2015-07-02 20:42 - 00000000 ____D C:\Users\sweety\.android
2015-07-02 20:41 - 2015-07-06 21:47 - 00000000 ____D C:\Users\sweety\AppData\Roaming\ppslog
2015-07-02 19:50 - 2015-07-02 19:50 - 00000270 __RSH C:\ProgramData\ntuser.pol
2015-07-02 18:50 - 2015-04-09 00:07 - 00410336 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-07-02 18:50 - 2015-04-02 00:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-07-02 18:50 - 2015-04-02 00:30 - 02483712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-07-02 18:50 - 2015-03-20 05:49 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-07-02 18:50 - 2015-03-20 05:08 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-07-02 18:50 - 2015-03-20 04:37 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-07-02 18:50 - 2015-03-20 04:07 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-07-02 18:49 - 2015-05-25 15:23 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-07-02 18:49 - 2015-05-25 15:07 - 01430528 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-07-02 18:49 - 2015-04-16 08:17 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-07-02 18:49 - 2015-04-14 00:37 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2015-07-02 18:49 - 2015-04-14 00:34 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2015-07-02 18:49 - 2015-04-10 02:40 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-07-02 18:49 - 2015-04-10 02:17 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-07-02 18:49 - 2015-04-09 00:41 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll
2015-07-02 18:49 - 2015-04-01 06:21 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-07-02 18:49 - 2015-04-01 06:18 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2015-07-02 18:49 - 2015-04-01 06:17 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2015-07-02 18:49 - 2015-04-01 06:08 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2015-07-02 18:49 - 2015-04-01 05:46 - 03633664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-07-02 18:49 - 2015-04-01 05:17 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-07-02 18:49 - 2015-04-01 05:17 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-07-02 18:49 - 2015-04-01 04:53 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2015-07-02 18:49 - 2015-04-01 04:53 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-07-02 18:49 - 2015-04-01 04:45 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-07-02 18:49 - 2015-04-01 04:45 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2015-07-02 18:49 - 2015-04-01 04:14 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-07-02 18:49 - 2015-04-01 04:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-07-02 18:49 - 2015-03-02 03:43 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2015-07-02 18:49 - 2015-03-02 03:21 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2015-07-02 18:14 - 2015-07-02 18:14 - 00003138 _____ C:\WINDOWS\System32\Tasks\{1B86ABB1-A28C-48A0-852C-6825E8569A58}
2015-07-02 16:25 - 2015-07-02 20:42 - 00000000 ____D C:\Users\sweety\AppData\Local\SysassistByHotWheel
2015-07-02 16:24 - 2015-07-08 09:13 - 00000000 ____D C:\Users\sweety\AppData\Local\Unity
2015-07-02 16:23 - 2015-07-08 09:55 - 00000000 ____D C:\ProgramData\WindowsMangerProtect
2015-07-02 16:22 - 2015-07-06 21:44 - 00000000 ____D C:\IQIYI Video
2015-07-02 16:21 - 2015-07-06 21:57 - 00000000 ____D C:\Users\sweety\AppData\Roaming\IQIYI Video
2015-07-02 16:21 - 2015-07-06 21:44 - 00000000 ____D C:\ProgramData\IQIYI Video
2015-07-02 16:21 - 2015-07-02 16:21 - 00000000 ____D C:\Users\Public\QiYi
2015-07-02 16:21 - 2015-07-02 00:38 - 00048752 _____ (StdLib) C:\WINDOWS\system32\Drivers\{af4544c3-8164-4ea3-8b1f-aae2249b7524}Gw64.sys
2015-07-02 16:18 - 2015-07-02 19:49 - 00000000 ____D C:\Program Files (x86)\Any Angle
2015-07-02 16:16 - 2015-07-08 10:16 - 00002772 _____ C:\WINDOWS\Tasks\42d200f7-5855-4faf-abe6-02555bb02703-5_user.job
2015-07-02 16:16 - 2015-07-08 10:16 - 00002772 _____ C:\WINDOWS\Tasks\42d200f7-5855-4faf-abe6-02555bb02703-5.job
2015-07-02 16:16 - 2015-07-02 16:16 - 00005776 _____ C:\WINDOWS\System32\Tasks\42d200f7-5855-4faf-abe6-02555bb02703-5
2015-07-02 16:15 - 2015-07-08 10:15 - 00004476 _____ C:\WINDOWS\Tasks\42d200f7-5855-4faf-abe6-02555bb02703-4.job
2015-07-02 16:15 - 2015-07-08 10:15 - 00003456 _____ C:\WINDOWS\Tasks\42d200f7-5855-4faf-abe6-02555bb02703-1-7.job
2015-07-02 16:15 - 2015-07-08 10:15 - 00003456 _____ C:\WINDOWS\Tasks\42d200f7-5855-4faf-abe6-02555bb02703-1-6.job
2015-07-02 16:15 - 2015-07-02 16:15 - 00007480 _____ C:\WINDOWS\System32\Tasks\42d200f7-5855-4faf-abe6-02555bb02703-4
2015-07-02 16:15 - 2015-07-02 16:15 - 00006460 _____ C:\WINDOWS\System32\Tasks\42d200f7-5855-4faf-abe6-02555bb02703-1-7
2015-07-02 16:15 - 2015-07-02 16:15 - 00006460 _____ C:\WINDOWS\System32\Tasks\42d200f7-5855-4faf-abe6-02555bb02703-1-6
2015-07-02 16:14 - 2015-07-08 10:14 - 00005500 _____ C:\WINDOWS\Tasks\42d200f7-5855-4faf-abe6-02555bb02703-7.job
2015-07-02 16:14 - 2015-07-02 16:14 - 00008504 _____ C:\WINDOWS\System32\Tasks\42d200f7-5855-4faf-abe6-02555bb02703-7
2015-07-02 16:14 - 2015-07-02 16:14 - 00000000 ____D C:\Program Files (x86)\49db72e9-803a-4bde-bd30-595c8b753e55
2015-07-02 16:13 - 2015-07-02 16:15 - 00000000 ____D C:\Users\sweety\AppData\Local\BrowserHelper
2015-07-02 16:11 - 2015-07-08 10:11 - 00005166 _____ C:\WINDOWS\Tasks\42d200f7-5855-4faf-abe6-02555bb02703-11.job
2015-07-02 16:11 - 2015-07-02 16:11 - 00008170 _____ C:\WINDOWS\System32\Tasks\42d200f7-5855-4faf-abe6-02555bb02703-11
2015-07-02 16:11 - 2015-07-02 16:11 - 00000000 ____D C:\Users\Public\Documents\ShopperPro
2015-07-02 16:10 - 2015-07-07 21:05 - 00002094 _____ C:\WINDOWS\Tasks\42d200f7-5855-4faf-abe6-02555bb02703-10_user.job
2015-07-02 16:09 - 2015-07-07 21:30 - 00000000 ____D C:\Program Files (x86)\Ge-Force
2015-07-02 16:06 - 2015-07-02 16:06 - 00000000 ____D C:\Users\sweety\AppData\Local\CrashRpt
2015-07-02 16:04 - 2015-07-02 16:04 - 00000000 ____D C:\Users\sweety\AppData\Local\Opera Software
2015-07-02 16:03 - 2015-07-02 16:03 - 00003810 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1435845708
2015-07-02 16:03 - 2015-07-02 16:03 - 00000000 ____D C:\Users\sweety\AppData\Roaming\Opera Software
2015-07-02 16:02 - 2015-07-06 21:40 - 00001141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-07-02 16:01 - 2015-07-02 16:01 - 00002281 _____ C:\Users\Default\Desktop\Google Chrome.lnk
2015-07-02 16:01 - 2015-07-02 16:01 - 00002281 _____ C:\Users\Default User\Desktop\Google Chrome.lnk
2015-07-02 16:01 - 2015-07-02 16:01 - 00000000 ____D C:\Program Files (x86)\baidu
2015-07-02 16:00 - 2015-07-02 19:16 - 00000000 ____D C:\Program Files (x86)\Seznam.cz
2015-07-02 15:59 - 2015-07-02 19:55 - 00000000 ____D C:\Program Files (x86)\Opera
2015-07-02 15:57 - 2015-07-02 19:16 - 00000000 ____D C:\Users\sweety\AppData\Roaming\Seznam.cz
2015-07-02 15:56 - 2015-07-02 15:56 - 00002738 _____ C:\WINDOWS\System32\Tasks\PC SpeedUp Service Deactivator
2015-07-02 15:55 - 2015-07-06 21:14 - 00000376 _____ C:\WINDOWS\Tasks\PC SpeedUp Service Deactivator.job
2015-07-02 15:55 - 2015-07-02 18:22 - 00000000 ____D C:\Users\sweety\AppData\Roaming\cpuminer
2015-07-02 15:55 - 2015-07-02 15:55 - 00001115 _____ C:\Users\sweety\Desktop\Zrychleni Pocitace.lnk
2015-07-02 15:55 - 2015-07-02 15:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zrychleni Pocitace
2015-07-02 15:54 - 2015-07-02 15:59 - 00000000 ____D C:\Program Files (x86)\Zrychleni Pocitace
2015-07-02 15:52 - 2015-07-07 17:43 - 00000004 _____ C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-07-02 15:52 - 2015-07-03 18:32 - 00000000 ____D C:\Program Files (x86)\globalUpdate
2015-07-02 15:52 - 2015-07-02 15:52 - 00000000 ____D C:\Users\sweety\AppData\Local\globalUpdate
2015-07-02 15:49 - 2015-07-07 21:03 - 00000000 ____D C:\Program Files (x86)\AppendRunner
2015-07-02 15:47 - 2015-07-02 15:47 - 00000000 ____D C:\ProgramData\17679231924039402068
2015-07-02 15:46 - 2015-07-07 21:03 - 00000000 ____D C:\Program Files (x86)\PriuceLessu
2015-07-02 15:45 - 2015-07-07 21:36 - 00000000 ____D C:\ProgramData\{0ba802db-f0ae-59fb-0ba8-802dbf0a0b6f}
2015-07-02 15:45 - 2015-07-06 21:45 - 00000338 _____ C:\WINDOWS\Tasks\SearchHunt.job
2015-07-01 20:15 - 2015-07-01 20:15 - 00003060 _____ C:\WINDOWS\System32\Tasks\{B5847097-A385-4D84-8E2F-D82E59498F48}
2015-06-30 20:47 - 2015-07-06 13:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-30 20:28 - 2015-04-25 04:34 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2015-06-30 20:28 - 2015-04-25 04:33 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2015-06-30 20:27 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-06-30 20:27 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-06-30 20:26 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-06-30 20:26 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-06-30 20:26 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-06-30 20:26 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-06-30 20:26 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2015-06-30 20:26 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-06-30 20:26 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-06-30 20:26 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-06-30 20:26 - 2015-05-23 04:47 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-06-30 20:26 - 2015-05-23 04:43 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-06-30 20:26 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-06-30 20:26 - 2015-05-23 04:38 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-06-30 20:26 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-06-30 20:26 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-06-30 20:26 - 2015-05-23 04:28 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-06-30 20:26 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-06-30 20:26 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-06-30 20:26 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-06-30 20:26 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-06-30 20:26 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-06-30 20:26 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-06-30 20:26 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-06-30 20:26 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-06-30 20:26 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-06-30 20:26 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-06-30 20:26 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-06-30 20:26 - 2015-05-22 20:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-06-30 20:26 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-06-30 20:26 - 2015-05-22 20:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-06-30 20:26 - 2015-05-22 20:09 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-06-30 20:26 - 2015-05-22 20:08 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-06-30 20:26 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-06-30 20:26 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-06-30 20:26 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-06-30 20:26 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-06-30 20:26 - 2015-05-22 19:49 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-06-30 20:26 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-06-30 20:26 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-06-30 20:23 - 2015-05-21 18:47 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-06-30 11:21 - 2015-06-30 12:10 - 548214020 _____ C:\Users\sweety\Downloads\Latin Dance Aerobic Workout - Latin Dance Fitness - Salsa Class For Beginners.avi
2015-06-30 10:17 - 2015-06-30 10:20 - 00000000 ____D C:\Users\sweety\Downloads\salsa_dvd
2015-06-30 09:05 - 2015-06-30 09:42 - 521519268 _____ C:\Users\sweety\Downloads\Yoga For Back Pain - 30 Minute Back Stretch, Sciatica Pain, & Flexibility Yoga Flow.avi
2015-06-30 08:59 - 2015-06-30 09:51 - 834892516 _____ C:\Users\sweety\Downloads\Yoga for Weight Loss - Balance Practice.avi
2015-06-30 08:57 - 2015-06-30 09:31 - 506362494 _____ C:\Users\sweety\Downloads\Morning Yoga For Weight Loss - 20 Minute Workout Fat Burning Yoga Meltdown Beginner & Intermediate.avi
2015-06-30 08:52 - 2015-06-30 08:55 - 446075904 _____ C:\Users\sweety\Downloads\joga-pro-zacatecniky.avi
2015-06-29 10:30 - 2015-06-29 20:58 - 00008083 _____ C:\Users\sweety\Downloads\conditions-Katerina-Shereen.odt
2015-06-29 09:17 - 2015-06-29 09:17 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-06-22 13:45 - 2015-06-22 15:46 - 1158871822 _____ C:\Users\sweety\Downloads\Králova-řeč-(2010)-(CZ-dub).avi
2015-06-09 13:49 - 2015-06-09 13:49 - 00000000 ____D C:\Users\sweety\AppData\Local\GWX

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-08 10:19 - 2014-12-29 10:16 - 00000000 ____D C:\Users\sweety\AppData\Roaming\Skype
2015-07-08 10:00 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-08 09:52 - 2015-02-09 13:28 - 00000966 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-08 08:43 - 2014-12-29 12:21 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1033858388-2215584304-1103054407-1001
2015-07-08 08:40 - 2015-02-09 13:28 - 00000962 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-07 22:42 - 2013-08-22 16:46 - 00357447 _____ C:\WINDOWS\setupact.log
2015-07-07 22:42 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-07 22:41 - 2014-09-24 09:10 - 00377836 _____ C:\WINDOWS\PFRO.log
2015-07-07 21:07 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-07-07 21:06 - 2015-01-13 18:12 - 02053022 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-07 19:54 - 2014-12-29 08:51 - 00000000 ____D C:\ProgramData\AVAST Software
2015-07-07 17:54 - 2014-09-24 18:23 - 01745984 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-07-07 17:54 - 2014-09-24 17:39 - 00739924 _____ C:\WINDOWS\system32\perfh005.dat
2015-07-07 17:54 - 2014-09-24 17:39 - 00151610 _____ C:\WINDOWS\system32\perfc005.dat
2015-07-07 17:45 - 2014-12-28 22:44 - 00000000 ____D C:\Users\sweety\AppData\Local\VirtualStore
2015-07-06 21:40 - 2015-01-13 19:14 - 00001428 _____ C:\Users\sweety\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-06 21:40 - 2014-12-29 10:47 - 00001165 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-07-06 00:11 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-07-05 12:08 - 2015-04-06 15:28 - 00300704 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-07-02 20:42 - 2015-01-13 18:25 - 00000000 ____D C:\Users\sweety
2015-07-02 20:28 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-07-02 20:17 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-07-02 20:14 - 2015-01-03 12:30 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-07-02 20:07 - 2015-01-03 12:30 - 140135120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-07-02 19:49 - 2014-12-29 10:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-02 19:49 - 2013-08-22 16:44 - 00509128 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-07-02 19:24 - 2013-08-22 17:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2015-07-02 19:14 - 2014-12-29 09:14 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-07-02 18:27 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Common Files\System
2015-07-02 18:24 - 2012-07-26 07:26 - 00000226 _____ C:\WINDOWS\win.ini
2015-07-02 18:23 - 2012-09-22 18:26 - 00000000 ____D C:\Program Files (x86)\AmIcoSingLun
2015-07-02 18:18 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2015-07-02 11:00 - 2013-01-18 03:07 - 00000000 ____D C:\Users\sweety\AppData\Local\Packages
2015-07-01 19:27 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2015-06-30 21:14 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-06-30 19:38 - 2015-04-30 19:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
2015-06-29 11:36 - 2015-01-06 18:11 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-06-29 09:11 - 2015-01-13 18:25 - 00000000 ____D C:\Users\Administrator
2015-06-29 09:11 - 2014-09-24 21:02 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-06-29 09:11 - 2013-08-22 17:36 - 00000000 __RSD C:\WINDOWS\Media
2015-06-29 09:11 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-06-29 09:11 - 2012-09-22 18:30 - 00000000 ____D C:\ProgramData\P4G
2015-06-29 09:10 - 2015-04-07 13:28 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-06-29 09:10 - 2015-02-09 13:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-06-29 09:10 - 2014-12-29 10:51 - 00000000 ____D C:\Users\sweety\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-06-29 09:10 - 2014-12-29 10:15 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-06-29 09:10 - 2014-12-29 10:15 - 00000000 ____D C:\ProgramData\Skype
2015-06-29 09:10 - 2014-12-28 22:43 - 00000000 ____D C:\Users\sweety\AppData\Local\ASUS
2015-06-29 09:10 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-06-29 09:10 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\servicing
2015-06-29 08:53 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\registration
2015-06-29 08:50 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-06-29 07:40 - 2015-04-30 19:55 - 00000000 __SHD C:\Users\sweety\AppData\Local\EmieUserList
2015-06-29 07:40 - 2015-04-30 19:55 - 00000000 __SHD C:\Users\sweety\AppData\Local\EmieSiteList
2015-06-29 07:40 - 2015-04-30 19:55 - 00000000 __SHD C:\Users\sweety\AppData\Local\EmieBrowserModeList
2015-06-22 20:31 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI(21)
2015-06-20 05:02 - 2015-04-22 16:57 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-06-20 05:02 - 2015-04-22 16:57 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-18 09:38 - 2013-01-30 21:39 - 00000000 ____D C:\Users\sweety\Documents\VŠ
2015-06-12 22:17 - 2013-10-24 12:56 - 00000000 ____D C:\Users\sweety\Documents\Bluetooth Folder
2015-06-12 11:50 - 2015-01-16 18:35 - 00000000 ____D C:\Users\sweety\Documents\Recepty
2015-06-08 22:49 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI(241)

==================== Files in the root of some directories =======

2015-07-07 18:25 - 2015-07-07 18:25 - 0000024 _____ () C:\Users\sweety\AppData\Roaming\appdataFr25.bin
2014-12-28 23:38 - 2015-01-24 22:01 - 0000380 _____ () C:\Users\sweety\AppData\Roaming\sp_data.sys
2015-01-23 19:57 - 2015-02-07 18:00 - 0005120 _____ () C:\Users\sweety\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-04 19:37 - 2012-07-30 08:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd
2012-08-04 19:37 - 2009-07-22 12:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe

Some files in TEMP:
====================
C:\Users\sweety\AppData\Local\Temp\AutoRun.exe
C:\Users\sweety\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\sweety\AppData\Local\Temp\EAInstall.dll
C:\Users\sweety\AppData\Local\Temp\GameuxInstallHelper.dll
C:\Users\sweety\AppData\Local\Temp\Harry Potter and the Order of the Phoenix_uninst.exe
C:\Users\sweety\AppData\Local\Temp\InstHelper.exe
C:\Users\sweety\AppData\Local\Temp\IQIYIsetup_l_spl004@kb005.exe
C:\Users\sweety\AppData\Local\Temp\masauto_runxx.dl.dll
C:\Users\sweety\AppData\Local\Temp\masflag_runxx.dl.dll
C:\Users\sweety\AppData\Local\Temp\pcspeedup.exe
C:\Users\sweety\AppData\Local\Temp\ppstreamsetup_unfix.exe
C:\Users\sweety\AppData\Local\Temp\setup.exe
C:\Users\sweety\AppData\Local\Temp\setup3.exe
C:\Users\sweety\AppData\Local\Temp\SkypeSetup.exe
C:\Users\sweety\AppData\Local\Temp\StartMenu.exe
C:\Users\sweety\AppData\Local\Temp\tu17p84.exe
C:\Users\sweety\AppData\Local\Temp\Updater.exe
C:\Users\sweety\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-07-03 21:51

==================== End of log ============================

#2 Příspěvek od **Márty84** » 08 črc 2015 09:05

Zdravim

Az uvidim nejaky log, budu moudrejsi. Muze to byt Keylogger, ale nemusi.

Jinak RSIT se neinstaluje, jen stahne a spusti

Meggie · #3 Příspěvek od **Meggie** » 08 črc 2015 09:42

Log jsem právě vložila, snad je to to, co je potřeba. Omlouvám se, nejsem v tomhle nijak zběhlá, potřebuji to všechno polopatě

#4 Příspěvek od **Márty84** » 08 črc 2015 09:58

Ano, je to ono

Akorat priste needitujte sve prispevky. Nezobrazi se mi to jako nova odpoved a muzu to prehlednout

Stahnete AdwCleaner https://toolslib.net/downloads/finish/1/ a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Cleaning
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner [S?].txt ). Ten mi sem zkopirujte.

Udelejte kontrolu s MBAM. Test nastavte podle tohoto navodu (cili Vlastni sken vsech disku) http://forum.viry.cz/viewtopic.php?f=29&t=144868 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

Meggie · #5 Příspěvek od **Meggie** » 08 črc 2015 11:23

Tady jsou výsledky:

ADW:

# AdwCleaner v4.207 - Log vytvořen 08/07/2015 v 11:17:59
# Aktualizováno 21/06/2015 by Xplode
# Databáze : 2015-07-05.2 [Server]
# Operační system : Windows 8.1 (x64)
# Uživatelské jméno : sweety - PC
# Spuštěno z : C:\Users\sweety\Downloads\adwcleaner_4.207.exe
# Nastavení : Čištění

***** [ Služby ] *****

[#] Služba Smazáno : Update Any Angle
[#] Služba Smazáno : Util Any Angle
Služba Smazáno : {af4544c3-8164-4ea3-8b1f-aae2249b7524}Gw64

***** [ Soubory / Složky ] *****

Složka Smazáno : C:\IQIYI Video
Složka Smazáno : C:\ProgramData\Systweak
Složka Smazáno : C:\ProgramData\WindowsMangerProtect
Složka Smazáno : C:\ProgramData\IQIYI Video
Složka Smazáno : C:\ProgramData\{0ba802db-f0ae-59fb-0ba8-802dbf0a0b6f}
Složka Smazáno : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zrychleni Pocitace
Složka Smazáno : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System~Protector
Složka Smazáno : C:\Users\Public\Documents\ShopperPro
Složka Smazáno : C:\Program Files (x86)\ASP
Složka Smazáno : C:\Program Files (x86)\globalUpdate
Složka Smazáno : C:\Program Files (x86)\Zrychleni Pocitace
Složka Smazáno : C:\Program Files (x86)\Ge-Force
Složka Smazáno : C:\Program Files (x86)\AppendRunner
Složka Smazáno : C:\Program Files (x86)\PriuceLessu
Složka Smazáno : C:\Program Files (x86)\Any Angle
Složka Smazáno : C:\Users\sweety\AppData\Local\Temp\On Stage
Složka Smazáno : C:\Users\sweety\AppData\Local\Temp\Any Angle
Složka Smazáno : C:\Users\sweety\AppData\Local\globalUpdate
Složka Smazáno : C:\Users\sweety\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp
Složka Smazáno : C:\Users\sweety\AppData\Local\BrowserHelper
Složka Smazáno : C:\Users\sweety\AppData\Roaming\Systweak
Složka Smazáno : C:\Users\sweety\AppData\Roaming\IQIYI Video
Složka Smazáno : C:\Users\sweety\AppData\Roaming\cpuminer
Složka Smazáno : C:\Users\sweety\AppData\Roaming\Mozilla\Firefox\Profiles\06wxdfhu.default\Extensions\shoppingassist@ookong.com
Složka Smazáno : C:\Users\sweety\AppData\Roaming\Mozilla\Firefox\Profiles\06wxdfhu.default\Extensions\xUqYmT1@seu.edu
Složka Smazáno : C:\Users\sweety\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja
Složka Smazáno : C:\Users\sweety\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aaaalipaokhkccgmgkdglfinfnfhflko
Složka Smazáno : C:\Users\sweety\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\knlpigpfaognbholppaembpfphilacie
Soubor Smazáno : C:\Users\sweety\AppData\Local\Comodo\Dragon\User Data\Default\Local Storage\chrome-extension_cmaiofennmphjldldcpphcechfnnohja_0.localstorage
Soubor Smazáno : C:\Users\sweety\AppData\Local\Comodo\Dragon\User Data\Default\Local Storage\chrome-extension_cmaiofennmphjldldcpphcechfnnohja_0.localstorage-journal
Soubor Smazáno : C:\Users\sweety\AppData\Local\Comodo\Dragon\User Data\Default\Local Storage\chrome-extension_aaaalipaokhkccgmgkdglfinfnfhflko_0.localstorage
Soubor Smazáno : C:\Users\sweety\AppData\Local\Comodo\Dragon\User Data\Default\Local Storage\chrome-extension_aaaalipaokhkccgmgkdglfinfnfhflko_0.localstorage-journal
Soubor Smazáno : C:\Users\Public\Desktop\Advanced System~Protector.lnk
Soubor Smazáno : C:\Program Files\Common Files\System\SysMenu.dll
Soubor Smazáno : C:\Program Files\Common Files\System\SysMenu64.dll
Soubor Smazáno : C:\WINDOWS\System32\sasnative64.exe
Soubor Smazáno : C:\WINDOWS\System32\drivers\{af4544c3-8164-4ea3-8b1f-aae2249b7524}Gw64.sys
Soubor Smazáno : C:\Program Files (x86)\Mozilla Firefox\browser\defaults\preferences\prefs.js
Soubor Smazáno : C:\Users\sweety\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
Soubor Smazáno : C:\Users\sweety\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal
Soubor Smazáno : C:\Users\sweety\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_eliteunzip.dl.tb.ask.com_0.localstorage
Soubor Smazáno : C:\Users\sweety\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_eliteunzip.dl.tb.ask.com_0.localstorage-journal
Soubor Smazáno : C:\Users\sweety\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_wlogin.icq.com_0.localstorage
Soubor Smazáno : C:\Users\sweety\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_wlogin.icq.com_0.localstorage-journal
Soubor Smazáno : C:\Users\sweety\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.istartsurf.com_0.localstorage
Soubor Smazáno : C:\Users\sweety\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.istartsurf.com_0.localstorage-journal

***** [ Naplánované úlohy ] *****

Úloha Smazáno : PC SpeedUp Service Deactivator
Úloha Smazáno : amiupdaterExd
Úloha Smazáno : amiupdaterExi
Úloha Smazáno : Advanced System~Protector
Úloha Smazáno : Advanced System~Protector_startup
Úloha Smazáno : 42d200f7-5855-4faf-abe6-02555bb02703-1-6
Úloha Smazáno : 42d200f7-5855-4faf-abe6-02555bb02703-1-7
Úloha Smazáno : 42d200f7-5855-4faf-abe6-02555bb02703-10_user
Úloha Smazáno : 42d200f7-5855-4faf-abe6-02555bb02703-11
Úloha Smazáno : 42d200f7-5855-4faf-abe6-02555bb02703-4
Úloha Smazáno : 42d200f7-5855-4faf-abe6-02555bb02703-5
Úloha Smazáno : 42d200f7-5855-4faf-abe6-02555bb02703-5_user
Úloha Smazáno : 42d200f7-5855-4faf-abe6-02555bb02703-7

***** [ Zástupci ] *****

***** [ Registry ] *****

Hodnota Smazáno : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [searchffv2@gmail.com]
Hodnota Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [pcspeedup]
Klíč Smazáno : HKLM\SOFTWARE\Classes\S
Klíč Smazáno : HKLM\SOFTWARE\Classes\speedupmypc
Klíč Smazáno : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Hodnota Smazáno : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [YTDownloader]
Klíč Smazáno : HKCU\Software\Mozilla\Extends
Hodnota Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [YTDownloader]
Klíč Smazáno : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
Klíč Smazáno : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
Klíč Smazáno : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
Klíč Smazáno : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Update Any Angle
Klíč Smazáno : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Util Any Angle
Klíč Smazáno : HKLM\SOFTWARE\100cf5cb-b999-4b96-a8d1-ba26e2b72b8f
Klíč Smazáno : HKLM\SOFTWARE\378d2d71-ceb5-4e4a-b753-b661b04e825d
Klíč Smazáno : HKLM\SOFTWARE\5e0c808d-aafa-b14d-676a-699a9e7f9af3
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{7f11b722}
Klíč Smazáno : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{FB4F6285-4C32-49F2-950F-A5998F9CEC6C}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{085CB97F-6D0B-487D-B94C-E11A736C38CE}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{307B3CDB-9EE3-4137-9D18-F9AD6537ECEB}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{CF3CDEFB-31BE-43AE-B064-B9C62C883259}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{D96C1D26-5CDF-4506-9244-57233C3984DF}
Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{D96C1D26-5CDF-4506-9244-57233C3984DF}
Klíč Smazáno : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Klíč Smazáno : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Klíč Smazáno : HKLM\SOFTWARE\Classes\TypeLib\{B6360BD3-5CD0-40D3-BD87-DAFF37889F50}
Klíč Smazáno : HKLM\SOFTWARE\Classes\TypeLib\{E1D75F62-CBBD-45C7-9D1D-6B5ECEC2E006}
Klíč Smazáno : HKLM\SOFTWARE\Classes\TypeLib\{E6F928E4-B672-4F3A-8CA2-53C4259235DE}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FB4F6285-4C32-49F2-950F-A5998F9CEC6C}
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB4F6285-4C32-49F2-950F-A5998F9CEC6C}
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FB4F6285-4C32-49F2-950F-A5998F9CEC6C}
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E6A8DA1-1731-465B-B036-B9E16EF26CAC}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E6BE0FB-8B18-4DFC-959F-233651CC4D7F}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2E6A8DA1-2731-465B-B036-B9E16EF26CAC}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAC94FEE-45B4-4FD4-9EEA-D8978EC96C6E}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\CLSID\{085CB97F-6D0B-487D-B94C-E11A736C38CE}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\CLSID\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\CLSID\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{D96C1D26-5CDF-4506-9244-57233C3984DF}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E6A8DA1-1731-465B-B036-B9E16EF26CAC}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2E6A8DA1-2731-465B-B036-B9E16EF26CAC}
Data Obnoveno : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Klíč Smazáno : HKCU\Software\GlobalUpdate
Klíč Smazáno : HKCU\Software\Speedchecker Limited
Klíč Smazáno : HKCU\Software\systweak
Klíč Smazáno : HKCU\Software\Reimage
Klíč Smazáno : HKCU\Software\Ge-Force
Klíč Smazáno : HKCU\Software\YorkNewCin
Klíč Smazáno : HKCU\Software\HighDefAction
Klíč Smazáno : HKCU\Software\ArenaHD
Klíč Smazáno : HKCU\Software\AppDataLow\Software\Crossrider
Klíč Smazáno : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Klíč Smazáno : HKLM\SOFTWARE\GlobalUpdate
Klíč Smazáno : HKLM\SOFTWARE\istartsurfSoftware
Klíč Smazáno : HKLM\SOFTWARE\Speedchecker Limited
Klíč Smazáno : HKLM\SOFTWARE\supWindowsMangerProtect
Klíč Smazáno : HKLM\SOFTWARE\systweak
Klíč Smazáno : HKLM\SOFTWARE\Uniblue
Klíč Smazáno : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Klíč Smazáno : HKLM\SOFTWARE\YorkNewCin
Klíč Smazáno : HKLM\SOFTWARE\HighDefAction
Klíč Smazáno : HKLM\SOFTWARE\ArenaHD
Klíč Smazáno : HKLM\SOFTWARE\FFPluginHp
Klíč Smazáno : HKLM\SOFTWARE\Any Angle
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IQIYI Video
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{75F9BF4A-AF67-A478-A37B-31D73186D3F3}
Klíč Smazáno : [x64] HKLM\SOFTWARE\ShopperPro
Klíč Smazáno : [x64] HKLM\SOFTWARE\Speedchecker Limited
Klíč Smazáno : [x64] HKLM\SOFTWARE\Reimage
Klíč Smazáno : [x64] HKLM\SOFTWARE\YorkNewCin
Klíč Smazáno : [x64] HKLM\SOFTWARE\HighDefAction
Klíč Smazáno : [x64] HKLM\SOFTWARE\ArenaHD
Klíč Smazáno : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCSU-SL_is1
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\globalupdate.exe

***** [ Prohlížeče ] *****

-\\ Internet Explorer v11.0.9600.17840

Nastavení Obnoveno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Nastavení Obnoveno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Nastavení Obnoveno : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Nastavení Obnoveno : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v38.0.5 (x86 cs)

[06wxdfhu.default\prefs.js] - Řádek Smazáno : user_pref("browser.search.searchengine.alias", "istartsurf");
[06wxdfhu.default\prefs.js] - Řádek Smazáno : user_pref("browser.search.searchengine.iconURL", "hxxp://www.istartsurf.com/favicon.ico");
[06wxdfhu.default\prefs.js] - Řádek Smazáno : user_pref("browser.search.searchengine.name", "istartsurf");
[06wxdfhu.default\prefs.js] - Řádek Smazáno : user_pref("browser.search.searchengine.url", "hxxp://www.istartsurf.com/web/?type=ds&ts=1435 ... 57LEX&q={s[...]

-\\ Google Chrome v43.0.2357.130

-\\ Comodo Dragon v33.1.0.1

[C:\Users\sweety\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Smazáno [Search Provider] : hxxp://search.ask.com/web?o=APN10257&doi=2014-12-29&apn_dtid=%5ECMD127%5EYY%5EUS&apn_ptnrs=%5EAGO&q={searchTerms}

-\\ Opera v30.0.1835.88

*************************

AdwCleaner[R0].txt - [16914 bytů] - [08/07/2015 11:10:15]
AdwCleaner[S0].txt - [14692 bytů] - [08/07/2015 11:17:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14751 bytů] ##########

MBAM připíšu, až bude, skenuje se přes hodinu, docela to trvá. Děkuju

#6 Příspěvek od **Márty84** » 08 črc 2015 21:39

Meggie píše:MBAM připíšu, až bude, skenuje se přes hodinu, docela to trvá. Děkuju

Sken byva dlouhy, ale dukladny, takze se vyplati vydrzet az do konce. Pokud to bude mozne, tak v pripade, ze MBAM neco najde, bylo by idelani nezavirat ho, jen minimalizovat na listu, nez zkouknu vysledky. Kdybychom nalezy mazali, musela byste test delat znovu.

Meggie · #7 Příspěvek od **Meggie** » 09 črc 2015 06:48

Dobré ráno

zde jsou výsledky MBAM, je to ale zvláštní, normálně ve vlastním okně mám 60 hrozeb (potenciálně nežádoucích programů). Co teď s tím? Děkuji moc

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 9. 7. 2015
Čas skenování: 5:43
Protokol: MBAM.txt
Správce: Ano

Verze: 0.0.0.0000
Databáze malwaru: v2015.07.08.08
Databáze rootkitů: v2015.07.07.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto

OS: Windows 8.1
CPU: x64
Souborový systém: NTFS
Uživatel: sweety

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 413039
Uplynulý čas: 32 min, 47 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 0
(Nenalezeny žádné škodlivé položky)

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)

(end)

#8 Příspěvek od **Márty84** » 09 črc 2015 08:11

Jelikoz nevidim, co to jsou za hrozby, nemuzu vam s jistotou rict, jestli vse smazat ci ne. Tech falesnych poplachu je minimum, ale obcas jsou. Ale kdyz vse nechate odstranit, melo by se to dat do karanteny a od tama to jde vytahnout, kdyby nahodou.
Dalsi moznost je vyfotit ty vysledky a poslat jako obrazek

Nicmene sken nebyl nastaven podle navodu. Byl to jen Sken hrozeb a ten nekontroluje cely pocitac. Ja chtel Vlastni sken

Meggie · #9 Příspěvek od **Meggie** » 09 črc 2015 11:05

Dobře, asi jsem to musela přehlídnout, udělám sken znova a pak pošlu výsledky, případně fotky s hrozbami.

Ještě mám ale jiný problém, dneska jsem skoro nemohla zapnout pc. Vždycky, když jsem to tlačítkem chtěla spustit, kontrolky jen probliknuly, zůstala svítit jen první kontrolka a obrazovka se vůbec nerozsvítila. Zkoušela jsem vyndat baterku, zkontrolovala vypínač i kabel od napájení, vše je v pořádku. Asi na 20 pokus jsem to nakonec zapnula a objevilo se mi okno APTIO SETUP UTILITY, kde jsem musela přijmout konfiguraci, aby se mi to vůbec zapnulo. Co s tím mám udělat? Není to poprvé, zlobí to takhle už asi měsíc.

Díky moc!

Meggie · #10 Příspěvek od **Meggie** » 09 črc 2015 14:05

Tak posílám výsledek skenování, snad už to bude dobře teď. Díky!

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 9. 7. 2015
Čas skenování: 9:45
Protokol: MBAM.txt
Správce: Ano

Verze: 2.1.8.1057
Databáze malwaru: v2015.07.09.01
Databáze rootkitů: v2015.07.07.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto

OS: Windows 8.1
CPU: x64
Souborový systém: NTFS
Uživatel: sweety

Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 602610
Uplynulý čas: 3 hod, 53 min, 45 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Zapnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 10
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, , [55604f90ddad32044c3d523a39cbdd23],
PUP.Optional.GeForce.A, HKLM\SOFTWARE\WOW6432NODE\Ge-Force-nv, , [3580f3ec1f6b51e5f7a491ef8084a858],
PUP.Optional.CrossRider.C, HKLM\SOFTWARE\WOW6432NODE\APPDATALOW\SOFTWARE\Crossrider, , [8e27ebf42e5cbe78050552afa85b29d7],
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE, , [783dba25cdbde2544742aede25dfcd33],
PUP.Optional.Sense.A, HKU\S-1-5-18\SOFTWARE\Sense-nv, , [664f05da3852da5cf836f889788ced13],
PUP.Optional.Sense.A, HKU\S-1-5-18\SOFTWARE\Sense-nv-ie, , [05b07b64dbaf280ede505130927206fa],
PUP.Optional.Crossrider.C, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\_CrossriderRegNamePlaceHolder_, , [bcf98b54583278be3e05adda897b57a9],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1033858388-2215584304-1103054407-1001\SOFTWARE\Cinem Plus 2.4cV02.07-nv-ie, , [09aca23da3e771c5df9f848753b0f10f],
PUP.Optional.GeForce.A, HKU\S-1-5-21-1033858388-2215584304-1103054407-1001\SOFTWARE\Ge-Force-nv-ie, , [2b8acc134842ee48376598e81fe58779],
PUP.Optional.Sense.A, HKU\S-1-5-21-1033858388-2215584304-1103054407-1001\SOFTWARE\Sense-nv-ie, , [4075c21dddad64d279b5720f2bd9669a],

Hodnoty registru: 2
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, , [55604f90ddad32044c3d523a39cbdd23]
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, , [783dba25cdbde2544742aede25dfcd33]

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 5
PUP.Optional.GlobalUpdate.A, C:\Users\sweety\AppData\Local\Temp\comh.18694, , [14a1e7f8ec9e74c244b424bb7c8619e7],
PUP.Optional.GlobalUpdate.A, C:\Users\sweety\AppData\Local\Temp\comh.197238, , [a213d00f0d7d0a2c68903ea1b34f649c],
PUP.Optional.GlobalUpdate.A, C:\Users\sweety\AppData\Local\Temp\comh.387121, , [6253e2fd602a84b29e5aca159b6749b7],
PUP.Optional.GlobalUpdate.A, C:\Users\sweety\AppData\Local\Temp\comh.434626, , [9c197c632e5cbb7bea0e9b442bd7a55b],
PUP.Optional.GlobalUpdate.A, C:\Users\sweety\AppData\Local\Temp\comh.78810, , [f2c367787c0e221472865887a75b1ee2],

Soubory: 28
PUP.Optional.PCSpeedUp.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\Zrychleni Pocitace\PCSpeedUp.sys.vir, , [ddd88a55cebc9e981e9604a74db459a7],
PUP.Optional.PCSpeedUp.A, C:\AdwCleaner\Quarantine\C\Program Files (x86)\Zrychleni Pocitace\PCSUUCC.exe.vir, , [367f0bd40c7e4bebc0f4d8d312ef14ec],
PUP.Optional.TriangleTrail.A, C:\AdwCleaner\Quarantine\C\Users\sweety\AppData\Local\Temp\On Stage\Setup.exe.vir, , [526317c84e3c8ea887142f2f9f6647b9],
PUP.Optional.AnyAngle.A, C:\AdwCleaner\Quarantine\C\WINDOWS\System32\drivers\{af4544c3-8164-4ea3-8b1f-aae2249b7524}Gw64.sys.vir, , [e7ce08d7ccbe3cfa23c78fce15f017e9],
PUP.Optional.APNToolBar.A, C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Package\Ask\AskPIP_FF_.exe, , [81345b84c1c988ae7c19495d01006898],
PUP.Optional.TriangleTrail.A, C:\Users\sweety\AppData\Local\Temp\setup.exe, , [763f2cb32763e6505b409ac461a43fc1],
PUP.Optional.ModGoog, C:\Users\sweety\AppData\Local\Temp\comh.18694\goopdate.dll, , [a60f835c187247efca018608d72a13ed],
PUP.Optional.ModGoog, C:\Users\sweety\AppData\Local\Temp\comh.18694\goopdateres_en.dll, , [b7feebf4197158dee0eb543a946d2dd3],
PUP.Optional.ModGoog, C:\Users\sweety\AppData\Local\Temp\comh.197238\goopdate.dll, , [64515887c8c2bf7799324b4306fbe31d],
PUP.Optional.ModGoog, C:\Users\sweety\AppData\Local\Temp\comh.197238\goopdateres_en.dll, , [872e1bc4c7c3c670d3f8e6a836cbd62a],
PUP.Optional.ModGoog, C:\Users\sweety\AppData\Local\Temp\comh.387121\goopdate.dll, , [b104805f4446300608c3dab4c04130d0],
PUP.Optional.ModGoog, C:\Users\sweety\AppData\Local\Temp\comh.387121\goopdateres_en.dll, , [55608a5593f7e15517b4543aa75ac739],
PUP.Optional.ModGoog, C:\Users\sweety\AppData\Local\Temp\comh.434626\goopdate.dll, , [6a4b449b6e1c5bdb4685a6e8728f16ea],
PUP.Optional.ModGoog, C:\Users\sweety\AppData\Local\Temp\comh.434626\goopdateres_en.dll, , [f8bd0ed1593190a66c5f5e30ab56e21e],
PUP.Optional.ModGoog, C:\Users\sweety\AppData\Local\Temp\comh.78810\goopdate.dll, , [a0157e617f0baa8cbb10424ccf32ae52],
PUP.Optional.ModGoog, C:\Users\sweety\AppData\Local\Temp\comh.78810\goopdateres_en.dll, , [10a5e7f8a8e2dd59a4276925956c47b9],
PUP.Optional.GeForce.A, C:\Users\sweety\AppData\Local\Temp\Install_26714\ins_geforce.exe, , [3b7a15ca06844fe7230c562de71ae21e],
PUP.Optional.MultiPlug.A, C:\Windows\Temp\_avast_\unp49533430.tmp, , [45707c63ccbe26105e4cd3e430d10bf5],
PUP.Optional.AppDataFR.A, C:\Users\sweety\AppData\Roaming\appdataFr25.bin, , [7d389b442d5db77f73f816e84bb710f0],
PUP.Optional.BoostSaves.A, C:\Users\sweety\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage, , [bff600df593169cdb96fe133748f4bb5],
PUP.Optional.BoostSaves.A, C:\Users\sweety\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage-journal, , [af06db04f89252e49a8e16fe7192b64a],
PUP.Optional.Boost.A, C:\Users\sweety\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage, , [15a0a23d414987afc9713ded5fa4ba46],
PUP.Optional.Boost.A, C:\Users\sweety\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage-journal, , [6c49af30a8e22c0a72c8a882a26114ec],
PUP.Optional.GlobalUpdate.A, C:\Users\sweety\AppData\Local\Temp\comh.18694\globalupdateHelper.msi, , [14a1e7f8ec9e74c244b424bb7c8619e7],
PUP.Optional.GlobalUpdate.A, C:\Users\sweety\AppData\Local\Temp\comh.197238\globalupdateHelper.msi, , [a213d00f0d7d0a2c68903ea1b34f649c],
PUP.Optional.GlobalUpdate.A, C:\Users\sweety\AppData\Local\Temp\comh.387121\globalupdateHelper.msi, , [6253e2fd602a84b29e5aca159b6749b7],
PUP.Optional.GlobalUpdate.A, C:\Users\sweety\AppData\Local\Temp\comh.434626\globalupdateHelper.msi, , [9c197c632e5cbb7bea0e9b442bd7a55b],
PUP.Optional.GlobalUpdate.A, C:\Users\sweety\AppData\Local\Temp\comh.78810\globalupdateHelper.msi, , [f2c367787c0e221472865887a75b1ee2],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)

(end)

#11 Příspěvek od **Márty84** » 09 črc 2015 20:35

Vyborne, vsechny nalezy nechte odstranit, pak MBAM odinstalujte.

Stahnete crystal disk info http://sourceforge.jp/projects/crystald ... 5_0_0.zip/
Spustte jako spravce. Za chvili se zobrazi vysledek.
Kliknete nahore na napis Úpravy a pak na napis Kopírovat. To co se zkopiruje (ulozi se to do pameti) mi sem vlozte (ctrl + V)

Meggie · #12 Příspěvek od **Meggie** » 10 črc 2015 07:26

Tak tady to je

----------------------------------------------------------------------------
CrystalDiskInfo 5.0.0 (C) 2008-2012 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows 8 [6.2 Build 9200] (x64)
Date : 2015/07/10 8:25:18

-- Controller Map ----------------------------------------------------------
+ Intel(R) 7 Series Chipset Family SATA AHCI Controller [ATA]
- ST320LT020-9YG142
- HL-DT-ST DVDRAM
- Řadič prostorů úložišť [SCSI]

-- Disk List ---------------------------------------------------------------
(1) ST320LT020-9YG142 : 320,0 GB [0/0/0, pd1] - st

----------------------------------------------------------------------------
(1) ST320LT020-9YG142
----------------------------------------------------------------------------
Model : ST320LT020-9YG142
Firmware : 0001SDM1
Serial Number : W0Q57LEX
Disk Size : 320,0 GB (8,4/137,4/320,0)
Buffer Size : 16384 KB
Queue Depth : 32
# of Sectors : 625142448
Rotation Rate : 5400 RPM
Interface : Serial ATA
Major Version : ATA8-ACS
Minor Version : ATA8-ACS version 4
Transfer Mode : SATA/300
Power On Hours : 5418 hod.
Power On Count : 3751 krát
Host Reads : 1542 GB
Host Writes : 370 GB
Temparature : 36 C (96 F)
Health Status : Dobrý
Features : S.M.A.R.T., APM, 48bit LBA, NCQ
APM Level : 8080h [ON]
AAM Level : ----

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 114 _99 __6 0000040D0AC0 Počet chyb čtení
03 _99 _99 _85 000000000000 Čas na roztočení ploten
04 _97 _97 _20 000000000EC6 Počet spuštění/zastavení
05 100 100 _36 000000000000 Počet přemapovaných sektorů
07 _84 _60 _30 00000F41B110 Počet chybných hledání
09 _94 _94 __0 00000000152A Hodin v činnosti
0A 100 100 _97 000000000000 Počet opakovaných pokusů o roztočení ploten
0C _97 _97 _20 000000000EA7 Počet cyklů zapnutí zařízení
B8 100 100 _99 000000000000 Ukončovacích chyb
BB 100 100 __0 000000000000 Ohlášeno neopravitelných chyb
BC 100 _98 __0 00000000000B Časový limit příkazu
BD 100 100 __0 000000000000 Vysoká rychlost zápisu
BE _64 _50 _45 000024170024 Teplota toku vzduchu
BF 100 100 __0 00000000010D Počet udalostí zaznamenaných otřesovým senzorem
C0 100 100 __0 0000000000E2 Počet vypnutí disku
C1 _54 _54 __0 00000001692F Počet cyklů načítání/vymazání
C2 _36 _50 __0 000E00000024 Teplota
C3 _51 _39 __0 0000040D0AC0 Počet oprav chybného čtení
C5 100 100 __0 000000000000 Počet podezřelých sektorů
C6 100 100 __0 000000000000 Počet neopravitelných sektorů
C7 200 200 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA
F0 100 253 __0 AEEE00001412 Čas nastavování hlaviček - v hodinách
F1 100 253 __0 00002E5063F6 Total LBAs Written
F2 100 253 __0 0000C0DA3ACE Total LBAs Read
FA __1 __1 __0 000000005A43 Počet chyb po dobu čtení z disku
FB 100 __1 __0 00000000030A Specifický pro výrobce
FC 100 __1 __0 000000000132 Specifický pro výrobce
FE 100 100 __0 000000000000 Ochrana proti pádu

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 0C5A 3FFF C837 0010 0000 003F 003F 0000 0000 0000
010: 2020 2020 2020 2020 2020 5730 5730 5135 374C 4558
020: 0000 8000 0004 3030 3031 4D31 4D31 5354 3332 304C
030: 5430 3230 2D39 5947 3134 2020 2020 2020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 0000 2F00
050: 4000 0200 0200 0007 3FFF 003F 003F FC10 00FB 0110
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 0F06 0F06 0000 0048 0048
080: 01F0 0029 746B 7D09 61E3 BC09 BC09 61E3 207F 0027
090: 0027 8080 FFFE 0000 D000 0000 0000 0000 0000 0000
100: EAB0 2542 0000 0000 0000 6003 6003 0000 5000 C500
110: 5345 7B9C 0000 0000 0000 0000 0000 0000 0000 401E
120: 401C 0000 0000 0000 0000 0000 0000 0000 0029 EAB0
130: 2542 EAB0 2542 2020 0002 0108 0108 5000 3C06 3C0A
140: 0000 0078 0000 0008 0000 007F 007F 0280 0000 0000
150: 0008 0000 0000 0000 0000 0000 0000 0000 5600 8060
160: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 303F 303F 0000 0000 4000
210: 0000 0000 0000 0000 0000 0000 0000 1518 0000 0000
220: 0000 0000 1010 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 7FA5

#13 Příspěvek od **Márty84** » 10 črc 2015 07:33

Disk hlasi dost chyb, i to muze byt pricina potizi. Uvidime po docisteni.

Dejte log z RSITx64 http://images.malwareremoval.com/random/RSITx64.exe , navod zde http://forum.viry.cz/viewtopic.php?f=13&t=130786

a k tomu

Dejte logy podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100 - vypnete na chvili antivir, je mozne, ze to bude blokovat jako skodnou, ale pouzivame to porad, jedna se o falesny poplach

Meggie · #14 Příspěvek od **Meggie** » 10 črc 2015 08:02

Logy:

Logfile of random's system information tool 1.10 (written by random/random)
Run by sweety at 2015-07-10 08:51:29
Microsoft Windows 8.1
System drive C: has 65 GB (53%) free of 122 GB
Total RAM: 1932 MB (12% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:52:14, on 10. 7. 2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\sweety.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkID= ... n.com&OSP=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe /S
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [StartMenu] C:\Users\sweety\AppData\Roaming\StartMenu\StartMenu.exe
O4 - HKCU\..\Run: [ShowDesktopAsRun] C:\Users\sweety\AppData\Roaming\StartMenu\desktop.scf
O4 - HKCU\..\Run: [apphide] C:\Program Files (x86)\baidu\baidu.exe
O4 - HKCU\..\Run: [HCDNClient] "C:\IQIYI Video\Common\QyKernel.exe" -shell_start
O4 - Global Startup: AsusVibeLauncher.lnk = C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ASUS InstantOn Service (ASUS InstantOn) - ASUS - C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
O23 - Service: AtherosSvc - Qualcomm Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: COMODO Dragon Update Service (DragonUpdater) - Comodo Security Solutions, Inc. - C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @oem21.inf,%ViaKaraokeSrv.SvcDesc%;VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\WINDOWS\system32\viakaraokesrv.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

--
End of file - 11338 bytes

======Listing Processes======

wininit.exe

C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k NetworkService
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe"
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe"
"C:\Program Files (x86)\Bluetooth Suite\adminservice.exe"
"C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe" /service
C:\WINDOWS\System32\svchost.exe -k utcsvc
"C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe"
dashost.exe {cbf98f8e-59af-4ba9-91afded702c74f02}
"C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe"
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\viakaraokesrv.exe
"C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe"
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\NGenTask.exe" /RuntimeWide /StopEvent:864
\??\C:\WINDOWS\system32\conhost.exe 0x4
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"

C:\WINDOWS\System32\WinLogon.exe -SpecialSession
-hiberboot
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe"
"C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe"
C:\WINDOWS\Explorer.EXE
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe" /starttray
taskhostex.exe
"C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe"
"C:\Program Files\ASUS\P4G\BatteryLife.exe"
KBFiltr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
"C:\WINDOWS\system32\GWX\GWX.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe"
C:\WINDOWS\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe"
"C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe"
"C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe"
"C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe"
"C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe"
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files (x86)\Bluetooth Suite\BtTray.exe"
"C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
"C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"
"C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
"C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe"
C:\WINDOWS\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="3044.0.582817639\1239652886" --supports-dual-gpus=false --gpu-driver-bug-workarounds=2,21,44 --gpu-vendor-id=0x8086 --gpu-device-id=0x0106 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=9.17.10.3347 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --test-type --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BackgroundRendererProcesses/AllowIdleFromBrowser2/*BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Enabled/ChromeDashboard/Default/*ChromeSuggestions/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Enabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/ControlEnforce/*ExtensionInstallVerification/Enforce/GoogleNow/Enable/*IconNTP/Default/*LoadStaleCacheExperiment/Primary/*LocalNTPFast/Enabled/*NewProfileManagement/Enabled/*PasswordGeneration/Enabled/PasswordLinkInSettings/Disabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/*SdchPersistence/Enabled/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SyncBackingDatabase32K/Enabled/ThrottleExtensionBackgroundPages/ThrottlePersistent/*UMA-Dynamic-Binary-Uniformity-Trial/group_01/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_18/*UMA-Uniformity-Trial-10-Percent/group_03/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_01/*UMA-Uniformity-Trial-5-Percent/group_02/*UMA-Uniformity-Trial-50-Percent/group_01/UMAInitialMetricsTiming/Enabled/*UseDelayAgnosticAEC/Disabled/*VoiceTrigger/Install/*WebRTC-ScreencastTargetBitrateOvershoot/Enabled/*WebRTC-SupportVP9/Default/WebRTC-UDPSocketNonBlockingIO/Disabled/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --show-saved-copy=primary --extensions-on-chrome-urls --enable-pinch --device-scale-factor=1 --font-cache-shared-mem-suffix=3044 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=1 --use-image-texture-target=3553 --channel="3044.2.580488639\1775861461" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --test-type --enable-deferred-image-decoding --lang=cs --force-fieldtrials="*BackgroundRendererProcesses/AllowIdleFromBrowser2/*BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Enabled/ChromeDashboard/Default/*ChromeSuggestions/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Enabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/ControlEnforce/*ExtensionInstallVerification/Enforce/GoogleNow/Enable/*IconNTP/Default/*LoadStaleCacheExperiment/Primary/*LocalNTPFast/Enabled/*NewProfileManagement/Enabled/*PasswordGeneration/Enabled/PasswordLinkInSettings/Disabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/*SdchPersistence/Enabled/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SyncBackingDatabase32K/Enabled/*ThrottleExtensionBackgroundPages/ThrottlePersistent/*UMA-Dynamic-Binary-Uniformity-Trial/group_01/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_18/*UMA-Uniformity-Trial-10-Percent/group_03/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_01/*UMA-Uniformity-Trial-5-Percent/group_02/*UMA-Uniformity-Trial-50-Percent/group_01/UMAInitialMetricsTiming/Enabled/*UseDelayAgnosticAEC/Disabled/*VoiceTrigger/Install/*WebRTC-ScreencastTargetBitrateOvershoot/Enabled/*WebRTC-SupportVP9/Default/WebRTC-UDPSocketNonBlockingIO/Disabled/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --show-saved-copy=primary --extensions-on-chrome-urls --enable-pinch --device-scale-factor=1 --font-cache-shared-mem-suffix=3044 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=1 --use-image-texture-target=3553 --channel="3044.3.226192577\325086730" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --test-type --enable-deferred-image-decoding --lang=cs --force-fieldtrials="*BackgroundRendererProcesses/AllowIdleFromBrowser2/*BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Enabled/ChromeDashboard/Default/*ChromeSuggestions/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Enabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/ControlEnforce/*ExtensionInstallVerification/Enforce/GoogleNow/Enable/*IconNTP/Default/*LoadStaleCacheExperiment/Primary/*LocalNTPFast/Enabled/*NewProfileManagement/Enabled/*PasswordGeneration/Enabled/PasswordLinkInSettings/Disabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/*SdchPersistence/Enabled/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SyncBackingDatabase32K/Enabled/*ThrottleExtensionBackgroundPages/ThrottlePersistent/*UMA-Dynamic-Binary-Uniformity-Trial/group_01/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_18/*UMA-Uniformity-Trial-10-Percent/group_03/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_01/*UMA-Uniformity-Trial-5-Percent/group_02/*UMA-Uniformity-Trial-50-Percent/group_01/UMAInitialMetricsTiming/Enabled/*UseDelayAgnosticAEC/Disabled/*VoiceTrigger/Install/*WebRTC-ScreencastTargetBitrateOvershoot/Enabled/*WebRTC-SupportVP9/Default/WebRTC-UDPSocketNonBlockingIO/Disabled/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --show-saved-copy=primary --extensions-on-chrome-urls --enable-pinch --device-scale-factor=1 --font-cache-shared-mem-suffix=3044 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=1 --use-image-texture-target=3553 --channel="3044.4.1975199887\896684627" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --test-type --enable-deferred-image-decoding --lang=cs --force-fieldtrials="*BackgroundRendererProcesses/AllowIdleFromBrowser2/*BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Enabled/ChromeDashboard/Default/*ChromeSuggestions/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Enabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/ControlEnforce/*ExtensionInstallVerification/Enforce/GoogleNow/Enable/*IconNTP/Default/*LoadStaleCacheExperiment/Primary/*LocalNTPFast/Enabled/*NewProfileManagement/Enabled/*PasswordGeneration/Enabled/PasswordLinkInSettings/Disabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/*SdchPersistence/Enabled/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*SyncBackingDatabase32K/Enabled/*ThrottleExtensionBackgroundPages/ThrottlePersistent/*UMA-Dynamic-Binary-Uniformity-Trial/group_01/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_18/*UMA-Uniformity-Trial-10-Percent/group_03/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_01/*UMA-Uniformity-Trial-5-Percent/group_02/*UMA-Uniformity-Trial-50-Percent/group_01/UMAInitialMetricsTiming/Enabled/*UseDelayAgnosticAEC/Disabled/*VoiceTrigger/Install/*WebRTC-ScreencastTargetBitrateOvershoot/Enabled/*WebRTC-SupportVP9/Default/WebRTC-UDPSocketNonBlockingIO/Disabled/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --show-saved-copy=primary --extensions-on-chrome-urls --enable-pinch --device-scale-factor=1 --font-cache-shared-mem-suffix=3044 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=1 --use-image-texture-target=3553 --channel="3044.7.740812383\819080730" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --test-type --enable-deferred-image-decoding --lang=cs --force-fieldtrials="*BackgroundRendererProcesses/AllowIdleFromBrowser2/*BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Enabled/ChromeDashboard/Default/*ChromeSuggestions/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Enabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/ControlEnforce/*ExtensionInstallVerification/Enforce/GoogleNow/Enable/*IconNTP/Default/*LoadStaleCacheExperiment/Primary/*LocalNTPFast/Enabled/*NewProfileManagement/Enabled/*PasswordGeneration/Enabled/PasswordLinkInSettings/Disabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/*SdchPersistence/Enabled/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*SyncBackingDatabase32K/Enabled/*ThrottleExtensionBackgroundPages/ThrottlePersistent/*UMA-Dynamic-Binary-Uniformity-Trial/group_01/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_18/*UMA-Uniformity-Trial-10-Percent/group_03/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_01/*UMA-Uniformity-Trial-5-Percent/group_02/*UMA-Uniformity-Trial-50-Percent/group_01/UMAInitialMetricsTiming/Enabled/*UseDelayAgnosticAEC/Disabled/*VoiceTrigger/Install/*WebRTC-ScreencastTargetBitrateOvershoot/Enabled/*WebRTC-SupportVP9/Default/WebRTC-UDPSocketNonBlockingIO/Disabled/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --show-saved-copy=primary --extensions-on-chrome-urls --enable-pinch --device-scale-factor=1 --font-cache-shared-mem-suffix=3044 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=1 --use-image-texture-target=3553 --channel="3044.8.1742319935\1168254917" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --test-type --enable-deferred-image-decoding --lang=cs --force-fieldtrials="*BackgroundRendererProcesses/AllowIdleFromBrowser2/*BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Enabled/ChromeDashboard/Default/*ChromeSuggestions/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Enabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/ControlEnforce/*ExtensionInstallVerification/Enforce/GoogleNow/Enable/*IconNTP/Default/*LoadStaleCacheExperiment/Primary/*LocalNTPFast/Enabled/*NewProfileManagement/Enabled/*PasswordGeneration/Enabled/PasswordLinkInSettings/Disabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/*SdchPersistence/Enabled/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*SyncBackingDatabase32K/Enabled/*ThrottleExtensionBackgroundPages/ThrottlePersistent/*UMA-Dynamic-Binary-Uniformity-Trial/group_01/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_18/*UMA-Uniformity-Trial-10-Percent/group_03/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_01/*UMA-Uniformity-Trial-5-Percent/group_02/*UMA-Uniformity-Trial-50-Percent/group_01/UMAInitialMetricsTiming/Enabled/*UseDelayAgnosticAEC/Disabled/*VoiceTrigger/Install/*WebRTC-ScreencastTargetBitrateOvershoot/Enabled/*WebRTC-SupportVP9/Default/WebRTC-UDPSocketNonBlockingIO/Disabled/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --show-saved-copy=primary --extensions-on-chrome-urls --enable-pinch --device-scale-factor=1 --font-cache-shared-mem-suffix=3044 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=1 --use-image-texture-target=3553 --channel="3044.9.763388053\1128077931" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --test-type --enable-deferred-image-decoding --lang=cs --force-fieldtrials="*BackgroundRendererProcesses/AllowIdleFromBrowser2/*BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Enabled/ChromeDashboard/Default/*ChromeSuggestions/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Enabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/ControlEnforce/*ExtensionInstallVerification/Enforce/GoogleNow/Enable/*IconNTP/Default/*LoadStaleCacheExperiment/Primary/*LocalNTPFast/Enabled/*NewProfileManagement/Enabled/*PasswordGeneration/Enabled/PasswordLinkInSettings/Disabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/*SdchPersistence/Enabled/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*SyncBackingDatabase32K/Enabled/*ThrottleExtensionBackgroundPages/ThrottlePersistent/*UMA-Dynamic-Binary-Uniformity-Trial/group_01/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_18/*UMA-Uniformity-Trial-10-Percent/group_03/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_01/*UMA-Uniformity-Trial-5-Percent/group_02/*UMA-Uniformity-Trial-50-Percent/group_01/UMAInitialMetricsTiming/Enabled/*UseDelayAgnosticAEC/Disabled/*VoiceTrigger/Install/*WebRTC-ScreencastTargetBitrateOvershoot/Enabled/*WebRTC-SupportVP9/Default/WebRTC-UDPSocketNonBlockingIO/Disabled/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --show-saved-copy=primary --extensions-on-chrome-urls --enable-pinch --device-scale-factor=1 --font-cache-shared-mem-suffix=3044 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=1 --use-image-texture-target=3553 --channel="3044.10.1417943996\74416552" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="3044.11.726431705\1482556081" --ppapi-flash-args=enable_hw_video_decode=1 --lang=cs --ignored=" --type=renderer " /prefetch:-632637702
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --test-type --enable-deferred-image-decoding --lang=cs --force-fieldtrials="*BackgroundRendererProcesses/AllowIdleFromBrowser2/*BrowserBlacklist/Enabled/*CTRequiredForEVTrial/RequirementEnforced/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Enabled/ChromeDashboard/Default/*ChromeSuggestions/Default/*DomRel-Enable/enable/*EmbeddedSearch/Group1 dev:pp6 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Enabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/ControlEnforce/*ExtensionInstallVerification/Enforce/GoogleNow/Enable/*IconNTP/Default/*LoadStaleCacheExperiment/Primary/*LocalNTPFast/Enabled/*NewProfileManagement/Enabled/*PasswordGeneration/Enabled/PasswordLinkInSettings/Disabled/*PrerenderFromOmnibox/OmniboxPrerenderEnabled/*RefreshTokenDeviceId/Enabled/*RememberCertificateErrorDecisions/Default/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/*SafeBrowsingIncidentReportingService/Default/*SdchPersistence/Enabled/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*SyncBackingDatabase32K/Enabled/*ThrottleExtensionBackgroundPages/ThrottlePersistent/*UMA-Dynamic-Binary-Uniformity-Trial/group_01/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_18/*UMA-Uniformity-Trial-10-Percent/group_03/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_01/*UMA-Uniformity-Trial-5-Percent/group_02/*UMA-Uniformity-Trial-50-Percent/group_01/UMAInitialMetricsTiming/Enabled/*UseDelayAgnosticAEC/Disabled/*VoiceTrigger/Install/*WebRTC-ScreencastTargetBitrateOvershoot/Enabled/*WebRTC-SupportVP9/Default/WebRTC-UDPSocketNonBlockingIO/Disabled/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --show-saved-copy=primary --extensions-on-chrome-urls --enable-pinch --device-scale-factor=1 --font-cache-shared-mem-suffix=3044 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=1 --use-image-texture-target=3553 --channel="3044.17.2006213353\245951217" /prefetch:673131151
C:\WINDOWS\system32\AUDIODG.EXE 0xc8
"C:\Users\sweety\Downloads\RSITx64.exe"
"C:\Program Files\AVAST Software\Avast\setup\instup.exe" /instop:update_vps
taskeng.exe {A4AA4563-3143-44EE-B0A2-2EF8277FC902}
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ua /installsource scheduler

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\WINDOWS\tasks\SearchHunt.job - c:\programdata\{0ba802db-f0ae-59fb-0ba8-802dbf0a0b6f}\download.exe --startup=1 --single

=========Mozilla firefox=========

ProfilePath - C:\Users\sweety\AppData\Roaming\Mozilla\Firefox\Profiles\06wxdfhu.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@iqiyi.com/npclient]
"Description"=iQiyi Browser Plugin
"Path"=C:\IQIYI Video\LStyle\npclient.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@iqiyi.com/npWebPlayer]
"Description"=pps-webplayer-plugin
"Path"=C:\IQIYI Video\LStyle\npWebPlayer.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0]
"Description"=Microsoft Lync Plug-in for Firefox
"Path"=C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@iqiyi.com/npclient]
"Description"=iQiyi Browser Plugin
"Path"=C:\IQIYI Video\LStyle\npclient.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@iqiyi.com/npWebPlayer]
"Description"=pps-webplayer-plugin
"Path"=C:\IQIYI Video\LStyle\npWebPlayer.dll

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-05-19 219304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}]
CIESpeechBHO Class - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-08-10 64640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-07 662672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-28 2334936]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-05-12 153768]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-07 565304]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-05-28 1729752]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2014-01-30 171992]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2014-01-30 399832]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2014-01-30 442328]
"PowerSkin"=c:\windows\temp\PowerSkin\PowerSkin.exe []
"DisableS3S4"=c:\windows\temp\DisableS3S464\sethigh.cmd []
"AuditSHD"=C:\windows\system32\oobe\auditshd.exe [2014-10-29 30208]
"BtTray"=C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [2012-08-10 764032]
"BtvStack"=C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [2012-08-10 127616]
"ACMON"=C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2012-06-07 90832]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2011-09-22 4035152]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2015-03-25 31682144]
"StartMenu"=C:\Users\sweety\AppData\Roaming\StartMenu\StartMenu.exe [2015-02-09 3359872]
"ShowDesktopAsRun"=C:\Users\sweety\AppData\Roaming\StartMenu\desktop.scf [2014-12-29 81]
"apphide"=C:\Program Files (x86)\baidu\baidu.exe [2015-06-20 61440]
"HCDNClient"=C:\IQIYI Video\Common\QyKernel.exe -shell_start []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"mcui_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey []
"HDAudDeck"=C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2012-08-16 5264016]
"AmIcoSinglun64"=C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [2012-08-23 366720]
"RemoteControl10"=C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [2012-03-28 91432]
"ASUSWebStorage"=C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [2012-08-28 3417984]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2015-07-07 5515496]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
AsusVibeLauncher.lnk - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2014-01-30 442880]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableCAD"=1
"SoftwareSASGeneration"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"midi2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2015-07-10 08:51:34 ----D---- C:\Program Files\trend micro
2015-07-08 11:15:29 ----A---- C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
2015-07-08 11:14:40 ----A---- C:\WINDOWS\system32\drivers\mbamchameleon.sys
2015-07-08 11:14:39 ----A---- C:\WINDOWS\system32\drivers\mwac.sys
2015-07-08 11:14:39 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2015-07-08 11:14:38 ----D---- C:\ProgramData\Malwarebytes
2015-07-08 11:14:38 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-08 11:10:01 ----D---- C:\AdwCleaner
2015-07-08 10:15:57 ----D---- C:\FRST
2015-07-08 09:38:46 ----D---- C:\Program Files (x86)\trend micro
2015-07-08 09:38:41 ----D---- C:\rsit
2015-07-07 19:58:52 ----D---- C:\Users\sweety\AppData\Roaming\AVAST Software
2015-07-07 19:56:25 ----A---- C:\WINDOWS\system32\drivers\aswVmm.sys
2015-07-07 19:56:25 ----A---- C:\WINDOWS\system32\drivers\aswStm.sys
2015-07-07 19:56:25 ----A---- C:\WINDOWS\system32\drivers\aswsp.sys
2015-07-07 19:56:25 ----A---- C:\WINDOWS\system32\drivers\aswSnx.sys
2015-07-07 19:56:25 ----A---- C:\WINDOWS\system32\drivers\aswRvrt.sys
2015-07-07 19:56:25 ----A---- C:\WINDOWS\system32\drivers\aswRdr2.sys
2015-07-07 19:56:25 ----A---- C:\WINDOWS\system32\drivers\aswMonFlt.sys
2015-07-07 19:56:25 ----A---- C:\WINDOWS\system32\drivers\aswHwid.sys
2015-07-07 19:56:23 ----A---- C:\WINDOWS\system32\aswBoot.exe
2015-07-07 19:56:05 ----A---- C:\WINDOWS\avastSS.scr
2015-07-07 19:54:49 ----D---- C:\Program Files\AVAST Software
2015-07-07 19:20:22 ----D---- C:\ProgramData\ESET
2015-07-07 19:20:22 ----D---- C:\Program Files\ESET
2015-07-02 20:46:56 ----D---- C:\ProgramData\LocalStorage
2015-07-02 20:41:52 ----D---- C:\Users\sweety\AppData\Roaming\ppslog
2015-07-02 18:50:04 ----A---- C:\WINDOWS\SYSWOW64\msftedit.dll
2015-07-02 18:50:03 ----A---- C:\WINDOWS\system32\msftedit.dll
2015-07-02 18:50:02 ----A---- C:\WINDOWS\SYSWOW64\puiobj.dll
2015-07-02 18:50:02 ----A---- C:\WINDOWS\system32\puiobj.dll
2015-07-02 18:50:02 ----A---- C:\WINDOWS\system32\localspl.dll
2015-07-02 18:50:01 ----A---- C:\WINDOWS\system32\compstui.dll
2015-07-02 18:49:59 ----A---- C:\WINDOWS\system32\rastapi.dll
2015-07-02 18:49:58 ----A---- C:\WINDOWS\SYSWOW64\rastapi.dll
2015-07-02 18:49:56 ----A---- C:\WINDOWS\SYSWOW64\rgb9rast.dll
2015-07-02 18:49:53 ----A---- C:\WINDOWS\SYSWOW64\UIAutomationCore.dll
2015-07-02 18:49:53 ----A---- C:\WINDOWS\system32\UIAutomationCore.dll
2015-07-02 18:49:50 ----A---- C:\WINDOWS\SYSWOW64\authz.dll
2015-07-02 18:49:50 ----A---- C:\WINDOWS\system32\authz.dll
2015-07-02 18:49:48 ----AC---- C:\WINDOWS\system32\drivers\USBXHCI.SYS
2015-07-02 18:49:47 ----A---- C:\WINDOWS\SYSWOW64\tquery.dll
2015-07-02 18:49:47 ----A---- C:\WINDOWS\SYSWOW64\mssrch.dll
2015-07-02 18:49:47 ----A---- C:\WINDOWS\system32\tquery.dll
2015-07-02 18:49:47 ----A---- C:\WINDOWS\system32\SearchIndexer.exe
2015-07-02 18:49:47 ----A---- C:\WINDOWS\system32\mssrch.dll
2015-07-02 18:49:47 ----A---- C:\WINDOWS\system32\mssph.dll
2015-07-02 18:49:46 ----A---- C:\WINDOWS\SYSWOW64\SearchProtocolHost.exe
2015-07-02 18:49:46 ----A---- C:\WINDOWS\SYSWOW64\SearchIndexer.exe
2015-07-02 18:49:46 ----A---- C:\WINDOWS\SYSWOW64\mssvp.dll
2015-07-02 18:49:46 ----A---- C:\WINDOWS\SYSWOW64\mssph.dll
2015-07-02 18:49:46 ----A---- C:\WINDOWS\system32\SearchProtocolHost.exe
2015-07-02 18:49:46 ----A---- C:\WINDOWS\system32\mssvp.dll
2015-07-02 18:49:46 ----A---- C:\WINDOWS\system32\mssphtb.dll
2015-07-02 18:49:45 ----A---- C:\WINDOWS\system32\UtcResources.dll
2015-07-02 18:49:45 ----A---- C:\WINDOWS\system32\diagtrack.dll
2015-07-02 16:14:07 ----D---- C:\Program Files (x86)\49db72e9-803a-4bde-bd30-595c8b753e55
2015-07-02 16:03:38 ----D---- C:\Users\sweety\AppData\Roaming\Opera Software
2015-07-02 16:01:51 ----D---- C:\Program Files (x86)\baidu
2015-07-02 16:00:18 ----D---- C:\Program Files (x86)\Seznam.cz
2015-07-02 15:59:24 ----D---- C:\Program Files (x86)\Opera
2015-07-02 15:57:55 ----D---- C:\Users\sweety\AppData\Roaming\Seznam.cz
2015-07-02 15:47:27 ----D---- C:\ProgramData\17679231924039402068
2015-06-30 20:47:04 ----D---- C:\Program Files (x86)\Mozilla Firefox
2015-06-30 20:28:05 ----A---- C:\WINDOWS\SYSWOW64\comctl32.dll
2015-06-30 20:28:05 ----A---- C:\WINDOWS\system32\comctl32.dll
2015-06-30 20:27:15 ----A---- C:\WINDOWS\system32\mshtml.dll
2015-06-30 20:27:03 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll
2015-06-30 20:26:56 ----A---- C:\WINDOWS\system32\jscript9.dll
2015-06-30 20:26:55 ----A---- C:\WINDOWS\system32\wininet.dll
2015-06-30 20:26:53 ----A---- C:\WINDOWS\SYSWOW64\ieframe.dll
2015-06-30 20:26:50 ----A---- C:\WINDOWS\SYSWOW64\wininet.dll
2015-06-30 20:26:49 ----A---- C:\WINDOWS\system32\ieframe.dll
2015-06-30 20:26:45 ----A---- C:\WINDOWS\SYSWOW64\jscript9.dll
2015-06-30 20:26:43 ----A---- C:\WINDOWS\system32\iertutil.dll
2015-06-30 20:26:40 ----A---- C:\WINDOWS\system32\urlmon.dll
2015-06-30 20:26:39 ----A---- C:\WINDOWS\SYSWOW64\urlmon.dll
2015-06-30 20:26:38 ----A---- C:\WINDOWS\SYSWOW64\jscript9diag.dll
2015-06-30 20:26:38 ----A---- C:\WINDOWS\SYSWOW64\iertutil.dll
2015-06-30 20:26:35 ----A---- C:\WINDOWS\system32\actxprxy.dll
2015-06-30 20:26:32 ----A---- C:\WINDOWS\SYSWOW64\msfeeds.dll
2015-06-30 20:26:32 ----A---- C:\WINDOWS\system32\vbscript.dll
2015-06-30 20:26:30 ----A---- C:\WINDOWS\SYSWOW64\vbscript.dll
2015-06-30 20:26:29 ----A---- C:\WINDOWS\system32\msfeeds.dll
2015-06-30 20:26:28 ----A---- C:\WINDOWS\SYSWOW64\jscript.dll
2015-06-30 20:26:28 ----A---- C:\WINDOWS\system32\jscript.dll
2015-06-30 20:26:25 ----A---- C:\WINDOWS\SYSWOW64\ieapfltr.dll
2015-06-30 20:26:25 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2015-06-30 20:26:24 ----A---- C:\WINDOWS\system32\jscript9diag.dll
2015-06-30 20:26:18 ----A---- C:\WINDOWS\SYSWOW64\dxtrans.dll
2015-06-30 20:26:16 ----A---- C:\WINDOWS\system32\dxtrans.dll
2015-06-30 20:26:15 ----A---- C:\WINDOWS\SYSWOW64\iedkcs32.dll
2015-06-30 20:26:15 ----A---- C:\WINDOWS\system32\webcheck.dll
2015-06-30 20:26:11 ----A---- C:\WINDOWS\SYSWOW64\actxprxy.dll
2015-06-30 20:26:10 ----A---- C:\WINDOWS\SYSWOW64\mshtmled.dll
2015-06-30 20:26:10 ----A---- C:\WINDOWS\system32\mshtmled.dll
2015-06-30 20:26:09 ----A---- C:\WINDOWS\system32\iepeers.dll
2015-06-30 20:26:08 ----A---- C:\WINDOWS\system32\ieui.dll
2015-06-30 20:26:07 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2015-06-30 20:26:06 ----A---- C:\WINDOWS\SYSWOW64\iepeers.dll
2015-06-30 20:26:04 ----A---- C:\WINDOWS\system32\inetcomm.dll
2015-06-30 20:26:03 ----A---- C:\WINDOWS\SYSWOW64\inetcomm.dll
2015-06-30 20:23:49 ----A---- C:\WINDOWS\system32\win32k.sys
2015-06-30 20:00:13 ----SD---- C:\WINDOWS\SYSWOW64\Microsoft

======List of files/folders modified in the last 1 month======

2015-07-10 08:51:52 ----D---- C:\WINDOWS\Prefetch
2015-07-10 08:51:34 ----RD---- C:\Program Files
2015-07-10 08:50:01 ----D---- C:\WINDOWS\Temp
2015-07-10 08:35:44 ----D---- C:\WINDOWS\Microsoft.NET
2015-07-10 08:00:02 ----D---- C:\WINDOWS\system32\sru
2015-07-10 07:53:58 ----D---- C:\Users\sweety\AppData\Roaming\Skype
2015-07-09 18:37:50 ----D---- C:\WINDOWS\System32
2015-07-09 18:37:50 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2015-07-09 18:37:49 ----D---- C:\WINDOWS\Inf
2015-07-09 15:58:45 ----A---- C:\WINDOWS\SYSWOW64\log.txt
2015-07-09 15:54:05 ----D---- C:\WINDOWS\system32\drivers
2015-07-09 15:12:14 ----D---- C:\WINDOWS\WinSxS
2015-07-09 15:12:14 ----D---- C:\WINDOWS\SysWOW64
2015-07-09 15:11:24 ----D---- C:\WINDOWS\CbsTemp
2015-07-09 15:10:59 ----D---- C:\WINDOWS\system32\config
2015-07-09 09:39:27 ----D---- C:\Program Files (x86)\AmIcoSingLun
2015-07-08 20:17:39 ----D---- C:\WINDOWS\system32\NDF
2015-07-08 18:01:06 ----SD---- C:\Users\sweety\AppData\Roaming\Microsoft
2015-07-08 11:25:10 ----RD---- C:\Program Files (x86)
2015-07-08 11:22:07 ----D---- C:\WINDOWS\Tasks
2015-07-08 11:22:07 ----D---- C:\WINDOWS\system32\Tasks
2015-07-08 11:21:59 ----D---- C:\Program Files\Common Files\System
2015-07-08 11:20:07 ----HD---- C:\ProgramData
2015-07-08 10:37:46 ----SHD---- C:\WINDOWS\Installer
2015-07-08 10:34:32 ----D---- C:\WINDOWS\system32\DriverStore
2015-07-08 10:28:22 ----D---- C:\Windows
2015-07-07 19:54:15 ----D---- C:\ProgramData\AVAST Software
2015-07-07 19:48:59 ----SHD---- C:\System Volume Information
2015-07-07 19:44:30 ----RSD---- C:\WINDOWS\assembly
2015-07-06 23:24:13 ----A---- C:\WINDOWS\SYSWOW64\FlashPlayerApp.exe
2015-07-06 14:48:09 ----D---- C:\WINDOWS\system32\catroot2
2015-07-06 00:11:54 ----D---- C:\WINDOWS\AppReadiness
2015-07-06 00:11:53 ----HD---- C:\Program Files\WindowsApps
2015-07-05 12:08:23 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2015-07-02 20:28:46 ----RD---- C:\WINDOWS\ToastData
2015-07-02 20:14:21 ----D---- C:\WINDOWS\system32\MRT
2015-07-02 20:07:09 ----A---- C:\WINDOWS\system32\MRT.exe
2015-07-02 19:49:23 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-02 19:24:18 ----HD---- C:\WINDOWS\system32\GroupPolicy
2015-07-02 19:14:47 ----D---- C:\Program Files (x86)\Adobe
2015-07-02 18:24:25 ----A---- C:\WINDOWS\win.ini
2015-07-02 18:18:49 ----D---- C:\WINDOWS\SYSWOW64\GroupPolicy
2015-07-02 16:25:45 ----SHD---- C:\$Recycle.Bin
2015-07-02 16:24:35 ----RSD---- C:\WINDOWS\Fonts
2015-07-02 15:53:49 ----SD---- C:\ProgramData\Microsoft
2015-07-01 19:27:14 ----D---- C:\WINDOWS\rescache
2015-06-30 21:15:00 ----D---- C:\Program Files (x86)\Internet Explorer
2015-06-30 21:14:59 ----D---- C:\Program Files\Internet Explorer
2015-06-30 21:14:58 ----D---- C:\WINDOWS\SYSWOW64\cs-CZ
2015-06-30 21:14:53 ----D---- C:\WINDOWS\system32\cs-CZ
2015-06-30 21:14:53 ----D---- C:\WINDOWS\PolicyDefinitions
2015-06-29 11:36:43 ----D---- C:\Program Files\Microsoft Office 15
2015-06-29 09:13:22 ----D---- C:\WINDOWS\system32\wbem
2015-06-29 09:11:11 ----SD---- C:\WINDOWS\system32\CompatTel
2015-06-29 09:11:11 ----RSD---- C:\WINDOWS\Media
2015-06-29 09:11:11 ----D---- C:\ProgramData\P4G
2015-06-29 09:11:10 ----D---- C:\WINDOWS\SYSWOW64\wbem
2015-06-29 09:11:10 ----D---- C:\WINDOWS\SYSWOW64\migration
2015-06-29 09:11:09 ----RD---- C:\WINDOWS\ImmersiveControlPanel
2015-06-29 09:11:09 ----D---- C:\WINDOWS\system32\migration
2015-06-29 09:11:09 ----D---- C:\WINDOWS\system32\drivers\UMDF
2015-06-29 09:11:09 ----D---- C:\WINDOWS\apppatch
2015-06-29 09:10:44 ----SD---- C:\WINDOWS\system32\GWX
2015-06-29 09:10:36 ----D---- C:\WINDOWS\system32\CodeIntegrity
2015-06-29 09:10:35 ----D---- C:\WINDOWS\servicing
2015-06-29 09:10:25 ----D---- C:\ProgramData\Skype
2015-06-29 09:10:09 ----D---- C:\Program Files\Common Files\microsoft shared
2015-06-29 09:10:06 ----RD---- C:\Program Files (x86)\Skype
2015-06-29 09:10:05 ----D---- C:\Program Files (x86)\Common Files
2015-06-29 08:53:17 ----D---- C:\WINDOWS\registration
2015-06-29 08:50:19 ----D---- C:\WINDOWS\system32\Sysprep
2015-06-29 08:02:07 ----D---- C:\WINDOWS\Logs

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\WINDOWS\system32\drivers\aswRvrt.sys [2015-07-07 65736]
R0 aswVmm;avast! VM Monitor; C:\WINDOWS\system32\drivers\aswVmm.sys [2015-07-07 272248]
R0 iaStorA;iaStorA; C:\WINDOWS\System32\drivers\iaStorA.sys [2012-07-24 645952]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [2015-07-07 93528]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2015-07-07 1047320]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2015-07-07 442264]
R1 ATKWMIACPIIO;ATKWMIACPI Driver; \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-09-07 17536]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\WINDOWS\system32\DRIVERS\vwififlt.sys [2014-04-30 71680]
R2 ASMMAP64;ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]
R2 aswHwid;avast! HardwareID; C:\WINDOWS\system32\drivers\aswHwid.sys [2015-07-07 29168]
R2 aswMonFlt;aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [2015-07-07 89944]
R2 aswStm;aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [2015-07-07 137288]
R2 eamonm;eamonm; C:\WINDOWS\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
R2 epfwwfpr;epfwwfpr; C:\WINDOWS\system32\DRIVERS\epfwwfpr.sys [2011-08-04 137144]
R3 AiCharger;ASUS Charger Driver; C:\WINDOWS\system32\DRIVERS\AiCharger.sys [2012-07-24 17152]
R3 AthBTPort;@oem6.inf,%BTHSUPPORT.SvcDesc%;Qualcomm Atheros Virtual Bluetooth Class; C:\WINDOWS\system32\DRIVERS\btath_flt.sys [2012-08-10 88728]
R3 athr;@athw8x.inf,%ATHR.Service.DispName%;Qualcomm Atheros Extensible Wireless LAN device driver; C:\WINDOWS\system32\DRIVERS\athw8x.sys [2013-06-18 3680256]
R3 ATP;@oem22.inf,%PS2.DeviceDesc%;ASUS Input Device; C:\WINDOWS\System32\drivers\AsusTP.sys [2013-04-16 65784]
R3 BTATH_A2DP;@oem5.inf,%BTATH_A2DP.SvcDesc%;Bluetooth A2DP Audio Driver; C:\WINDOWS\system32\drivers\btath_a2dp.sys [2012-08-10 344216]
R3 btath_avdt;@oem5.inf,%btath_avdt.SvcDesc%;Qualcomm Atheros Bluetooth AVDT Service; C:\WINDOWS\system32\drivers\btath_avdt.sys [2012-08-10 114840]
R3 BTATH_BUS;@oem23.inf,%BTATH_BUS.SVCDESC%;Qualcomm Atheros Bluetooth Bus; C:\WINDOWS\System32\drivers\btath_bus.sys [2012-08-10 33944]
R3 BTATH_HCRP;@oem8.inf,%BTATH_HCRP.SvcDesc%;Bluetooth HCRP Server driver; C:\WINDOWS\System32\drivers\btath_hcrp.sys [2012-08-10 178840]
R3 BTATH_LWFLT;@oem9.inf,%BTATH_LWFLT%;Bluetooth LWFLT Device; C:\WINDOWS\system32\DRIVERS\btath_lwflt.sys [2012-08-10 76952]
R3 BTATH_RCP;@oem11.inf,%BTATH_RCP%;Bluetooth AVRCP Device; C:\WINDOWS\System32\drivers\btath_rcp.sys [2012-08-10 135832]
R3 BtFilter;BtFilter; C:\WINDOWS\system32\DRIVERS\btfilter.sys [2014-01-28 593000]
R3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Služba Bluetooth Enumerator; C:\WINDOWS\System32\drivers\BthEnum.sys [2014-10-29 53248]
R3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Ovladač úspory energie technologie Bluetooth; C:\WINDOWS\system32\DRIVERS\BthLEEnum.sys [2014-09-24 226304]
R3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Zařízení Bluetooth (síť PAN); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2014-09-24 118272]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2014-10-29 81920]
R3 HIDSwitch;@oem15.inf,%ASSW.DisplayName%;ASUS Wireless Radio Control; C:\WINDOWS\System32\drivers\AsHIDSwitch64.sys [2012-05-31 21152]
R3 igfx;igfx; C:\WINDOWS\system32\DRIVERS\igdkmd64.sys [2014-01-30 5363200]
R3 IntcDAud;@oem19.inf,%IntcDAud.SvcDesc%;Intel(R) Display Audio; C:\WINDOWS\system32\DRIVERS\IntcDAud.sys [2012-06-19 342528]
R3 kbfiltr;@oem14.inf,%kbfiltr.SvcDesc%;Keyboard Filter; C:\WINDOWS\System32\drivers\kbfiltr.sys [2012-08-02 14992]
R3 L1C;@netl1c63x64.inf,%L1C.Service.DispName%;NDIS Miniport – ovladač pro řadič Qualcomm Atheros AR81xx PCI-E Ethernet; C:\WINDOWS\system32\DRIVERS\L1C63x64.sys [2013-06-18 129224]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys [2015-06-18 25816]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [2015-07-10 113880]
R3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\WINDOWS\system32\drivers\mwac.sys [2015-06-18 64216]
R3 MEIx64;@oem20.inf,%HECI_SvcDesc%;Intel(R) Management Engine Interface ; C:\WINDOWS\System32\drivers\HECIx64.sys [2012-07-02 62784]
R3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\System32\drivers\rfcomm.sys [2015-01-30 167424]
R3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2014-06-21 212736]
R3 VIAHdAudAddService;@oem21.inf,%UAAFunctionDriverForHdAudio.SvcDesc%;VIA High Definition Audio Driver Service; C:\WINDOWS\system32\drivers\viahduaa.sys [2012-08-14 2206352]
R3 vwifimp;@%SystemRoot%\System32\drivers\vwifimp.sys,-261; C:\WINDOWS\system32\DRIVERS\vwifimp.sys [2014-04-30 38912]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2014-10-29 1198080]
S3 nmwcd;@oem26.inf,%MFG% %SVC%;Nokia USB Phone Parent Driver; C:\WINDOWS\system32\drivers\ccdcmbx64.sys [2011-08-17 19968]
S3 nmwcdc;@oem30.inf,%MFG% %SVC%;Nokia USB Communication Driver; C:\WINDOWS\system32\drivers\ccdcmbox64.sys [2011-08-17 27136]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltx64.sys [2011-08-17 9216]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2013-08-22 33280]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltjx64.sys [2011-08-17 9216]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-06-12 82112]
R2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [2012-07-23 105120]
R2 ASUS InstantOn;ASUS InstantOn Service; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [2012-04-13 277120]
R2 AtherosSvc;AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [2012-08-10 211584]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [2011-11-21 96896]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-07-07 343336]
R2 ClickToRunSvc;Služba Microsoft Office ClickToRun; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2015-04-07 2736824]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\WINDOWS\System32\svchost.exe [2014-10-29 38792]
R2 DragonUpdater;COMODO Dragon Update Service; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2014-05-27 2139328]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-09-22 974944]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-04-20 635104]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-06-25 166720]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2012-07-17 277824]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-06-18 1133880]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-06-18 1871160]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-07-17 365376]
R2 VIAKaraokeService;@oem21.inf,%ViaKaraokeSrv.SvcDesc%;VIA Karaoke digital mixer Service; C:\WINDOWS\system32\viakaraokesrv.exe [2012-08-14 27792]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-09 107848]
S2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe []
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-02-18 315488]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\WINDOWS\System32\svchost.exe [2014-10-29 38792]
S3 cphs;Intel(R) Content Protection HECI Service; C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe [2014-01-30 279000]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2013-08-03 43696]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-09 107848]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-06-30 148080]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2014-12-13 150600]

-----------------EOF-----------------

Tady je jeden log, ale to druhé, přesně, jak píšete, se mi blokuje. Vypla jsem i antivir, ale píše, že Chrome zablokoval stránku, nemohu se tam dostat

#15 Příspěvek od **Márty84** » 10 črc 2015 08:15

Tak spustte jen samotny FRST, tak jako na zacatku.

VIRY.CZ

Keylogger?

Keylogger?

Re: Keylogger?

Re: Keylogger?

Re: Keylogger?

Re: Keylogger?

Re: Keylogger?

Re: Keylogger?

Re: Keylogger?

Re: Keylogger?

Re: Keylogger?

Re: Keylogger?

Re: Keylogger?

Re: Keylogger?

Re: Keylogger?

Re: Keylogger?