Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Neodstranitelný malware

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
Lemmy11
Návštěvník
Návštěvník
Příspěvky: 8
Registrován: 25 črc 2015 12:54

Neodstranitelný malware

#1 Příspěvek od Lemmy11 »

Dobrý den,

potřebuji pomoc s havětí, co se mi dostala do PC. Malwarebytes detekuje několik hrozeb, ale při pokusu o jejich odstranění spadne. Po restartování programu smazat jdou, ale při dalším skenu se objeví znovu.

Prosím o radu, pokud je možné něco vyčíst z logu.


Logfile of random's system information tool 1.10 (written by random/random)
Run by Petr at 2015-07-25 13:40:40
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 392 GB (55%) free of 715 GB
Total RAM: 8073 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:40:46, on 25.7.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Users\Petr\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Program Files (x86)\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Microsoft Visual Studio 11.0\VC\vcpackages\VCPkgSrv.exe
C:\Program Files\trend micro\Petr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/?clid=13415
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll
O2 - BHO: Microsoft Web Test Recorder 10.0 Helper - {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - (no file)
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe /start
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\RunOnce: [20150107] C:\Program Files\AVAST Software\Avast\setup\emupdate\8f935949-d39b-4067-89ff-753604bb75cd.exe /check
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [EPSON680352 (Epson Stylus SX525WD)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGAE.EXE /FU "C:\Windows\TEMP\E_SBA32.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON SX525WD Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGAE.EXE /FU "C:\Windows\TEMP\E_S2A81.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [AccelerometerSysTrayApplet] "C:\Program Files\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.Exe"
O4 - HKCU\..\Run: [EPSON SX525WD Series (kopie 1)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGAE.EXE /FU "C:\Windows\TEMP\E_S72B.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [f.lux] "C:\Users\Petr\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
O4 - HKCU\..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')
O4 - HKUS\S-1-5-21-3068799367-1245275925-3185582627-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart (User '?')
O4 - HKUS\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'MSSQL$SQLEXPRESS')
O4 - HKUS\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'MSSQL$SQLEXPRESS')
O4 - HKUS\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\national instruments\shared\mdns responder\nimdnsnsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{3095CDBF-813B-498F-9934-1FD9DBD3F01A}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E6A6E78-D9FD-4E4A-AB36-41ECD558E531}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avast Antivirus (avast! Antivirus) - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: BlueSoleilCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
O23 - Service: BsHelpCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
O23 - Service: @%ProgramFiles%\Windows Identity Foundation\v3.5\c2wtsres.dll,-1000 (c2wts) - Unknown owner - C:\Program Files (x86)\Windows Identity Foundation\v3.5\c2wtshost.exe (file missing)
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: DokanMounter - Unknown owner - C:\Program Files (x86)\Paragon Software\Paragon ExtFS for Windows\Dokan\DokanLibrary\mounter.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Sentinel LDK License Manager (hasplms) - Unknown owner - C:\Windows\system32\hasplms.exe (file missing)
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: hpHotkeyMonitor - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\Windows\SysWOW64\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - C:\Windows\SysWOW64\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\Windows\SysWOW64\lktsrv.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NI Application Web Server (NIApplicationWebServer) - National Instruments Corporation - C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments Corporation - C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: National Instruments mDNS Responder Service (nimDNSResponder) - National Instruments Corporation - C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
O23 - Service: NI System Web Server (niSvcLoc) - National Instruments Corporation - C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10122 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel(R) Extreme Tuning Utility Service (XTU3SERVICE) - Intel(R) Corporation - C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe

--
End of file - 16671 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
"C:\Program Files\IDT\WDM\STacSV64.exe"
atieclxx
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe"
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files (x86)\Paragon Software\Paragon ExtFS for Windows\Dokan\DokanLibrary\mounter.exe"
"C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE"
"C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE"
C:\Windows\system32\hasplms.exe -run
"C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe"
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
C:\Windows\SysWOW64\lkads.exe
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
"C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS
"C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe"
"C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe" -system
"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
C:\Windows\SysWOW64\vmnat.exe
C:\Windows\SysWOW64\lkcitdl.exe
C:\Windows\SysWOW64\lktsrv.exe
"C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
"C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe"
"C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe" -user
"C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe"
C:\Windows\System32\alg.exe
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe"
"C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe"
"C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe"
C:\Windows\System32\svchost.exe -k secsvcs
ngservice.exe pipeserver
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-04ae0736-160a-461f-8b94-9f5a42f5de71 -SystemEventPortName:HostProcess-1b235e8e-7b0a-48ab-9fb5-983408e2f8f4 -IoCancelEventPortName:HostProcess-08b50ac0-b531-4484-9b90-ec969ffc196d -NonStateChangingEventPortName:HostProcess-6e746ae8-2500-4516-8c94-7c23cc31007c -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:1949c692-d6d5-4a1d-809b-6f8584abe55a -DeviceGroupId:
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe"
"C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
"C:\Program Files\Hewlett-Packard\HP 3D DriveGuard\accelerometerST.exe"
"C:\Users\Petr\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
"C:\Program Files (x86)\Windows Sidebar\sidebar.exe" /autoRun
"C:\Windows\System32\StikyNot.exe"
"C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
"C:\Windows\system32\GWX\GWX.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe" /Start
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe" /start
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe"
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe" -Embedding
C:\Windows\servicing\TrustedInstaller.exe
"taskhost.exe"
"C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe"
"C:\Windows\system32\notepad.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
C:\Windows\system32\rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy
WicaInventory.exe /apps /fast /ext "exe,sys" /output "C:\Windows\TEMP\CompatTelemetryLogs\WICA_Programs_PETR-PC.xml" /log "C:\Windows\TEMP\CompatTelemetryLogs" "C:\Windows\system32\CompatTel"
\??\C:\Windows\system32\conhost.exe "-1903079765556336744-525625329247175993-697556789-1557572106373933234-379094231
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe"
explorer.exe
-s {7374B5CA-3A8D-408F-B321-23CC360E20D9} -p 8976

"C:\Users\Petr\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-3068799367-1245275925-3185582627-1000Core.job - C:\Users\Petr\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c
C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-3068799367-1245275925-3185582627-1000UA.job - C:\Users\Petr\AppData\Local\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\HPCeeScheduleForPetr.job - C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForPetr (null)

=========Mozilla firefox=========

ProfilePath - C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\rt2ob5hs.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.domovska-stranka.cz/megasmrt"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 18.0.0.209 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf]
"Description"=
"Path"=C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.45.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.45.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@wolfram.com/Mathematica]
"Description"=Wolfram Mathematica Plug-in
"Path"=C:\Program Files (x86)\Common Files\Wolfram Research\Browser\9.0.1.4055459\npmathplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 18.0.0.209 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.80.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.80.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll


C:\Program Files (x86)\Mozilla Firefox\plugins\
nplv2010win32.dll
nplv2011win32.dll
nppdf32.dll

C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\rt2ob5hs.default\extensions\
donottrackplus@abine.com
r2d2b2g@mozilla.org
{56B7AD5C-9854-11E0-908B-34214824019B}

C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\rt2ob5hs.default\searchplugins\
vyhledvn-vide-ve-slub-youtube.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2015-07-07 553896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-06-13 662672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-07-07 211880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28 303416]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-22 460712]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{876d9f09-c6d6-4324-a2cc-04dd9a4de12f}]
Microsoft Web Test Recorder 10.0 Helper - C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2012-07-26 74888]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-06-13 565304]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-22 172968]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}
{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-11-05 3056880]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2012-03-26 170264]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2012-03-26 398616]
"Persistence"=C:\Windows\system32\igfxpers.exe [2012-03-26 439064]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2012-11-12 1664000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"=C:\Program Files (x86)\Google\Drive\googledrivesync.exe [2015-06-20 22012688]
"EPSON680352 (Epson Stylus SX525WD)"=C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGAE.EXE [2010-01-12 224768]
"EPSON SX525WD Series"=C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGAE.EXE [2010-01-12 224768]
"AccelerometerSysTrayApplet"=C:\Program Files\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.Exe [2013-06-11 75584]
"EPSON SX525WD Series (kopie 1)"=C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGAE.EXE [2010-01-12 224768]
"f.lux"=C:\Users\Petr\AppData\Local\FluxSoftware\Flux\flux.exe [2013-10-24 1017224]
"Sidebar"=C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-21 1174016]
"RESTART_STICKY_NOTES"=C:\Windows\System32\StikyNot.exe [2009-07-14 427520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21 959176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe /s []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-07-03 3673184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dropbox Update]
C:\Users\Petr\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-24 134512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ext2 Volume Manager]
C:\Program Files\Ext2Fsd\Ext2Mgr.exe [2014-08-26 1217176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_Plugin.exe -update plugin []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NCPluginUpdater]
c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe [2015-07-15 21304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NI Update Service]
C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe [2011-11-02 3004512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
C:\Program Files\OO Software\Defrag\oodtray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WindowsIoTCoreWatcher.lnk]
C:\PROGRA~2\MI28D0~1\WINDOW~1.EXE [2015-06-19 399336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Petr^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
C:\Users\Petr\AppData\Roaming\Dropbox\bin\Dropbox.exe [2015-06-26 43871968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Petr^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Serviio.lnk]
C:\PROGRA~1\Serviio\bin\SERVII~3.EXE []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"=C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2009-06-17 288312]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2012-10-24 290688]
"QLBController"=C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [2012-09-12 334240]
""= []
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2015-06-13 5515496]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-03-29 636032]
"AMD AVT"=Cmd.exe /c start AMD Accelerated Video Transcoding device initialization /min C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe aml []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce]
"20150107"=C:\Program Files\AVAST Software\Avast\setup\emupdate\8f935949-d39b-4067-89ff-753604bb75cd.exe [2015-07-24 183232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\System32\igfxdev.dll [2012-03-26 434688]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0x91000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux1"=wdmaud.drv
"wave3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - "C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\Dreamweaver.exe","%1"

======List of files/folders created in the last 1 month======

2015-07-25 13:11:37 ----D---- C:\Program Files\trend micro
2015-07-25 13:11:35 ----D---- C:\rsit
2015-07-18 08:58:11 ----SHD---- C:\Config.Msi
2015-07-17 17:13:07 ----D---- C:\Program Files (x86)\Paragon Software
2015-07-17 17:07:44 ----A---- C:\Windows\system32\drivers\ext2fsd.sys
2015-07-17 17:07:43 ----D---- C:\Program Files\Ext2Fsd
2015-07-17 15:09:40 ----D---- C:\Program Files (x86)\Microsoft IoT
2015-07-17 15:08:20 ----D---- C:\Program Files (x86)\DiskInternals
2015-07-13 14:34:46 ----A---- C:\test7.txt
2015-07-10 09:38:13 ----A---- C:\test6.txt
2015-07-09 09:42:44 ----A---- C:\test5.txt
2015-07-09 09:39:32 ----A---- C:\test4.txt
2015-07-09 09:32:29 ----A---- C:\test3.txt
2015-07-08 21:49:33 ----A---- C:\test2.txt
2015-07-08 21:17:37 ----A---- C:\test.txt
2015-07-08 19:40:49 ----D---- C:\Program Files (x86)\FreeCommander XE
2015-07-07 22:44:15 ----SD---- C:\Windows\SYSWOW64\GWX
2015-07-07 22:44:13 ----SD---- C:\Windows\system32\GWX
2015-07-07 22:08:20 ----D---- C:\Program Files (x86)\Mozilla Firefox
2015-07-07 21:03:13 ----A---- C:\Windows\SYSWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-07-07 21:03:13 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-07-07 21:00:42 ----D---- C:\Program Files\Microsoft Silverlight
2015-07-07 21:00:42 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2015-07-07 20:55:09 ----A---- C:\Windows\SYSWOW64\blackbox.dll
2015-07-07 20:55:09 ----A---- C:\Windows\system32\blackbox.dll
2015-07-07 20:55:08 ----A---- C:\Windows\system32\drmv2clt.dll
2015-07-07 20:55:07 ----A---- C:\Windows\SYSWOW64\drmv2clt.dll
2015-07-07 20:55:01 ----A---- C:\Windows\system32\wmdrmsdk.dll
2015-07-07 20:55:00 ----A---- C:\Windows\SYSWOW64\wmdrmsdk.dll
2015-07-07 20:55:00 ----A---- C:\Windows\SYSWOW64\mf.dll
2015-07-07 20:54:57 ----A---- C:\Windows\system32\drmmgrtn.dll
2015-07-07 20:54:56 ----A---- C:\Windows\SYSWOW64\drmmgrtn.dll
2015-07-07 20:54:56 ----A---- C:\Windows\system32\crypt32.dll
2015-07-07 20:54:55 ----A---- C:\Windows\system32\drivers\PEAuth.sys
2015-07-07 20:54:55 ----A---- C:\Windows\system32\ci.dll
2015-07-07 20:54:54 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2015-07-07 20:54:54 ----A---- C:\Windows\system32\winload.exe
2015-07-07 20:54:54 ----A---- C:\Windows\system32\quartz.dll
2015-07-07 20:54:54 ----A---- C:\Windows\system32\cryptsvc.dll
2015-07-07 20:54:53 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2015-07-07 20:54:53 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll
2015-07-07 20:54:53 ----A---- C:\Windows\system32\wintrust.dll
2015-07-07 20:54:53 ----A---- C:\Windows\system32\winresume.exe
2015-07-07 20:54:53 ----A---- C:\Windows\system32\evr.dll
2015-07-07 20:54:52 ----A---- C:\Windows\SYSWOW64\evr.dll
2015-07-07 20:54:52 ----A---- C:\Windows\system32\cryptui.dll
2015-07-07 20:54:49 ----A---- C:\Windows\system32\mfplat.dll
2015-07-07 20:54:48 ----A---- C:\Windows\SYSWOW64\quartz.dll
2015-07-07 20:54:47 ----A---- C:\Windows\SYSWOW64\mfplat.dll
2015-07-07 20:54:47 ----A---- C:\Windows\SYSWOW64\cryptui.dll
2015-07-07 20:54:47 ----A---- C:\Windows\system32\pcasvc.dll
2015-07-07 20:54:47 ----A---- C:\Windows\system32\drivers\mountmgr.sys
2015-07-07 20:54:46 ----A---- C:\Windows\SYSWOW64\cryptsp.dll
2015-07-07 20:54:46 ----A---- C:\Windows\system32\cryptsp.dll
2015-07-07 20:54:45 ----A---- C:\Windows\system32\mf.dll
2015-07-07 20:54:44 ----A---- C:\Windows\system32\msscp.dll
2015-07-07 20:54:42 ----A---- C:\Windows\SYSWOW64\qdvd.dll
2015-07-07 20:54:42 ----A---- C:\Windows\system32\msnetobj.dll
2015-07-07 20:54:42 ----A---- C:\Windows\system32\appidapi.dll
2015-07-07 20:54:41 ----A---- C:\Windows\SYSWOW64\msscp.dll
2015-07-07 20:54:41 ----A---- C:\Windows\SYSWOW64\msnetobj.dll
2015-07-07 20:54:41 ----A---- C:\Windows\SYSWOW64\cryptnet.dll
2015-07-07 20:54:41 ----A---- C:\Windows\SYSWOW64\AudioEng.dll
2015-07-07 20:54:41 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2015-07-07 20:54:41 ----A---- C:\Windows\system32\rrinstaller.exe
2015-07-07 20:54:41 ----A---- C:\Windows\system32\qdvd.dll
2015-07-07 20:54:41 ----A---- C:\Windows\system32\pcadm.dll
2015-07-07 20:54:41 ----A---- C:\Windows\system32\drivers\appid.sys
2015-07-07 20:54:41 ----A---- C:\Windows\system32\cryptnet.dll
2015-07-07 20:54:41 ----A---- C:\Windows\system32\audiosrv.dll
2015-07-07 20:54:41 ----A---- C:\Windows\system32\AudioSes.dll
2015-07-07 20:54:41 ----A---- C:\Windows\system32\AUDIOKSE.dll
2015-07-07 20:54:41 ----A---- C:\Windows\system32\AudioEng.dll
2015-07-07 20:54:41 ----A---- C:\Windows\system32\audiodg.exe
2015-07-07 20:54:41 ----A---- C:\Windows\system32\appidsvc.dll
2015-07-07 20:54:40 ----A---- C:\Windows\SYSWOW64\rrinstaller.exe
2015-07-07 20:54:40 ----A---- C:\Windows\SYSWOW64\mfps.dll
2015-07-07 20:54:40 ----A---- C:\Windows\SYSWOW64\mfpmp.exe
2015-07-07 20:54:40 ----A---- C:\Windows\SYSWOW64\AudioSes.dll
2015-07-07 20:54:40 ----A---- C:\Windows\SYSWOW64\AUDIOKSE.dll
2015-07-07 20:54:40 ----A---- C:\Windows\system32\setbcdlocale.dll
2015-07-07 20:54:40 ----A---- C:\Windows\system32\pcawrk.exe
2015-07-07 20:54:40 ----A---- C:\Windows\system32\pcalua.exe
2015-07-07 20:54:40 ----A---- C:\Windows\system32\pcaevts.dll
2015-07-07 20:54:40 ----A---- C:\Windows\system32\msmmsp.dll
2015-07-07 20:54:40 ----A---- C:\Windows\system32\mfps.dll
2015-07-07 20:54:40 ----A---- C:\Windows\system32\mfpmp.exe
2015-07-07 20:54:40 ----A---- C:\Windows\system32\EncDump.dll
2015-07-07 20:54:40 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2015-07-07 20:54:40 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2015-07-07 20:54:39 ----A---- C:\Windows\SYSWOW64\mferror.dll
2015-07-07 20:54:39 ----A---- C:\Windows\system32\mferror.dll
2015-07-07 20:53:48 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2015-07-07 20:53:48 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2015-07-07 20:53:48 ----A---- C:\Windows\system32\ieetwproxystub.dll
2015-07-07 20:53:48 ----A---- C:\Windows\system32\ieetwcollector.exe
2015-07-07 20:53:47 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2015-07-07 20:53:47 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2015-07-07 20:53:47 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2015-07-07 20:53:47 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2015-07-07 20:53:47 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2015-07-07 20:53:47 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2015-07-07 20:53:47 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2015-07-07 20:53:47 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2015-07-07 20:53:47 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-07 20:53:47 ----A---- C:\Windows\system32\iernonce.dll
2015-07-07 20:53:47 ----A---- C:\Windows\system32\ie4uinit.exe
2015-07-07 20:53:46 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2015-07-07 20:53:46 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2015-07-07 20:53:46 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2015-07-07 20:53:46 ----A---- C:\Windows\system32\iedkcs32.dll
2015-07-07 20:53:45 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2015-07-07 20:53:45 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2015-07-07 20:53:45 ----A---- C:\Windows\SYSWOW64\jscript.dll
2015-07-07 20:53:45 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2015-07-07 20:53:45 ----A---- C:\Windows\SYSWOW64\ieui.dll
2015-07-07 20:53:45 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2015-07-07 20:53:45 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2015-07-07 20:53:45 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2015-07-07 20:53:45 ----A---- C:\Windows\system32\urlmon.dll
2015-07-07 20:53:45 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-07 20:53:45 ----A---- C:\Windows\system32\msfeeds.dll
2015-07-07 20:53:45 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2015-07-07 20:53:45 ----A---- C:\Windows\system32\dxtrans.dll
2015-07-07 20:53:44 ----A---- C:\Windows\system32\iesetup.dll
2015-07-07 20:53:44 ----A---- C:\Windows\system32\ieapfltr.dll
2015-07-07 20:53:43 ----A---- C:\Windows\SYSWOW64\wininet.dll
2015-07-07 20:53:43 ----A---- C:\Windows\SYSWOW64\msrating.dll
2015-07-07 20:53:43 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2015-07-07 20:53:43 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2015-07-07 20:53:43 ----A---- C:\Windows\system32\vbscript.dll
2015-07-07 20:53:43 ----A---- C:\Windows\system32\jsproxy.dll
2015-07-07 20:53:43 ----A---- C:\Windows\system32\ieUnatt.exe
2015-07-07 20:53:43 ----A---- C:\Windows\system32\iertutil.dll
2015-07-07 20:53:42 ----A---- C:\Windows\system32\mshtmled.dll
2015-07-07 20:53:42 ----A---- C:\Windows\system32\ieui.dll
2015-07-07 20:53:42 ----A---- C:\Windows\system32\ieframe.dll
2015-07-07 20:53:42 ----A---- C:\Windows\system32\dxtmsft.dll
2015-07-07 20:53:41 ----A---- C:\Windows\system32\wininet.dll
2015-07-07 20:53:41 ----A---- C:\Windows\system32\mshtmlmedia.dll
2015-07-07 20:53:41 ----A---- C:\Windows\system32\jscript9diag.dll
2015-07-07 20:53:41 ----A---- C:\Windows\system32\jscript9.dll
2015-07-07 20:53:41 ----A---- C:\Windows\system32\jscript.dll
2015-07-07 20:53:40 ----A---- C:\Windows\system32\msrating.dll
2015-07-07 20:53:40 ----A---- C:\Windows\system32\MshtmlDac.dll
2015-07-07 20:53:39 ----A---- C:\Windows\system32\mshtml.dll
2015-07-07 20:53:02 ----A---- C:\Windows\system32\UtcResources.dll
2015-07-07 20:53:01 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-07-07 20:53:01 ----A---- C:\Windows\system32\diagtrack.dll
2015-07-07 20:53:00 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2015-07-07 20:53:00 ----A---- C:\Windows\system32\ntdll.dll
2015-07-07 20:53:00 ----A---- C:\Windows\system32\lsasrv.dll
2015-07-07 20:52:59 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2015-07-07 20:52:59 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2015-07-07 20:52:59 ----A---- C:\Windows\system32\schannel.dll
2015-07-07 20:52:59 ----A---- C:\Windows\system32\kernel32.dll
2015-07-07 20:52:59 ----A---- C:\Windows\system32\kerberos.dll
2015-07-07 20:52:58 ----A---- C:\Windows\SYSWOW64\schannel.dll
2015-07-07 20:52:58 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2015-07-07 20:52:58 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2015-07-07 20:52:58 ----A---- C:\Windows\system32\tdh.dll
2015-07-07 20:52:58 ----A---- C:\Windows\system32\msv1_0.dll
2015-07-07 20:52:58 ----A---- C:\Windows\system32\KernelBase.dll
2015-07-07 20:52:57 ----A---- C:\Windows\SYSWOW64\tdh.dll
2015-07-07 20:52:57 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2015-07-07 20:52:57 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2015-07-07 20:52:57 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2015-07-07 20:52:57 ----A---- C:\Windows\system32\wow64win.dll
2015-07-07 20:52:57 ----A---- C:\Windows\system32\wow64.dll
2015-07-07 20:52:57 ----A---- C:\Windows\system32\winsrv.dll
2015-07-07 20:52:57 ----A---- C:\Windows\system32\TSpkg.dll
2015-07-07 20:52:57 ----A---- C:\Windows\system32\ncrypt.dll
2015-07-07 20:52:57 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2015-07-07 20:52:57 ----A---- C:\Windows\system32\advapi32.dll
2015-07-07 20:52:57 ----A---- C:\Windows\system32\adtschema.dll
2015-07-07 20:52:56 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2015-07-07 20:52:56 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2015-07-07 20:52:56 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2015-07-07 20:52:56 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2015-07-07 20:52:56 ----A---- C:\Windows\system32\wdigest.dll
2015-07-07 20:52:56 ----A---- C:\Windows\system32\srcore.dll
2015-07-07 20:52:56 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2015-07-07 20:52:56 ----A---- C:\Windows\system32\conhost.exe
2015-07-07 20:52:55 ----A---- C:\Windows\SYSWOW64\typeperf.exe
2015-07-07 20:52:55 ----A---- C:\Windows\SYSWOW64\tracerpt.exe
2015-07-07 20:52:55 ----A---- C:\Windows\SYSWOW64\setup16.exe
2015-07-07 20:52:55 ----A---- C:\Windows\SYSWOW64\sechost.dll
2015-07-07 20:52:55 ----A---- C:\Windows\SYSWOW64\relog.exe
2015-07-07 20:52:55 ----A---- C:\Windows\SYSWOW64\logman.exe
2015-07-07 20:52:55 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2015-07-07 20:52:55 ----A---- C:\Windows\system32\typeperf.exe
2015-07-07 20:52:55 ----A---- C:\Windows\system32\tracerpt.exe
2015-07-07 20:52:55 ----A---- C:\Windows\system32\sspicli.dll
2015-07-07 20:52:55 ----A---- C:\Windows\system32\srclient.dll
2015-07-07 20:52:55 ----A---- C:\Windows\system32\smss.exe
2015-07-07 20:52:55 ----A---- C:\Windows\system32\sechost.dll
2015-07-07 20:52:55 ----A---- C:\Windows\system32\rstrui.exe
2015-07-07 20:52:55 ----A---- C:\Windows\system32\relog.exe
2015-07-07 20:52:55 ----A---- C:\Windows\system32\lsass.exe
2015-07-07 20:52:55 ----A---- C:\Windows\system32\logman.exe
2015-07-07 20:52:55 ----A---- C:\Windows\system32\csrsrv.dll
2015-07-07 20:52:55 ----A---- C:\Windows\system32\auditpol.exe
2015-07-07 20:52:54 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-07-07 20:52:54 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-07-07 20:52:54 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2015-07-07 20:52:54 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-07-07 20:52:54 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-07-07 20:52:54 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-07-07 20:52:54 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-07-07 20:52:54 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-07-07 20:52:54 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-07-07 20:52:54 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-07-07 20:52:54 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2015-07-07 20:52:54 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-07-07 20:52:54 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-07-07 20:52:54 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-07-07 20:52:54 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-07-07 20:52:54 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-07-07 20:52:54 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-07-07 20:52:54 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-07-07 20:52:54 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-07-07 20:52:54 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-07-07 20:52:54 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-07-07 20:52:54 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-07-07 20:52:54 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-07-07 20:52:54 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-07-07 20:52:54 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-07-07 20:52:54 ----A---- C:\Windows\SYSWOW64\wow32.dll
2015-07-07 20:52:54 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2015-07-07 20:52:54 ----A---- C:\Windows\SYSWOW64\srclient.dll
2015-07-07 20:52:54 ----A---- C:\Windows\SYSWOW64\secur32.dll
2015-07-07 20:52:54 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2015-07-07 20:52:54 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2015-07-07 20:52:54 ----A---- C:\Windows\SYSWOW64\instnm.exe
2015-07-07 20:52:54 ----A---- C:\Windows\SYSWOW64\diskperf.exe
2015-07-07 20:52:54 ----A---- C:\Windows\SYSWOW64\credssp.dll
2015-07-07 20:52:54 ----A---- C:\Windows\system32\wow64cpu.dll
2015-07-07 20:52:54 ----A---- C:\Windows\system32\sspisrv.dll
2015-07-07 20:52:54 ----A---- C:\Windows\system32\secur32.dll
2015-07-07 20:52:54 ----A---- C:\Windows\system32\ntvdm64.dll
2015-07-07 20:52:54 ----A---- C:\Windows\system32\msaudite.dll
2015-07-07 20:52:54 ----A---- C:\Windows\system32\diskperf.exe
2015-07-07 20:52:54 ----A---- C:\Windows\system32\credssp.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-07-07 20:52:53 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2015-07-07 20:52:53 ----A---- C:\Windows\system32\apisetschema.dll
2015-07-07 20:52:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-07-07 20:52:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2015-07-07 20:52:52 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-07-07 20:52:52 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-07-07 20:52:52 ----A---- C:\Windows\SYSWOW64\user.exe
2015-07-07 20:52:52 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2015-07-07 20:52:52 ----A---- C:\Windows\system32\msobjs.dll
2015-07-07 20:52:05 ----A---- C:\Windows\system32\drivers\cng.sys
2015-07-07 20:50:19 ----A---- C:\Windows\system32\profsvc.dll
2015-07-07 20:50:15 ----A---- C:\Windows\system32\win32k.sys
2015-07-07 20:50:04 ----A---- C:\Windows\SYSWOW64\poqexec.exe
2015-07-07 20:50:04 ----A---- C:\Windows\system32\poqexec.exe
2015-07-07 20:49:59 ----A---- C:\Windows\system32\generaltel.dll
2015-07-07 20:49:59 ----A---- C:\Windows\system32\devinv.dll
2015-07-07 20:49:59 ----A---- C:\Windows\system32\aitstatic.exe
2015-07-07 20:49:59 ----A---- C:\Windows\system32\acmigration.dll
2015-07-07 20:49:58 ----A---- C:\Windows\system32\invagent.dll
2015-07-07 20:49:58 ----A---- C:\Windows\system32\appraiser.dll
2015-07-07 20:49:58 ----A---- C:\Windows\system32\aepic.dll
2015-07-07 20:49:58 ----A---- C:\Windows\system32\aeinv.dll
2015-07-07 20:49:57 ----A---- C:\Windows\system32\aepdu.dll
2015-07-07 20:49:54 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2015-07-07 20:49:54 ----A---- C:\Windows\SYSWOW64\wups.dll
2015-07-07 20:49:54 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2015-07-07 20:49:54 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2015-07-07 20:49:54 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2015-07-07 20:49:54 ----A---- C:\Windows\system32\wuapp.exe
2015-07-07 20:49:52 ----A---- C:\Windows\system32\wuwebv.dll
2015-07-07 20:49:52 ----A---- C:\Windows\system32\wups2.dll
2015-07-07 20:49:52 ----A---- C:\Windows\system32\wups.dll
2015-07-07 20:49:52 ----A---- C:\Windows\system32\wudriver.dll
2015-07-07 20:49:52 ----A---- C:\Windows\system32\wucltux.dll
2015-07-07 20:49:52 ----A---- C:\Windows\system32\wuaueng.dll
2015-07-07 20:49:52 ----A---- C:\Windows\system32\wuauclt.exe
2015-07-07 20:49:52 ----A---- C:\Windows\system32\wuapi.dll
2015-07-07 20:49:52 ----A---- C:\Windows\system32\wu.upgrade.ps.dll
2015-07-07 20:49:52 ----A---- C:\Windows\system32\WinSetupUI.dll
2015-07-07 20:49:30 ----A---- C:\Windows\SYSWOW64\certcli.dll
2015-07-07 20:49:30 ----A---- C:\Windows\system32\certcli.dll
2015-07-07 20:49:18 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
2015-07-07 20:49:18 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2015-07-07 20:49:18 ----A---- C:\Windows\system32\msxml3r.dll
2015-07-07 20:49:18 ----A---- C:\Windows\system32\msxml3.dll
2015-07-07 20:49:14 ----A---- C:\Windows\system32\nlasvc.dll
2015-07-07 20:49:13 ----A---- C:\Windows\SYSWOW64\nlaapi.dll
2015-07-07 20:49:13 ----A---- C:\Windows\SYSWOW64\ncsi.dll
2015-07-07 20:49:07 ----A---- C:\Windows\system32\wmp.dll
2015-07-07 20:49:03 ----A---- C:\Windows\SYSWOW64\wmp.dll
2015-07-07 20:49:01 ----A---- C:\Windows\SYSWOW64\wmploc.DLL
2015-07-07 20:49:01 ----A---- C:\Windows\SYSWOW64\spwmp.dll
2015-07-07 20:49:01 ----A---- C:\Windows\SYSWOW64\dxmasf.dll
2015-07-07 20:49:01 ----A---- C:\Windows\system32\spwmp.dll
2015-07-07 20:49:01 ----A---- C:\Windows\system32\dxmasf.dll
2015-07-07 20:49:00 ----A---- C:\Windows\system32\wmploc.DLL
2015-07-07 20:48:56 ----A---- C:\Windows\system32\FntCache.dll
2015-07-07 20:48:56 ----A---- C:\Windows\system32\DWrite.dll
2015-07-07 20:48:55 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2015-07-07 20:48:53 ----A---- C:\Windows\SYSWOW64\comctl32.dll
2015-07-07 20:48:53 ----A---- C:\Windows\system32\comctl32.dll
2015-07-07 20:48:47 ----A---- C:\Windows\SYSWOW64\InkEd.dll
2015-07-07 20:48:47 ----A---- C:\Windows\system32\jnwmon.dll
2015-07-07 20:48:47 ----A---- C:\Windows\system32\InkEd.dll
2015-07-07 20:48:44 ----A---- C:\Windows\SYSWOW64\msctf.dll
2015-07-07 20:48:44 ----A---- C:\Windows\system32\msctf.dll
2015-07-07 20:48:41 ----A---- C:\Windows\system32\shell32.dll
2015-07-07 20:48:39 ----A---- C:\Windows\SYSWOW64\shell32.dll
2015-07-07 20:48:36 ----A---- C:\Windows\SYSWOW64\ubpm.dll
2015-07-07 20:48:36 ----A---- C:\Windows\system32\ubpm.dll
2015-07-07 20:48:32 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2015-07-07 20:48:32 ----A---- C:\Windows\system32\drivers\http.sys
2015-07-07 20:48:32 ----A---- C:\Windows\system32\atmfd.dll
2015-07-07 20:48:31 ----A---- C:\Windows\SYSWOW64\lpk.dll
2015-07-07 20:48:31 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2015-07-07 20:48:31 ----A---- C:\Windows\SYSWOW64\dciman32.dll
2015-07-07 20:48:31 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2015-07-07 20:48:31 ----A---- C:\Windows\system32\lpk.dll
2015-07-07 20:48:31 ----A---- C:\Windows\system32\fontsub.dll
2015-07-07 20:48:31 ----A---- C:\Windows\system32\dciman32.dll
2015-07-07 20:48:31 ----A---- C:\Windows\system32\atmlib.dll
2015-07-07 20:48:27 ----A---- C:\Windows\system32\mstscax.dll
2015-07-07 20:48:26 ----A---- C:\Windows\SYSWOW64\mstscax.dll
2015-07-07 20:48:25 ----A---- C:\Windows\SYSWOW64\aaclient.dll
2015-07-07 20:48:17 ----A---- C:\Windows\system32\drivers\mrxdav.sys
2015-07-07 20:48:15 ----A---- C:\Windows\SYSWOW64\wpdshext.dll
2015-07-07 20:48:15 ----A---- C:\Windows\system32\wpdshext.dll
2015-07-07 20:48:13 ----A---- C:\Windows\system32\TSWbPrxy.exe
2015-07-07 20:47:56 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2015-07-07 20:47:56 ----A---- C:\Windows\system32\oleaut32.dll
2015-07-07 20:47:55 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2015-07-07 20:47:55 ----A---- C:\Windows\system32\gdi32.dll
2015-07-07 20:47:54 ----A---- C:\Windows\system32\services.exe
2015-07-07 20:47:54 ----A---- C:\Windows\system32\drivers\stream.sys
2015-07-07 20:37:46 ----A---- C:\Windows\SYSWOW64\shimeng.dll
2015-07-07 20:37:46 ----A---- C:\Windows\SYSWOW64\sdbinst.exe
2015-07-07 20:37:46 ----A---- C:\Windows\SYSWOW64\apphelp.dll
2015-07-07 20:37:46 ----A---- C:\Windows\system32\shimeng.dll
2015-07-07 20:37:46 ----A---- C:\Windows\system32\sdbinst.exe
2015-07-07 20:37:46 ----A---- C:\Windows\system32\apphelp.dll
2015-07-07 20:37:46 ----A---- C:\Windows\system32\aelupsvc.dll
2015-07-07 20:36:11 ----A---- C:\Windows\SYSWOW64\clfsw32.dll
2015-07-07 20:36:11 ----A---- C:\Windows\system32\clfsw32.dll
2015-07-07 20:36:11 ----A---- C:\Windows\system32\clfs.sys
2015-07-07 20:35:52 ----A---- C:\Windows\SYSWOW64\WindowsCodecs.dll
2015-07-07 20:35:52 ----A---- C:\Windows\system32\WindowsCodecs.dll
2015-07-07 20:35:49 ----A---- C:\Windows\SYSWOW64\scesrv.dll
2015-07-07 20:35:49 ----A---- C:\Windows\system32\scesrv.dll
2015-07-07 20:35:01 ----A---- C:\Windows\system32\javaws.exe
2015-07-07 20:34:47 ----A---- C:\Windows\system32\javaw.exe
2015-07-07 20:34:46 ----A---- C:\Windows\system32\java.exe
2015-07-07 20:32:28 ----A---- C:\Windows\system32\WindowsAccessBridge-64.dll
2015-07-07 20:28:29 ----A---- C:\Windows\SYSWOW64\WMPhoto.dll
2015-07-07 20:28:29 ----A---- C:\Windows\system32\WMPhoto.dll
2015-07-02 18:03:42 ----N---- C:\Windows\difxapi.dll
2015-07-02 18:03:42 ----D---- C:\Program Files (x86)\VIA
2015-07-02 17:55:09 ----A---- C:\Windows\system32\drivers\ViaUsbAudio.sys

======List of files/folders modified in the last 1 month======

2015-07-25 13:39:34 ----D---- C:\Windows\Temp
2015-07-25 13:32:02 ----D---- C:\Windows\Prefetch
2015-07-25 13:11:37 ----D---- C:\Program Files
2015-07-25 09:23:05 ----D---- C:\Windows\system32\wdi
2015-07-23 11:29:40 ----D---- C:\Users\Petr\AppData\Roaming\XBMC
2015-07-23 10:17:22 ----SHD---- C:\System Volume Information
2015-07-20 11:37:58 ----D---- C:\Windows\system32\config
2015-07-19 18:22:20 ----D---- C:\tmp
2015-07-19 18:22:11 ----D---- C:\ProgramData\VMware
2015-07-19 18:20:45 ----A---- C:\Windows\SYSWOW64\bscs.ini
2015-07-19 18:12:21 ----A---- C:\Users\Petr\AppData\Roaming\Mouse Monitor_Counters.ini
2015-07-19 18:10:10 ----D---- C:\Windows\pss
2015-07-18 20:54:19 ----D---- C:\Windows\system32\NDF
2015-07-18 08:58:52 ----SHD---- C:\Windows\Installer
2015-07-17 20:17:38 ----D---- C:\Program Files (x86)\DOSBox-0.74
2015-07-17 17:13:15 ----D---- C:\Windows\system32\Tasks
2015-07-17 17:13:08 ----D---- C:\Windows\SysWOW64
2015-07-17 17:13:08 ----D---- C:\Windows\system32\drivers
2015-07-17 17:13:07 ----RD---- C:\Program Files (x86)
2015-07-17 15:07:13 ----D---- C:\Users\Petr\AppData\Roaming\DAEMON Tools Lite
2015-07-17 15:06:05 ----D---- C:\Windows\System32
2015-07-17 15:06:05 ----D---- C:\Windows\inf
2015-07-17 15:06:05 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-07-17 13:56:51 ----HD---- C:\ProgramData
2015-07-17 13:33:59 ----D---- C:\Users\Petr\AppData\Roaming\VMware
2015-07-17 13:12:27 ----SD---- C:\Users\Petr\AppData\Roaming\Microsoft
2015-07-16 22:23:47 ----D---- C:\Windows\Tasks
2015-07-16 22:23:34 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-07-16 07:51:03 ----D---- C:\Users\Petr\AppData\Roaming\foobar2000
2015-07-15 10:33:14 ----D---- C:\Program Files\WhoCrashed
2015-07-15 10:26:55 ----D---- C:\Windows\Minidump
2015-07-15 10:26:28 ----AD---- C:\Windows
2015-07-14 22:48:55 ----D---- C:\Program Files (x86)\Opera
2015-07-14 21:21:19 ----D---- C:\Windows\rescache
2015-07-14 08:43:21 ----HD---- C:\_acestream_cache_
2015-07-11 19:11:06 ----D---- C:\Users\Petr\AppData\Roaming\Dropbox
2015-07-10 18:10:15 ----D---- C:\Windows\Microsoft.NET
2015-07-10 17:08:29 ----RSD---- C:\Windows\assembly
2015-07-10 13:35:31 ----D---- C:\ProgramData\Compuplast
2015-07-09 15:59:35 ----D---- C:\Users\Petr\AppData\Roaming\MB-Ruler
2015-07-09 11:07:09 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-09 11:05:57 ----D---- C:\Windows\LiveKernelReports
2015-07-08 12:36:00 ----D---- C:\Users\Petr\AppData\Roaming\vlc
2015-07-08 12:16:59 ----D---- C:\Windows\AppCompat
2015-07-07 22:56:52 ----D---- C:\Windows\winsxs
2015-07-07 22:56:17 ----D---- C:\Windows\Logs
2015-07-07 22:55:30 ----D---- C:\Windows\system32\catroot2
2015-07-07 22:45:25 ----D---- C:\Windows\SYSWOW64\cs-CZ
2015-07-07 22:45:25 ----D---- C:\Windows\system32\cs-CZ
2015-07-07 22:45:21 ----D---- C:\Program Files\Windows Media Player
2015-07-07 22:45:21 ----D---- C:\Program Files (x86)\Windows Media Player
2015-07-07 22:45:19 ----SD---- C:\Windows\system32\CompatTel
2015-07-07 22:45:17 ----D---- C:\Windows\system32\wbem
2015-07-07 22:45:17 ----D---- C:\Windows\system32\appraiser
2015-07-07 22:45:17 ----D---- C:\Windows\AppPatch
2015-07-07 22:44:51 ----D---- C:\Windows\SYSWOW64\Dism
2015-07-07 22:44:47 ----D---- C:\Windows\system32\Dism
2015-07-07 22:44:46 ----D---- C:\Windows\system32\en-US
2015-07-07 22:44:39 ----D---- C:\Windows\system32\CodeIntegrity
2015-07-07 22:44:39 ----D---- C:\Windows\system32\Boot
2015-07-07 22:44:38 ----D---- C:\Program Files\Windows Journal
2015-07-07 22:44:34 ----D---- C:\Windows\system32\AdvancedInstallers
2015-07-07 22:44:05 ----D---- C:\Program Files\Internet Explorer
2015-07-07 22:44:02 ----D---- C:\Windows\SYSWOW64\en-US
2015-07-07 22:44:00 ----D---- C:\Windows\PolicyDefinitions
2015-07-07 22:43:54 ----D---- C:\Program Files (x86)\Internet Explorer
2015-07-07 22:43:29 ----D---- C:\Windows\system32\DriverStore
2015-07-07 22:43:28 ----D---- C:\Windows\system32\drivers\UMDF
2015-07-07 21:36:56 ----D---- C:\Windows\system32\catroot
2015-07-07 21:31:27 ----D---- C:\Program Files\SharePoint Client Components
2015-07-07 21:28:53 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2015-07-07 21:18:18 ----D---- C:\Windows\system32\MRT
2015-07-07 21:08:29 ----D---- C:\Windows\debug
2015-07-07 20:29:32 ----D---- C:\Users\Petr\AppData\Roaming\inkscape
2015-07-07 20:29:32 ----D---- C:\Program Files (x86)\Steam
2015-07-07 20:26:20 ----D---- C:\Windows\Panther
2015-07-07 10:42:17 ----D---- C:\MosaicApp
2015-07-07 10:42:07 ----D---- C:\MosaicLib
2015-07-07 10:41:27 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2015-07-07 10:39:36 ----A---- C:\Windows\wininit.ini
2015-07-07 10:38:37 ----D---- C:\Windows\SYSWOW64\drivers
2015-07-07 10:37:56 ----D---- C:\Windows\system32\appmgmt
2015-07-07 10:36:46 ----D---- C:\Program Files (x86)\Exact Audio Copy
2015-07-04 15:57:02 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amdkmpfd;AMD PCI Root Bus Lower Filter; C:\Windows\system32\DRIVERS\amdkmpfd.sys [2012-03-20 32896]
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2015-06-13 65736]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2015-06-13 272248]
R0 hpdskflt;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2012-09-07 31040]
R0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2012-10-16 20024]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 SmartDefragDriver;SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [2014-06-04 21184]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2014-05-04 386680]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2015-06-13 93528]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2015-06-13 1047320]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2015-06-28 442264]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-09-17 283064]
R2 aksdf;aksdf; \??\C:\Windows\system32\drivers\aksdf.sys [2013-08-01 91784]
R2 aksfridge;Sentinel Fridge; C:\Windows\system32\DRIVERS\aksfridge.sys [2013-08-01 140736]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2015-06-13 29168]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2015-06-13 89944]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2015-06-13 137288]
R2 Dokan;Dokan; \??\C:\Windows\system32\drivers\dokan.sys [2014-11-25 57552]
R2 Ext2Fsd;Ext2 File System; \??\C:\Windows\system32\Drivers\Ext2Fsd.sys [2015-06-09 787576]
R2 hardlock;hardlock; \??\C:\Windows\system32\drivers\hardlock.sys [2013-08-01 331328]
R2 hcmon;VMware hcmon; \??\C:\Windows\system32\drivers\hcmon.sys [2013-08-26 53816]
R2 iocbios2;iocbios2; \??\C:\Program Files (x86)\Intel\Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [2014-06-17 28912]
R2 ParagonLDM;ParagonLDM; \??\C:\Windows\system32\drivers\biont_bs.sys [2014-04-11 19208]
R2 VBoxAswDrv;VBoxAsw Support Driver; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2015-06-13 273824]
R3 Accelerometer;HP Mobile Data Protection Sensor; C:\Windows\system32\DRIVERS\Accelerometer.sys [2012-09-07 43328]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-03-29 10859008]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-03-29 328704]
R3 BtAudioBusSrv;Ralink Bluetooth Audio Bus Service; C:\Windows\System32\Drivers\BtAudioBus.sys [2012-06-15 23136]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2011-07-18 25912]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2013-06-20 331264]
R3 intelkmd;intelkmd; C:\Windows\system32\DRIVERS\igdpmd64.sys [2012-03-26 14748416]
R3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hub.sys [2012-10-16 358456]
R3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2012-10-16 791608]
R3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2013-11-05 176880]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2015-06-18 25816]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [2015-07-25 113880]
R3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [2015-06-18 63704]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [2014-06-16 125952]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver; C:\Windows\system32\DRIVERS\netr28x.sys [2012-12-06 2350176]
R3 rtbth;RTBTH Bluetooth Device Driver; C:\Windows\system32\DRIVERS\rtbth.sys [2012-10-02 692832]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2012-04-12 708200]
R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10322; C:\Windows\system32\DRIVERS\stwrt64.sys [2012-11-12 543744]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2013-11-05 495856]
S2 Sentinel64;Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [2009-09-17 145448]
S3 akshasp;SafeNet Inc. HASP Key; C:\Windows\system32\DRIVERS\akshasp.sys [2013-08-01 60488]
S3 akshhl;SafeNet Inc. Sentinel HL Key; C:\Windows\system32\DRIVERS\akshhl.sys [2013-08-01 63944]
S3 aksusb;SafeNet Inc. USB Key; C:\Windows\system32\DRIVERS\aksusb.sys [2013-08-01 303624]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service; C:\Windows\System32\Drivers\BtL2caScoIf.sys [2012-07-19 56904]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [2012-10-02 48608]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 ggflt;SOMC USB Flash Driver Filter; C:\Windows\system32\DRIVERS\ggflt.sys [2014-07-27 16088]
S3 ggsemc;SEMC USB Flash Driver; C:\Windows\system32\DRIVERS\ggsemc.sys [2014-04-16 27760]
S3 ggsomc;SOMC USB Flash Driver; C:\Windows\system32\DRIVERS\ggsomc.sys [2014-07-27 30424]
S3 GPU-Z;GPU-Z; \??\C:\Users\Petr\AppData\Local\Temp\GPU-Z.sys []
S3 hwdatacard;ZD DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ZDDriver.sys [2010-01-20 122496]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2012-03-26 14748416]
S3 libusb0;libusb-win32 - Kernel Driver 04/08/2011 1.2.4.0; C:\Windows\system32\DRIVERS\libusb0.sys [2011-05-28 44480]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2012-10-17 26112]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2010-11-21 109056]
S3 SmbDrvI;SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [2013-01-10 32496]
S3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2012-11-28 1866080]
S3 SPBIUpdd;ShopperPro UpdateD; \??\C:\Program Files\Common Files\ShopperPro\spbiw.sys []
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2013-02-12 19968]
S3 UsbAudio10;Audio-gd USB Device Driver(AVSTREAM); C:\Windows\system32\drivers\ViaUsbAudio.sys [2015-01-21 110896]
S3 usbser;USB Modem Driver; C:\Windows\system32\DRIVERS\usbser.sys [2013-08-29 33280]
S4 RsFx0201;RsFx0201 Driver; C:\Windows\system32\DRIVERS\RsFx0201.sys [2012-10-20 336880]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-09-12 64704]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-03-29 235520]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-06-13 343336]
R2 BlueSoleilCS;BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [2012-09-26 1612552]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DokanMounter;DokanMounter; C:\Program Files (x86)\Paragon Software\Paragon ExtFS for Windows\Dokan\DokanLibrary\mounter.exe [2014-11-25 21200]
R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04); C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-14 166400]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04); C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-14 128512]
R2 hasplms;Sentinel LDK License Manager; C:\Windows\system32\hasplms.exe [2013-08-01 4609928]
R2 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2015-05-19 99128]
R2 hpHotkeyMonitor;hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [2012-09-12 523680]
R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2012-09-07 33600]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-12-10 732160]
R2 LkCitadelServer;Lookout Citadel Server; C:\Windows\SysWOW64\lkcitdl.exe [2010-10-27 695136]
R2 lkClassAds;National Instruments PSP Server Locator; C:\Windows\SysWOW64\lkads.exe [2011-06-14 46192]
R2 lkTimeSync;National Instruments Time Synchronization; C:\Windows\SysWOW64\lktsrv.exe [2011-06-14 56952]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-06-18 1133880]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-06-18 1871160]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2014-07-23 192160]
R2 NIApplicationWebServer;NI Application Web Server; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2011-05-27 50336]
R2 NIDomainService;National Instruments Domain Service; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [2011-06-14 362104]
R2 nimDNSResponder;National Instruments mDNS Responder Service; C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [2011-06-01 194224]
R2 niSvcLoc;NI System Web Server; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [2011-05-27 50328]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2012-10-20 130024]
R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10122; C:\Program Files\IDT\WDM\STacSV64.exe [2012-11-12 327680]
R3 AvastVBoxSvc;AvastVBox COM Service; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2015-06-13 4034896]
R3 BsHelpCS;BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [2012-09-19 146184]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2012-09-06 1001376]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-02-01 160256]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-19 116648]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S3 c2wts;@%ProgramFiles%\Windows Identity Foundation\v3.5\c2wtsres.dll,-1000; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [2010-02-03 15768]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2012-03-26 276248]
S3 fussvc;Windows App Certification Kit Fast User Switching Utility Service; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [2013-08-22 142336]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-19 116648]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-05-22 114688]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2012-12-10 803872]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-07-07 148136]
S3 NILM License Manager;NILM License Manager; C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [2010-08-02 1427688]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2013-04-18 737616]
S3 Sony PC Companion;Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2013-02-04 155824]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2014-11-18 833728]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Te.Service;Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [2013-08-22 119808]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NIApplicationWebServer64;NI Application Web Server (64-bit); C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2011-05-27 68256]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2014-07-23 613024]
S4 SQLBrowser;SQL Server Browser; C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2012-02-11 269912]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119675
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Neodstranitelný malware

#2 Příspěvek od Rudy »

Zdravím!
Spusťte tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Lemmy11
Návštěvník
Návštěvník
Příspěvky: 8
Registrován: 25 črc 2015 12:54

Re: Neodstranitelný malware

#3 Příspěvek od Lemmy11 »

# AdwCleaner v4.208 - Log vytvořen 25/07/2015 v 20:09:26
# Aktualizováno 09/07/2015 by Xplode
# Databáze : 2015-07-09.2 [Local]
# Operační system : Windows 7 Professional Service Pack 1 (x64)
# Uživatelské jméno : Petr - PETR-PC
# Spuštěno z : C:\Users\Petr\Desktop\adwcleaner_4.208.exe
# Nastavení : Čištění

***** [ Služby ] *****

[#] Služba Smazáno : SPBIUpdd

***** [ Soubory / Složky ] *****

Složka Smazáno : C:\ProgramData\apn
Složka Smazáno : C:\Users\Public\Documents\YTAHelper
Složka Smazáno : C:\Users\Petr\AppData\Roaming\download Manager
Soubor Smazáno : C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\rt2ob5hs.default\user.js

***** [ Naplánované úlohy ] *****

Úloha Smazáno : ShopperPro
Úloha Smazáno : ShopperProJSUpd
Úloha Smazáno : SPDriver

***** [ Zástupci ] *****


***** [ Registry ] *****

Klíč Smazáno : HKCU\Software\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh
Klíč Smazáno : HKLM\SOFTWARE\Classes\AppID\ShopperPro.DLL
Klíč Smazáno : HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}
Klíč Smazáno : HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}
Klíč Smazáno : HKLM\SOFTWARE\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}
Klíč Smazáno : HKCU\Software\BI
Klíč Smazáno : HKCU\Software\Conduit
Klíč Smazáno : HKCU\Software\Goobzo
Klíč Smazáno : HKCU\Software\Softonic
Klíč Smazáno : HKLM\SOFTWARE\Conduit
Klíč Smazáno : HKU\.DEFAULT\Software\Goobzo
Klíč Smazáno : [x64] HKLM\SOFTWARE\Description
Klíč Smazáno : [x64] HKLM\SOFTWARE\ShopperPro

***** [ Prohlížeče ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Mozilla Firefox v39.0 (x86 cs)


-\\ Google Chrome v43.0.2357.134

[C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Smazáno [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3321897&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP0093C800-B819-425B-B91C-56A0BE4BB9D6&q={searchTerms}&SSPV=

-\\ Opera v30.0.1835.125


*************************

AdwCleaner[R0].txt - [2618 bytů] - [25/07/2015 20:06:58]
AdwCleaner[S0].txt - [2340 bytů] - [25/07/2015 20:09:26]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2398 bytů] ##########
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119675
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Neodstranitelný malware

#4 Příspěvek od Rudy »

Dejte nový log RSIT.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Lemmy11
Návštěvník
Návštěvník
Příspěvky: 8
Registrován: 25 črc 2015 12:54

Re: Neodstranitelný malware

#5 Příspěvek od Lemmy11 »

Logfile of random's system information tool 1.10 (written by random/random)
Run by Petr at 2015-07-25 21:19:02
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 392 GB (55%) free of 715 GB
Total RAM: 8073 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:19:04, on 25.7.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Users\Petr\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\Petr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/?clid=13415
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll
O2 - BHO: Microsoft Web Test Recorder 10.0 Helper - {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - (no file)
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe /start
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [EPSON680352 (Epson Stylus SX525WD)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGAE.EXE /FU "C:\Windows\TEMP\E_SBA32.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON SX525WD Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGAE.EXE /FU "C:\Windows\TEMP\E_S2A81.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [AccelerometerSysTrayApplet] "C:\Program Files\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.Exe"
O4 - HKCU\..\Run: [EPSON SX525WD Series (kopie 1)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGAE.EXE /FU "C:\Windows\TEMP\E_S72B.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [f.lux] "C:\Users\Petr\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'MSSQL$SQLEXPRESS')
O4 - HKUS\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'MSSQL$SQLEXPRESS')
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\national instruments\shared\mdns responder\nimdnsnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{3095CDBF-813B-498F-9934-1FD9DBD3F01A}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E6A6E78-D9FD-4E4A-AB36-41ECD558E531}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avast Antivirus (avast! Antivirus) - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: BlueSoleilCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
O23 - Service: BsHelpCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
O23 - Service: @%ProgramFiles%\Windows Identity Foundation\v3.5\c2wtsres.dll,-1000 (c2wts) - Unknown owner - C:\Program Files (x86)\Windows Identity Foundation\v3.5\c2wtshost.exe (file missing)
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: DokanMounter - Unknown owner - C:\Program Files (x86)\Paragon Software\Paragon ExtFS for Windows\Dokan\DokanLibrary\mounter.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Sentinel LDK License Manager (hasplms) - Unknown owner - C:\Windows\system32\hasplms.exe (file missing)
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: hpHotkeyMonitor - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\Windows\SysWOW64\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - C:\Windows\SysWOW64\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\Windows\SysWOW64\lktsrv.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NI Application Web Server (NIApplicationWebServer) - National Instruments Corporation - C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments Corporation - C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: National Instruments mDNS Responder Service (nimDNSResponder) - National Instruments Corporation - C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
O23 - Service: NI System Web Server (niSvcLoc) - National Instruments Corporation - C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10122 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel(R) Extreme Tuning Utility Service (XTU3SERVICE) - Intel(R) Corporation - C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe

--
End of file - 14839 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
"C:\Program Files\IDT\WDM\STacSV64.exe"
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
atieclxx
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe"
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files (x86)\Paragon Software\Paragon ExtFS for Windows\Dokan\DokanLibrary\mounter.exe"
"C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE"
"C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE"
C:\Windows\system32\hasplms.exe -run
"C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe"
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
C:\Windows\SysWOW64\lkads.exe
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
"C:\Windows\system32\GWX\GWX.exe"
"C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe" /starttray
"C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe"
"C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe" -system
"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\SysWOW64\vmnat.exe
C:\Windows\SysWOW64\lkcitdl.exe
C:\Windows\SysWOW64\lktsrv.exe
"C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\SysWOW64\vmnetdhcp.exe
"C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe"
"C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe" -user
"C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe"
C:\Windows\System32\alg.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
"C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe"
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-82744b32-8a1f-46fc-affb-5fe342cfca52 -SystemEventPortName:HostProcess-367d7a58-a3ce-453e-a792-8c2a57d84324 -IoCancelEventPortName:HostProcess-861020c3-2920-45bb-9943-000f83960208 -NonStateChangingEventPortName:HostProcess-768729e0-6568-4438-ad78-7faf5d508922 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:7126ba78-74d8-4f8a-a349-3498279209dc -DeviceGroupId:
ngservice.exe pipeserver
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
"C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe"
"C:\Program Files\Hewlett-Packard\HP 3D DriveGuard\accelerometerST.exe"
"C:\Users\Petr\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe" /Start
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe" /start
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
"C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe"
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-59db493e-0be1-4010-bc19-d2c4b638c27c -SystemEventPortName:HostProcess-3008bf05-9de7-4543-b851-81d0e6ab2d48 -IoCancelEventPortName:HostProcess-32ea128c-bfb3-443d-8634-6bee6e182818 -NonStateChangingEventPortName:HostProcess-75137d4d-d9eb-42a6-9c01-f7e3f2c85fb4 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:6ed42668-c568-4c8b-8f5d-ec6c62bd8fce -DeviceGroupId:

C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\Users\Petr\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-3068799367-1245275925-3185582627-1000Core.job - C:\Users\Petr\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c
C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-3068799367-1245275925-3185582627-1000UA.job - C:\Users\Petr\AppData\Local\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\HPCeeScheduleForPetr.job - C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForPetr (null)

=========Mozilla firefox=========

ProfilePath - C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\rt2ob5hs.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.domovska-stranka.cz/megasmrt"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 18.0.0.209 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf]
"Description"=
"Path"=C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.45.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.45.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@wolfram.com/Mathematica]
"Description"=Wolfram Mathematica Plug-in
"Path"=C:\Program Files (x86)\Common Files\Wolfram Research\Browser\9.0.1.4055459\npmathplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 18.0.0.209 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.80.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.80.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll


C:\Program Files (x86)\Mozilla Firefox\plugins\
nplv2010win32.dll
nplv2011win32.dll
nppdf32.dll

C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\rt2ob5hs.default\extensions\
donottrackplus@abine.com
r2d2b2g@mozilla.org
{56B7AD5C-9854-11E0-908B-34214824019B}

C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\rt2ob5hs.default\searchplugins\
vyhledvn-vide-ve-slub-youtube.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2015-07-07 553896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-06-13 662672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-07-07 211880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28 303416]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-22 460712]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{876d9f09-c6d6-4324-a2cc-04dd9a4de12f}]
Microsoft Web Test Recorder 10.0 Helper - C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2012-07-26 74888]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-06-13 565304]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-22 172968]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}
{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-11-05 3056880]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2012-03-26 170264]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2012-03-26 398616]
"Persistence"=C:\Windows\system32\igfxpers.exe [2012-03-26 439064]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2012-11-12 1664000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"=C:\Program Files (x86)\Google\Drive\googledrivesync.exe [2015-06-20 22012688]
"EPSON680352 (Epson Stylus SX525WD)"=C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGAE.EXE [2010-01-12 224768]
"EPSON SX525WD Series"=C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGAE.EXE [2010-01-12 224768]
"AccelerometerSysTrayApplet"=C:\Program Files\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.Exe [2013-06-11 75584]
"EPSON SX525WD Series (kopie 1)"=C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGAE.EXE [2010-01-12 224768]
"f.lux"=C:\Users\Petr\AppData\Local\FluxSoftware\Flux\flux.exe [2013-10-24 1017224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21 959176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe /s []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-07-03 3673184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dropbox Update]
C:\Users\Petr\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-24 134512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ext2 Volume Manager]
C:\Program Files\Ext2Fsd\Ext2Mgr.exe [2014-08-26 1217176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_Plugin.exe -update plugin []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NCPluginUpdater]
c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe [2015-07-15 21304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NI Update Service]
C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe [2011-11-02 3004512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
C:\Program Files\OO Software\Defrag\oodtray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WindowsIoTCoreWatcher.lnk]
C:\PROGRA~2\MI28D0~1\WINDOW~1.EXE [2015-06-19 399336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Petr^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
C:\Users\Petr\AppData\Roaming\Dropbox\bin\Dropbox.exe [2015-06-26 43871968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Petr^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Serviio.lnk]
C:\PROGRA~1\Serviio\bin\SERVII~3.EXE []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"=C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2009-06-17 288312]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2012-10-24 290688]
"QLBController"=C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [2012-09-12 334240]
""= []
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2015-06-13 5515496]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-03-29 636032]
"AMD AVT"=Cmd.exe /c start AMD Accelerated Video Transcoding device initialization /min C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe aml []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\System32\igfxdev.dll [2012-03-26 434688]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0x91000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux1"=wdmaud.drv
"wave3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - "C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\Dreamweaver.exe","%1"

======List of files/folders created in the last 1 month======

2015-07-25 20:06:53 ----D---- C:\AdwCleaner
2015-07-25 13:11:37 ----D---- C:\Program Files\trend micro
2015-07-25 13:11:35 ----D---- C:\rsit
2015-07-18 08:58:11 ----SHD---- C:\Config.Msi
2015-07-17 17:13:07 ----D---- C:\Program Files (x86)\Paragon Software
2015-07-17 17:07:44 ----A---- C:\Windows\system32\drivers\ext2fsd.sys
2015-07-17 17:07:43 ----D---- C:\Program Files\Ext2Fsd
2015-07-17 15:09:40 ----D---- C:\Program Files (x86)\Microsoft IoT
2015-07-17 15:08:20 ----D---- C:\Program Files (x86)\DiskInternals
2015-07-13 14:34:46 ----A---- C:\test7.txt
2015-07-10 09:38:13 ----A---- C:\test6.txt
2015-07-09 09:42:44 ----A---- C:\test5.txt
2015-07-09 09:39:32 ----A---- C:\test4.txt
2015-07-09 09:32:29 ----A---- C:\test3.txt
2015-07-08 21:49:33 ----A---- C:\test2.txt
2015-07-08 21:17:37 ----A---- C:\test.txt
2015-07-08 19:40:49 ----D---- C:\Program Files (x86)\FreeCommander XE
2015-07-07 22:44:15 ----SD---- C:\Windows\SYSWOW64\GWX
2015-07-07 22:44:13 ----SD---- C:\Windows\system32\GWX
2015-07-07 22:08:20 ----D---- C:\Program Files (x86)\Mozilla Firefox
2015-07-07 21:03:13 ----A---- C:\Windows\SYSWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-07-07 21:03:13 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-07-07 21:00:42 ----D---- C:\Program Files\Microsoft Silverlight
2015-07-07 21:00:42 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2015-07-07 20:55:09 ----A---- C:\Windows\SYSWOW64\blackbox.dll
2015-07-07 20:55:09 ----A---- C:\Windows\system32\blackbox.dll
2015-07-07 20:55:08 ----A---- C:\Windows\system32\drmv2clt.dll
2015-07-07 20:55:07 ----A---- C:\Windows\SYSWOW64\drmv2clt.dll
2015-07-07 20:55:01 ----A---- C:\Windows\system32\wmdrmsdk.dll
2015-07-07 20:55:00 ----A---- C:\Windows\SYSWOW64\wmdrmsdk.dll
2015-07-07 20:55:00 ----A---- C:\Windows\SYSWOW64\mf.dll
2015-07-07 20:54:57 ----A---- C:\Windows\system32\drmmgrtn.dll
2015-07-07 20:54:56 ----A---- C:\Windows\SYSWOW64\drmmgrtn.dll
2015-07-07 20:54:56 ----A---- C:\Windows\system32\crypt32.dll
2015-07-07 20:54:55 ----A---- C:\Windows\system32\drivers\PEAuth.sys
2015-07-07 20:54:55 ----A---- C:\Windows\system32\ci.dll
2015-07-07 20:54:54 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2015-07-07 20:54:54 ----A---- C:\Windows\system32\winload.exe
2015-07-07 20:54:54 ----A---- C:\Windows\system32\quartz.dll
2015-07-07 20:54:54 ----A---- C:\Windows\system32\cryptsvc.dll
2015-07-07 20:54:53 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2015-07-07 20:54:53 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll
2015-07-07 20:54:53 ----A---- C:\Windows\system32\wintrust.dll
2015-07-07 20:54:53 ----A---- C:\Windows\system32\winresume.exe
2015-07-07 20:54:53 ----A---- C:\Windows\system32\evr.dll
2015-07-07 20:54:52 ----A---- C:\Windows\SYSWOW64\evr.dll
2015-07-07 20:54:52 ----A---- C:\Windows\system32\cryptui.dll
2015-07-07 20:54:49 ----A---- C:\Windows\system32\mfplat.dll
2015-07-07 20:54:48 ----A---- C:\Windows\SYSWOW64\quartz.dll
2015-07-07 20:54:47 ----A---- C:\Windows\SYSWOW64\mfplat.dll
2015-07-07 20:54:47 ----A---- C:\Windows\SYSWOW64\cryptui.dll
2015-07-07 20:54:47 ----A---- C:\Windows\system32\pcasvc.dll
2015-07-07 20:54:47 ----A---- C:\Windows\system32\drivers\mountmgr.sys
2015-07-07 20:54:46 ----A---- C:\Windows\SYSWOW64\cryptsp.dll
2015-07-07 20:54:46 ----A---- C:\Windows\system32\cryptsp.dll
2015-07-07 20:54:45 ----A---- C:\Windows\system32\mf.dll
2015-07-07 20:54:44 ----A---- C:\Windows\system32\msscp.dll
2015-07-07 20:54:42 ----A---- C:\Windows\SYSWOW64\qdvd.dll
2015-07-07 20:54:42 ----A---- C:\Windows\system32\msnetobj.dll
2015-07-07 20:54:42 ----A---- C:\Windows\system32\appidapi.dll
2015-07-07 20:54:41 ----A---- C:\Windows\SYSWOW64\msscp.dll
2015-07-07 20:54:41 ----A---- C:\Windows\SYSWOW64\msnetobj.dll
2015-07-07 20:54:41 ----A---- C:\Windows\SYSWOW64\cryptnet.dll
2015-07-07 20:54:41 ----A---- C:\Windows\SYSWOW64\AudioEng.dll
2015-07-07 20:54:41 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2015-07-07 20:54:41 ----A---- C:\Windows\system32\rrinstaller.exe
2015-07-07 20:54:41 ----A---- C:\Windows\system32\qdvd.dll
2015-07-07 20:54:41 ----A---- C:\Windows\system32\pcadm.dll
2015-07-07 20:54:41 ----A---- C:\Windows\system32\drivers\appid.sys
2015-07-07 20:54:41 ----A---- C:\Windows\system32\cryptnet.dll
2015-07-07 20:54:41 ----A---- C:\Windows\system32\audiosrv.dll
2015-07-07 20:54:41 ----A---- C:\Windows\system32\AudioSes.dll
2015-07-07 20:54:41 ----A---- C:\Windows\system32\AUDIOKSE.dll
2015-07-07 20:54:41 ----A---- C:\Windows\system32\AudioEng.dll
2015-07-07 20:54:41 ----A---- C:\Windows\system32\audiodg.exe
2015-07-07 20:54:41 ----A---- C:\Windows\system32\appidsvc.dll
2015-07-07 20:54:40 ----A---- C:\Windows\SYSWOW64\rrinstaller.exe
2015-07-07 20:54:40 ----A---- C:\Windows\SYSWOW64\mfps.dll
2015-07-07 20:54:40 ----A---- C:\Windows\SYSWOW64\mfpmp.exe
2015-07-07 20:54:40 ----A---- C:\Windows\SYSWOW64\AudioSes.dll
2015-07-07 20:54:40 ----A---- C:\Windows\SYSWOW64\AUDIOKSE.dll
2015-07-07 20:54:40 ----A---- C:\Windows\system32\setbcdlocale.dll
2015-07-07 20:54:40 ----A---- C:\Windows\system32\pcawrk.exe
2015-07-07 20:54:40 ----A---- C:\Windows\system32\pcalua.exe
2015-07-07 20:54:40 ----A---- C:\Windows\system32\pcaevts.dll
2015-07-07 20:54:40 ----A---- C:\Windows\system32\msmmsp.dll
2015-07-07 20:54:40 ----A---- C:\Windows\system32\mfps.dll
2015-07-07 20:54:40 ----A---- C:\Windows\system32\mfpmp.exe
2015-07-07 20:54:40 ----A---- C:\Windows\system32\EncDump.dll
2015-07-07 20:54:40 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2015-07-07 20:54:40 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2015-07-07 20:54:39 ----A---- C:\Windows\SYSWOW64\mferror.dll
2015-07-07 20:54:39 ----A---- C:\Windows\system32\mferror.dll
2015-07-07 20:53:48 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2015-07-07 20:53:48 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2015-07-07 20:53:48 ----A---- C:\Windows\system32\ieetwproxystub.dll
2015-07-07 20:53:48 ----A---- C:\Windows\system32\ieetwcollector.exe
2015-07-07 20:53:47 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2015-07-07 20:53:47 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2015-07-07 20:53:47 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2015-07-07 20:53:47 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2015-07-07 20:53:47 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2015-07-07 20:53:47 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2015-07-07 20:53:47 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2015-07-07 20:53:47 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2015-07-07 20:53:47 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-07 20:53:47 ----A---- C:\Windows\system32\iernonce.dll
2015-07-07 20:53:47 ----A---- C:\Windows\system32\ie4uinit.exe
2015-07-07 20:53:46 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2015-07-07 20:53:46 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2015-07-07 20:53:46 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2015-07-07 20:53:46 ----A---- C:\Windows\system32\iedkcs32.dll
2015-07-07 20:53:45 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2015-07-07 20:53:45 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2015-07-07 20:53:45 ----A---- C:\Windows\SYSWOW64\jscript.dll
2015-07-07 20:53:45 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2015-07-07 20:53:45 ----A---- C:\Windows\SYSWOW64\ieui.dll
2015-07-07 20:53:45 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2015-07-07 20:53:45 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2015-07-07 20:53:45 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2015-07-07 20:53:45 ----A---- C:\Windows\system32\urlmon.dll
2015-07-07 20:53:45 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-07 20:53:45 ----A---- C:\Windows\system32\msfeeds.dll
2015-07-07 20:53:45 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2015-07-07 20:53:45 ----A---- C:\Windows\system32\dxtrans.dll
2015-07-07 20:53:44 ----A---- C:\Windows\system32\iesetup.dll
2015-07-07 20:53:44 ----A---- C:\Windows\system32\ieapfltr.dll
2015-07-07 20:53:43 ----A---- C:\Windows\SYSWOW64\wininet.dll
2015-07-07 20:53:43 ----A---- C:\Windows\SYSWOW64\msrating.dll
2015-07-07 20:53:43 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2015-07-07 20:53:43 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2015-07-07 20:53:43 ----A---- C:\Windows\system32\vbscript.dll
2015-07-07 20:53:43 ----A---- C:\Windows\system32\jsproxy.dll
2015-07-07 20:53:43 ----A---- C:\Windows\system32\ieUnatt.exe
2015-07-07 20:53:43 ----A---- C:\Windows\system32\iertutil.dll
2015-07-07 20:53:42 ----A---- C:\Windows\system32\mshtmled.dll
2015-07-07 20:53:42 ----A---- C:\Windows\system32\ieui.dll
2015-07-07 20:53:42 ----A---- C:\Windows\system32\ieframe.dll
2015-07-07 20:53:42 ----A---- C:\Windows\system32\dxtmsft.dll
2015-07-07 20:53:41 ----A---- C:\Windows\system32\wininet.dll
2015-07-07 20:53:41 ----A---- C:\Windows\system32\mshtmlmedia.dll
2015-07-07 20:53:41 ----A---- C:\Windows\system32\jscript9diag.dll
2015-07-07 20:53:41 ----A---- C:\Windows\system32\jscript9.dll
2015-07-07 20:53:41 ----A---- C:\Windows\system32\jscript.dll
2015-07-07 20:53:40 ----A---- C:\Windows\system32\msrating.dll
2015-07-07 20:53:40 ----A---- C:\Windows\system32\MshtmlDac.dll
2015-07-07 20:53:39 ----A---- C:\Windows\system32\mshtml.dll
2015-07-07 20:53:02 ----A---- C:\Windows\system32\UtcResources.dll
2015-07-07 20:53:01 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-07-07 20:53:01 ----A---- C:\Windows\system32\diagtrack.dll
2015-07-07 20:53:00 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2015-07-07 20:53:00 ----A---- C:\Windows\system32\ntdll.dll
2015-07-07 20:53:00 ----A---- C:\Windows\system32\lsasrv.dll
2015-07-07 20:52:59 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2015-07-07 20:52:59 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2015-07-07 20:52:59 ----A---- C:\Windows\system32\schannel.dll
2015-07-07 20:52:59 ----A---- C:\Windows\system32\kernel32.dll
2015-07-07 20:52:59 ----A---- C:\Windows\system32\kerberos.dll
2015-07-07 20:52:58 ----A---- C:\Windows\SYSWOW64\schannel.dll
2015-07-07 20:52:58 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2015-07-07 20:52:58 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2015-07-07 20:52:58 ----A---- C:\Windows\system32\tdh.dll
2015-07-07 20:52:58 ----A---- C:\Windows\system32\msv1_0.dll
2015-07-07 20:52:58 ----A---- C:\Windows\system32\KernelBase.dll
2015-07-07 20:52:57 ----A---- C:\Windows\SYSWOW64\tdh.dll
2015-07-07 20:52:57 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2015-07-07 20:52:57 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2015-07-07 20:52:57 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2015-07-07 20:52:57 ----A---- C:\Windows\system32\wow64win.dll
2015-07-07 20:52:57 ----A---- C:\Windows\system32\wow64.dll
2015-07-07 20:52:57 ----A---- C:\Windows\system32\winsrv.dll
2015-07-07 20:52:57 ----A---- C:\Windows\system32\TSpkg.dll
2015-07-07 20:52:57 ----A---- C:\Windows\system32\ncrypt.dll
2015-07-07 20:52:57 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2015-07-07 20:52:57 ----A---- C:\Windows\system32\advapi32.dll
2015-07-07 20:52:57 ----A---- C:\Windows\system32\adtschema.dll
2015-07-07 20:52:56 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2015-07-07 20:52:56 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2015-07-07 20:52:56 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2015-07-07 20:52:56 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2015-07-07 20:52:56 ----A---- C:\Windows\system32\wdigest.dll
2015-07-07 20:52:56 ----A---- C:\Windows\system32\srcore.dll
2015-07-07 20:52:56 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2015-07-07 20:52:56 ----A---- C:\Windows\system32\conhost.exe
2015-07-07 20:52:55 ----A---- C:\Windows\SYSWOW64\typeperf.exe
2015-07-07 20:52:55 ----A---- C:\Windows\SYSWOW64\tracerpt.exe
2015-07-07 20:52:55 ----A---- C:\Windows\SYSWOW64\setup16.exe
2015-07-07 20:52:55 ----A---- C:\Windows\SYSWOW64\sechost.dll
2015-07-07 20:52:55 ----A---- C:\Windows\SYSWOW64\relog.exe
2015-07-07 20:52:55 ----A---- C:\Windows\SYSWOW64\logman.exe
2015-07-07 20:52:55 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2015-07-07 20:52:55 ----A---- C:\Windows\system32\typeperf.exe
2015-07-07 20:52:55 ----A---- C:\Windows\system32\tracerpt.exe
2015-07-07 20:52:55 ----A---- C:\Windows\system32\sspicli.dll
2015-07-07 20:52:55 ----A---- C:\Windows\system32\srclient.dll
2015-07-07 20:52:55 ----A---- C:\Windows\system32\smss.exe
2015-07-07 20:52:55 ----A---- C:\Windows\system32\sechost.dll
2015-07-07 20:52:55 ----A---- C:\Windows\system32\rstrui.exe
2015-07-07 20:52:55 ----A---- C:\Windows\system32\relog.exe
2015-07-07 20:52:55 ----A---- C:\Windows\system32\lsass.exe
2015-07-07 20:52:55 ----A---- C:\Windows\system32\logman.exe
2015-07-07 20:52:55 ----A---- C:\Windows\system32\csrsrv.dll
2015-07-07 20:52:55 ----A---- C:\Windows\system32\auditpol.exe
2015-07-07 20:52:54 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-07-07 20:52:54 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-07-07 20:52:54 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2015-07-07 20:52:54 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-07-07 20:52:54 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-07-07 20:52:54 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-07-07 20:52:54 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-07-07 20:52:54 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-07-07 20:52:54 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-07-07 20:52:54 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-07-07 20:52:54 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2015-07-07 20:52:54 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-07-07 20:52:54 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-07-07 20:52:54 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-07-07 20:52:54 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-07-07 20:52:54 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-07-07 20:52:54 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-07-07 20:52:54 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-07-07 20:52:54 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-07-07 20:52:54 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-07-07 20:52:54 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-07-07 20:52:54 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-07-07 20:52:54 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-07-07 20:52:54 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-07-07 20:52:54 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-07-07 20:52:54 ----A---- C:\Windows\SYSWOW64\wow32.dll
2015-07-07 20:52:54 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2015-07-07 20:52:54 ----A---- C:\Windows\SYSWOW64\srclient.dll
2015-07-07 20:52:54 ----A---- C:\Windows\SYSWOW64\secur32.dll
2015-07-07 20:52:54 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2015-07-07 20:52:54 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2015-07-07 20:52:54 ----A---- C:\Windows\SYSWOW64\instnm.exe
2015-07-07 20:52:54 ----A---- C:\Windows\SYSWOW64\diskperf.exe
2015-07-07 20:52:54 ----A---- C:\Windows\SYSWOW64\credssp.dll
2015-07-07 20:52:54 ----A---- C:\Windows\system32\wow64cpu.dll
2015-07-07 20:52:54 ----A---- C:\Windows\system32\sspisrv.dll
2015-07-07 20:52:54 ----A---- C:\Windows\system32\secur32.dll
2015-07-07 20:52:54 ----A---- C:\Windows\system32\ntvdm64.dll
2015-07-07 20:52:54 ----A---- C:\Windows\system32\msaudite.dll
2015-07-07 20:52:54 ----A---- C:\Windows\system32\diskperf.exe
2015-07-07 20:52:54 ----A---- C:\Windows\system32\credssp.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-07-07 20:52:53 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2015-07-07 20:52:53 ----A---- C:\Windows\system32\apisetschema.dll
2015-07-07 20:52:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-07-07 20:52:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2015-07-07 20:52:52 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-07-07 20:52:52 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-07-07 20:52:52 ----A---- C:\Windows\SYSWOW64\user.exe
2015-07-07 20:52:52 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2015-07-07 20:52:52 ----A---- C:\Windows\system32\msobjs.dll
2015-07-07 20:52:05 ----A---- C:\Windows\system32\drivers\cng.sys
2015-07-07 20:50:19 ----A---- C:\Windows\system32\profsvc.dll
2015-07-07 20:50:15 ----A---- C:\Windows\system32\win32k.sys
2015-07-07 20:50:04 ----A---- C:\Windows\SYSWOW64\poqexec.exe
2015-07-07 20:50:04 ----A---- C:\Windows\system32\poqexec.exe
2015-07-07 20:49:59 ----A---- C:\Windows\system32\generaltel.dll
2015-07-07 20:49:59 ----A---- C:\Windows\system32\devinv.dll
2015-07-07 20:49:59 ----A---- C:\Windows\system32\aitstatic.exe
2015-07-07 20:49:59 ----A---- C:\Windows\system32\acmigration.dll
2015-07-07 20:49:58 ----A---- C:\Windows\system32\invagent.dll
2015-07-07 20:49:58 ----A---- C:\Windows\system32\appraiser.dll
2015-07-07 20:49:58 ----A---- C:\Windows\system32\aepic.dll
2015-07-07 20:49:58 ----A---- C:\Windows\system32\aeinv.dll
2015-07-07 20:49:57 ----A---- C:\Windows\system32\aepdu.dll
2015-07-07 20:49:54 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2015-07-07 20:49:54 ----A---- C:\Windows\SYSWOW64\wups.dll
2015-07-07 20:49:54 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2015-07-07 20:49:54 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2015-07-07 20:49:54 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2015-07-07 20:49:54 ----A---- C:\Windows\system32\wuapp.exe
2015-07-07 20:49:52 ----A---- C:\Windows\system32\wuwebv.dll
2015-07-07 20:49:52 ----A---- C:\Windows\system32\wups2.dll
2015-07-07 20:49:52 ----A---- C:\Windows\system32\wups.dll
2015-07-07 20:49:52 ----A---- C:\Windows\system32\wudriver.dll
2015-07-07 20:49:52 ----A---- C:\Windows\system32\wucltux.dll
2015-07-07 20:49:52 ----A---- C:\Windows\system32\wuaueng.dll
2015-07-07 20:49:52 ----A---- C:\Windows\system32\wuauclt.exe
2015-07-07 20:49:52 ----A---- C:\Windows\system32\wuapi.dll
2015-07-07 20:49:52 ----A---- C:\Windows\system32\wu.upgrade.ps.dll
2015-07-07 20:49:52 ----A---- C:\Windows\system32\WinSetupUI.dll
2015-07-07 20:49:30 ----A---- C:\Windows\SYSWOW64\certcli.dll
2015-07-07 20:49:30 ----A---- C:\Windows\system32\certcli.dll
2015-07-07 20:49:18 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
2015-07-07 20:49:18 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2015-07-07 20:49:18 ----A---- C:\Windows\system32\msxml3r.dll
2015-07-07 20:49:18 ----A---- C:\Windows\system32\msxml3.dll
2015-07-07 20:49:14 ----A---- C:\Windows\system32\nlasvc.dll
2015-07-07 20:49:13 ----A---- C:\Windows\SYSWOW64\nlaapi.dll
2015-07-07 20:49:13 ----A---- C:\Windows\SYSWOW64\ncsi.dll
2015-07-07 20:49:07 ----A---- C:\Windows\system32\wmp.dll
2015-07-07 20:49:03 ----A---- C:\Windows\SYSWOW64\wmp.dll
2015-07-07 20:49:01 ----A---- C:\Windows\SYSWOW64\wmploc.DLL
2015-07-07 20:49:01 ----A---- C:\Windows\SYSWOW64\spwmp.dll
2015-07-07 20:49:01 ----A---- C:\Windows\SYSWOW64\dxmasf.dll
2015-07-07 20:49:01 ----A---- C:\Windows\system32\spwmp.dll
2015-07-07 20:49:01 ----A---- C:\Windows\system32\dxmasf.dll
2015-07-07 20:49:00 ----A---- C:\Windows\system32\wmploc.DLL
2015-07-07 20:48:56 ----A---- C:\Windows\system32\FntCache.dll
2015-07-07 20:48:56 ----A---- C:\Windows\system32\DWrite.dll
2015-07-07 20:48:55 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2015-07-07 20:48:53 ----A---- C:\Windows\SYSWOW64\comctl32.dll
2015-07-07 20:48:53 ----A---- C:\Windows\system32\comctl32.dll
2015-07-07 20:48:47 ----A---- C:\Windows\SYSWOW64\InkEd.dll
2015-07-07 20:48:47 ----A---- C:\Windows\system32\jnwmon.dll
2015-07-07 20:48:47 ----A---- C:\Windows\system32\InkEd.dll
2015-07-07 20:48:44 ----A---- C:\Windows\SYSWOW64\msctf.dll
2015-07-07 20:48:44 ----A---- C:\Windows\system32\msctf.dll
2015-07-07 20:48:41 ----A---- C:\Windows\system32\shell32.dll
2015-07-07 20:48:39 ----A---- C:\Windows\SYSWOW64\shell32.dll
2015-07-07 20:48:36 ----A---- C:\Windows\SYSWOW64\ubpm.dll
2015-07-07 20:48:36 ----A---- C:\Windows\system32\ubpm.dll
2015-07-07 20:48:32 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2015-07-07 20:48:32 ----A---- C:\Windows\system32\drivers\http.sys
2015-07-07 20:48:32 ----A---- C:\Windows\system32\atmfd.dll
2015-07-07 20:48:31 ----A---- C:\Windows\SYSWOW64\lpk.dll
2015-07-07 20:48:31 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2015-07-07 20:48:31 ----A---- C:\Windows\SYSWOW64\dciman32.dll
2015-07-07 20:48:31 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2015-07-07 20:48:31 ----A---- C:\Windows\system32\lpk.dll
2015-07-07 20:48:31 ----A---- C:\Windows\system32\fontsub.dll
2015-07-07 20:48:31 ----A---- C:\Windows\system32\dciman32.dll
2015-07-07 20:48:31 ----A---- C:\Windows\system32\atmlib.dll
2015-07-07 20:48:27 ----A---- C:\Windows\system32\mstscax.dll
2015-07-07 20:48:26 ----A---- C:\Windows\SYSWOW64\mstscax.dll
2015-07-07 20:48:25 ----A---- C:\Windows\SYSWOW64\aaclient.dll
2015-07-07 20:48:17 ----A---- C:\Windows\system32\drivers\mrxdav.sys
2015-07-07 20:48:15 ----A---- C:\Windows\SYSWOW64\wpdshext.dll
2015-07-07 20:48:15 ----A---- C:\Windows\system32\wpdshext.dll
2015-07-07 20:48:13 ----A---- C:\Windows\system32\TSWbPrxy.exe
2015-07-07 20:47:56 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2015-07-07 20:47:56 ----A---- C:\Windows\system32\oleaut32.dll
2015-07-07 20:47:55 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2015-07-07 20:47:55 ----A---- C:\Windows\system32\gdi32.dll
2015-07-07 20:47:54 ----A---- C:\Windows\system32\services.exe
2015-07-07 20:47:54 ----A---- C:\Windows\system32\drivers\stream.sys
2015-07-07 20:37:46 ----A---- C:\Windows\SYSWOW64\shimeng.dll
2015-07-07 20:37:46 ----A---- C:\Windows\SYSWOW64\sdbinst.exe
2015-07-07 20:37:46 ----A---- C:\Windows\SYSWOW64\apphelp.dll
2015-07-07 20:37:46 ----A---- C:\Windows\system32\shimeng.dll
2015-07-07 20:37:46 ----A---- C:\Windows\system32\sdbinst.exe
2015-07-07 20:37:46 ----A---- C:\Windows\system32\apphelp.dll
2015-07-07 20:37:46 ----A---- C:\Windows\system32\aelupsvc.dll
2015-07-07 20:36:11 ----A---- C:\Windows\SYSWOW64\clfsw32.dll
2015-07-07 20:36:11 ----A---- C:\Windows\system32\clfsw32.dll
2015-07-07 20:36:11 ----A---- C:\Windows\system32\clfs.sys
2015-07-07 20:35:52 ----A---- C:\Windows\SYSWOW64\WindowsCodecs.dll
2015-07-07 20:35:52 ----A---- C:\Windows\system32\WindowsCodecs.dll
2015-07-07 20:35:49 ----A---- C:\Windows\SYSWOW64\scesrv.dll
2015-07-07 20:35:49 ----A---- C:\Windows\system32\scesrv.dll
2015-07-07 20:35:01 ----A---- C:\Windows\system32\javaws.exe
2015-07-07 20:34:47 ----A---- C:\Windows\system32\javaw.exe
2015-07-07 20:34:46 ----A---- C:\Windows\system32\java.exe
2015-07-07 20:32:28 ----A---- C:\Windows\system32\WindowsAccessBridge-64.dll
2015-07-07 20:28:29 ----A---- C:\Windows\SYSWOW64\WMPhoto.dll
2015-07-07 20:28:29 ----A---- C:\Windows\system32\WMPhoto.dll
2015-07-02 18:03:42 ----N---- C:\Windows\difxapi.dll
2015-07-02 18:03:42 ----D---- C:\Program Files (x86)\VIA
2015-07-02 17:55:09 ----A---- C:\Windows\system32\drivers\ViaUsbAudio.sys

======List of files/folders modified in the last 1 month======

2015-07-25 21:19:03 ----D---- C:\Windows\Temp
2015-07-25 21:18:43 ----D---- C:\Windows\Prefetch
2015-07-25 20:16:00 ----D---- C:\Windows\System32
2015-07-25 20:16:00 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-07-25 20:15:59 ----D---- C:\Windows\inf
2015-07-25 20:12:35 ----D---- C:\tmp
2015-07-25 20:12:33 ----D---- C:\ProgramData\VMware
2015-07-25 20:12:02 ----A---- C:\Windows\SYSWOW64\bscs.ini
2015-07-25 20:09:30 ----HD---- C:\ProgramData
2015-07-25 20:06:38 ----A---- C:\Users\Petr\AppData\Roaming\Mouse Monitor_Counters.ini
2015-07-25 13:11:37 ----D---- C:\Program Files
2015-07-25 09:23:05 ----D---- C:\Windows\system32\wdi
2015-07-23 11:29:40 ----D---- C:\Users\Petr\AppData\Roaming\XBMC
2015-07-23 10:17:22 ----SHD---- C:\System Volume Information
2015-07-20 11:37:58 ----D---- C:\Windows\system32\config
2015-07-19 18:10:10 ----D---- C:\Windows\pss
2015-07-18 20:54:19 ----D---- C:\Windows\system32\NDF
2015-07-18 08:58:52 ----SHD---- C:\Windows\Installer
2015-07-17 20:17:38 ----D---- C:\Program Files (x86)\DOSBox-0.74
2015-07-17 17:13:15 ----D---- C:\Windows\system32\Tasks
2015-07-17 17:13:08 ----D---- C:\Windows\SysWOW64
2015-07-17 17:13:08 ----D---- C:\Windows\system32\drivers
2015-07-17 17:13:07 ----RD---- C:\Program Files (x86)
2015-07-17 15:07:13 ----D---- C:\Users\Petr\AppData\Roaming\DAEMON Tools Lite
2015-07-17 13:33:59 ----D---- C:\Users\Petr\AppData\Roaming\VMware
2015-07-17 13:12:27 ----SD---- C:\Users\Petr\AppData\Roaming\Microsoft
2015-07-16 22:23:47 ----D---- C:\Windows\Tasks
2015-07-16 22:23:34 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-07-16 07:51:03 ----D---- C:\Users\Petr\AppData\Roaming\foobar2000
2015-07-15 10:33:14 ----D---- C:\Program Files\WhoCrashed
2015-07-15 10:26:55 ----D---- C:\Windows\Minidump
2015-07-15 10:26:28 ----AD---- C:\Windows
2015-07-14 22:48:55 ----D---- C:\Program Files (x86)\Opera
2015-07-14 21:21:19 ----D---- C:\Windows\rescache
2015-07-14 08:43:21 ----HD---- C:\_acestream_cache_
2015-07-11 19:11:06 ----D---- C:\Users\Petr\AppData\Roaming\Dropbox
2015-07-10 18:10:15 ----D---- C:\Windows\Microsoft.NET
2015-07-10 17:08:29 ----RSD---- C:\Windows\assembly
2015-07-10 13:35:31 ----D---- C:\ProgramData\Compuplast
2015-07-09 15:59:35 ----D---- C:\Users\Petr\AppData\Roaming\MB-Ruler
2015-07-09 11:07:09 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-09 11:05:57 ----D---- C:\Windows\LiveKernelReports
2015-07-08 12:36:00 ----D---- C:\Users\Petr\AppData\Roaming\vlc
2015-07-08 12:16:59 ----D---- C:\Windows\AppCompat
2015-07-07 22:56:52 ----D---- C:\Windows\winsxs
2015-07-07 22:56:17 ----D---- C:\Windows\Logs
2015-07-07 22:55:30 ----D---- C:\Windows\system32\catroot2
2015-07-07 22:45:25 ----D---- C:\Windows\SYSWOW64\cs-CZ
2015-07-07 22:45:25 ----D---- C:\Windows\system32\cs-CZ
2015-07-07 22:45:21 ----D---- C:\Program Files\Windows Media Player
2015-07-07 22:45:21 ----D---- C:\Program Files (x86)\Windows Media Player
2015-07-07 22:45:19 ----SD---- C:\Windows\system32\CompatTel
2015-07-07 22:45:17 ----D---- C:\Windows\system32\wbem
2015-07-07 22:45:17 ----D---- C:\Windows\system32\appraiser
2015-07-07 22:45:17 ----D---- C:\Windows\AppPatch
2015-07-07 22:44:51 ----D---- C:\Windows\SYSWOW64\Dism
2015-07-07 22:44:47 ----D---- C:\Windows\system32\Dism
2015-07-07 22:44:46 ----D---- C:\Windows\system32\en-US
2015-07-07 22:44:39 ----D---- C:\Windows\system32\CodeIntegrity
2015-07-07 22:44:39 ----D---- C:\Windows\system32\Boot
2015-07-07 22:44:38 ----D---- C:\Program Files\Windows Journal
2015-07-07 22:44:34 ----D---- C:\Windows\system32\AdvancedInstallers
2015-07-07 22:44:05 ----D---- C:\Program Files\Internet Explorer
2015-07-07 22:44:02 ----D---- C:\Windows\SYSWOW64\en-US
2015-07-07 22:44:00 ----D---- C:\Windows\PolicyDefinitions
2015-07-07 22:43:54 ----D---- C:\Program Files (x86)\Internet Explorer
2015-07-07 22:43:29 ----D---- C:\Windows\system32\DriverStore
2015-07-07 22:43:28 ----D---- C:\Windows\system32\drivers\UMDF
2015-07-07 21:36:56 ----D---- C:\Windows\system32\catroot
2015-07-07 21:31:27 ----D---- C:\Program Files\SharePoint Client Components
2015-07-07 21:28:53 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2015-07-07 21:18:18 ----D---- C:\Windows\system32\MRT
2015-07-07 21:08:29 ----D---- C:\Windows\debug
2015-07-07 20:29:32 ----D---- C:\Users\Petr\AppData\Roaming\inkscape
2015-07-07 20:29:32 ----D---- C:\Program Files (x86)\Steam
2015-07-07 20:26:20 ----D---- C:\Windows\Panther
2015-07-07 10:42:17 ----D---- C:\MosaicApp
2015-07-07 10:42:07 ----D---- C:\MosaicLib
2015-07-07 10:41:27 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2015-07-07 10:39:36 ----A---- C:\Windows\wininit.ini
2015-07-07 10:38:37 ----D---- C:\Windows\SYSWOW64\drivers
2015-07-07 10:37:56 ----D---- C:\Windows\system32\appmgmt
2015-07-07 10:36:46 ----D---- C:\Program Files (x86)\Exact Audio Copy
2015-07-04 15:57:02 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amdkmpfd;AMD PCI Root Bus Lower Filter; C:\Windows\system32\DRIVERS\amdkmpfd.sys [2012-03-20 32896]
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2015-06-13 65736]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2015-06-13 272248]
R0 hpdskflt;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2012-09-07 31040]
R0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2012-10-16 20024]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 SmartDefragDriver;SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [2014-06-04 21184]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2014-05-04 386680]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2015-06-13 93528]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2015-06-13 1047320]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2015-06-28 442264]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-09-17 283064]
R2 aksdf;aksdf; \??\C:\Windows\system32\drivers\aksdf.sys [2013-08-01 91784]
R2 aksfridge;Sentinel Fridge; C:\Windows\system32\DRIVERS\aksfridge.sys [2013-08-01 140736]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2015-06-13 29168]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2015-06-13 89944]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2015-06-13 137288]
R2 Dokan;Dokan; \??\C:\Windows\system32\drivers\dokan.sys [2014-11-25 57552]
R2 Ext2Fsd;Ext2 File System; \??\C:\Windows\system32\Drivers\Ext2Fsd.sys [2015-06-09 787576]
R2 hardlock;hardlock; \??\C:\Windows\system32\drivers\hardlock.sys [2013-08-01 331328]
R2 hcmon;VMware hcmon; \??\C:\Windows\system32\drivers\hcmon.sys [2013-08-26 53816]
R2 iocbios2;iocbios2; \??\C:\Program Files (x86)\Intel\Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [2014-06-17 28912]
R2 ParagonLDM;ParagonLDM; \??\C:\Windows\system32\drivers\biont_bs.sys [2014-04-11 19208]
R2 VBoxAswDrv;VBoxAsw Support Driver; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2015-06-13 273824]
R3 Accelerometer;HP Mobile Data Protection Sensor; C:\Windows\system32\DRIVERS\Accelerometer.sys [2012-09-07 43328]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-03-29 10859008]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-03-29 328704]
R3 BtAudioBusSrv;Ralink Bluetooth Audio Bus Service; C:\Windows\System32\Drivers\BtAudioBus.sys [2012-06-15 23136]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2011-07-18 25912]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2013-06-20 331264]
R3 intelkmd;intelkmd; C:\Windows\system32\DRIVERS\igdpmd64.sys [2012-03-26 14748416]
R3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hub.sys [2012-10-16 358456]
R3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2012-10-16 791608]
R3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2013-11-05 176880]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2015-06-18 25816]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [2015-07-25 113880]
R3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [2015-06-18 63704]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [2014-06-16 125952]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver; C:\Windows\system32\DRIVERS\netr28x.sys [2012-12-06 2350176]
R3 rtbth;RTBTH Bluetooth Device Driver; C:\Windows\system32\DRIVERS\rtbth.sys [2012-10-02 692832]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2012-04-12 708200]
R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10322; C:\Windows\system32\DRIVERS\stwrt64.sys [2012-11-12 543744]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2013-11-05 495856]
S2 Sentinel64;Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [2009-09-17 145448]
S3 akshasp;SafeNet Inc. HASP Key; C:\Windows\system32\DRIVERS\akshasp.sys [2013-08-01 60488]
S3 akshhl;SafeNet Inc. Sentinel HL Key; C:\Windows\system32\DRIVERS\akshhl.sys [2013-08-01 63944]
S3 aksusb;SafeNet Inc. USB Key; C:\Windows\system32\DRIVERS\aksusb.sys [2013-08-01 303624]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service; C:\Windows\System32\Drivers\BtL2caScoIf.sys [2012-07-19 56904]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [2012-10-02 48608]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 ggflt;SOMC USB Flash Driver Filter; C:\Windows\system32\DRIVERS\ggflt.sys [2014-07-27 16088]
S3 ggsemc;SEMC USB Flash Driver; C:\Windows\system32\DRIVERS\ggsemc.sys [2014-04-16 27760]
S3 ggsomc;SOMC USB Flash Driver; C:\Windows\system32\DRIVERS\ggsomc.sys [2014-07-27 30424]
S3 GPU-Z;GPU-Z; \??\C:\Users\Petr\AppData\Local\Temp\GPU-Z.sys []
S3 hwdatacard;ZD DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ZDDriver.sys [2010-01-20 122496]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2012-03-26 14748416]
S3 libusb0;libusb-win32 - Kernel Driver 04/08/2011 1.2.4.0; C:\Windows\system32\DRIVERS\libusb0.sys [2011-05-28 44480]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2012-10-17 26112]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2010-11-21 109056]
S3 SmbDrvI;SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [2013-01-10 32496]
S3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2012-11-28 1866080]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2013-02-12 19968]
S3 UsbAudio10;Audio-gd USB Device Driver(AVSTREAM); C:\Windows\system32\drivers\ViaUsbAudio.sys [2015-01-21 110896]
S3 usbser;USB Modem Driver; C:\Windows\system32\DRIVERS\usbser.sys [2013-08-29 33280]
S4 RsFx0201;RsFx0201 Driver; C:\Windows\system32\DRIVERS\RsFx0201.sys [2012-10-20 336880]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-09-12 64704]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-03-29 235520]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-06-13 343336]
R2 BlueSoleilCS;BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [2012-09-26 1612552]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DokanMounter;DokanMounter; C:\Program Files (x86)\Paragon Software\Paragon ExtFS for Windows\Dokan\DokanLibrary\mounter.exe [2014-11-25 21200]
R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04); C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-14 166400]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04); C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-14 128512]
R2 hasplms;Sentinel LDK License Manager; C:\Windows\system32\hasplms.exe [2013-08-01 4609928]
R2 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2015-05-19 99128]
R2 hpHotkeyMonitor;hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [2012-09-12 523680]
R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2012-09-07 33600]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-12-10 732160]
R2 LkCitadelServer;Lookout Citadel Server; C:\Windows\SysWOW64\lkcitdl.exe [2010-10-27 695136]
R2 lkClassAds;National Instruments PSP Server Locator; C:\Windows\SysWOW64\lkads.exe [2011-06-14 46192]
R2 lkTimeSync;National Instruments Time Synchronization; C:\Windows\SysWOW64\lktsrv.exe [2011-06-14 56952]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-06-18 1133880]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-06-18 1871160]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2014-07-23 192160]
R2 NIApplicationWebServer;NI Application Web Server; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2011-05-27 50336]
R2 NIDomainService;National Instruments Domain Service; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [2011-06-14 362104]
R2 nimDNSResponder;National Instruments mDNS Responder Service; C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [2011-06-01 194224]
R2 niSvcLoc;NI System Web Server; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [2011-05-27 50328]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2012-10-20 130024]
R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10122; C:\Program Files\IDT\WDM\STacSV64.exe [2012-11-12 327680]
R3 AvastVBoxSvc;AvastVBox COM Service; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2015-06-13 4034896]
R3 BsHelpCS;BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [2012-09-19 146184]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2012-09-06 1001376]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-02-01 160256]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-19 116648]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S3 c2wts;@%ProgramFiles%\Windows Identity Foundation\v3.5\c2wtsres.dll,-1000; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [2010-02-03 15768]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2012-03-26 276248]
S3 fussvc;Windows App Certification Kit Fast User Switching Utility Service; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [2013-08-22 142336]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-19 116648]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-05-22 114688]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2012-12-10 803872]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-07-07 148136]
S3 NILM License Manager;NILM License Manager; C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [2010-08-02 1427688]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2013-04-18 737616]
S3 Sony PC Companion;Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2013-02-04 155824]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2014-11-18 833728]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Te.Service;Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [2013-08-22 119808]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NIApplicationWebServer64;NI Application Web Server (64-bit); C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2011-05-27 68256]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2014-07-23 613024]
S4 SQLBrowser;SQL Server Browser; C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2012-02-11 269912]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119675
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Neodstranitelný malware

#6 Příspěvek od Rudy »

Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:
:files
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]/64
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]/64

:commands
[Purity]
[Emptytemp]
[Emptyflash]
a klikněte na >MoveIt!<. Před skenem vypněte antivir a po něm restartujte PC. Dejte nový log RSIT.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Lemmy11
Návštěvník
Návštěvník
Příspěvky: 8
Registrován: 25 črc 2015 12:54

Re: Neodstranitelný malware

#7 Příspěvek od Lemmy11 »

Logfile of random's system information tool 1.10 (written by random/random)
Run by Petr at 2015-07-25 23:15:03
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 395 GB (55%) free of 715 GB
Total RAM: 8073 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:15:15, on 25.7.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Users\Petr\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\trend micro\Petr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/?clid=13415
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll
O2 - BHO: Microsoft Web Test Recorder 10.0 Helper - {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe /start
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [EPSON680352 (Epson Stylus SX525WD)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGAE.EXE /FU "C:\Windows\TEMP\E_SBA32.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON SX525WD Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGAE.EXE /FU "C:\Windows\TEMP\E_S2A81.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [AccelerometerSysTrayApplet] "C:\Program Files\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.Exe"
O4 - HKCU\..\Run: [EPSON SX525WD Series (kopie 1)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGAE.EXE /FU "C:\Windows\TEMP\E_S72B.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [f.lux] "C:\Users\Petr\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'MSSQL$SQLEXPRESS')
O4 - HKUS\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'MSSQL$SQLEXPRESS')
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\national instruments\shared\mdns responder\nimdnsnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{3095CDBF-813B-498F-9934-1FD9DBD3F01A}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E6A6E78-D9FD-4E4A-AB36-41ECD558E531}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avast Antivirus (avast! Antivirus) - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: BlueSoleilCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
O23 - Service: BsHelpCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
O23 - Service: @%ProgramFiles%\Windows Identity Foundation\v3.5\c2wtsres.dll,-1000 (c2wts) - Unknown owner - C:\Program Files (x86)\Windows Identity Foundation\v3.5\c2wtshost.exe (file missing)
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: DokanMounter - Unknown owner - C:\Program Files (x86)\Paragon Software\Paragon ExtFS for Windows\Dokan\DokanLibrary\mounter.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Sentinel LDK License Manager (hasplms) - Unknown owner - C:\Windows\system32\hasplms.exe (file missing)
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: hpHotkeyMonitor - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\Windows\SysWOW64\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - C:\Windows\SysWOW64\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\Windows\SysWOW64\lktsrv.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NI Application Web Server (NIApplicationWebServer) - National Instruments Corporation - C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments Corporation - C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: National Instruments mDNS Responder Service (nimDNSResponder) - National Instruments Corporation - C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
O23 - Service: NI System Web Server (niSvcLoc) - National Instruments Corporation - C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10122 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel(R) Extreme Tuning Utility Service (XTU3SERVICE) - Intel(R) Corporation - C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe

--
End of file - 14774 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
"C:\Program Files\IDT\WDM\STacSV64.exe"

C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
atieclxx
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe"
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files (x86)\Paragon Software\Paragon ExtFS for Windows\Dokan\DokanLibrary\mounter.exe"
"C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE"
"C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE"
C:\Windows\system32\hasplms.exe -run
"C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe"
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\lkads.exe
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
"C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe" /starttray
"C:\Windows\system32\GWX\GWX.exe"
"C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe"
"C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe" -system
"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\SysWOW64\vmnat.exe
C:\Windows\SysWOW64\lkcitdl.exe
C:\Windows\SysWOW64\lktsrv.exe
"C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe"
C:\Windows\SysWOW64\vmnetdhcp.exe
"C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe" -user
"C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe"
"C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe"
C:\Windows\System32\alg.exe
C:\Windows\system32\sppsvc.exe
ngservice.exe pipeserver
"C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-0cbc44e0-72cb-4049-a64b-ede1c5034710 -SystemEventPortName:HostProcess-051fdfda-2a51-493b-b342-933b3503cb0a -IoCancelEventPortName:HostProcess-d305c034-6145-462c-b6c0-d8a5ca1da960 -NonStateChangingEventPortName:HostProcess-313a369b-68e5-4cc2-982c-738153e629b1 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:982e914f-8f3f-467b-abe0-86a26db445d0 -DeviceGroupId:
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\notepad.exe" C:\_OTM\MovedFiles\07252015_230241.log
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
"C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe"
"C:\Program Files\Hewlett-Packard\HP 3D DriveGuard\accelerometerST.exe"
"C:\Users\Petr\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
"C:\Windows\System32\StikyNot.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe" /Start
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe" /start
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
"C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
taskeng.exe {F8309AB2-1DC2-47F4-90ED-ABCD813AE924}
taskeng.exe {CEA7B232-7705-4039-B909-E387166EB9D3}
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe" /taskrestart
wmiadap.exe /F /T /R
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 508 512 520 65536 516
"C:\Users\Petr\Desktop\RSITx64.exe"
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe"

======Scheduled tasks folder======

C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-3068799367-1245275925-3185582627-1000Core.job - C:\Users\Petr\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c
C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-3068799367-1245275925-3185582627-1000UA.job - C:\Users\Petr\AppData\Local\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\HPCeeScheduleForPetr.job - C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForPetr (null)

=========Mozilla firefox=========

ProfilePath - C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\rt2ob5hs.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.domovska-stranka.cz/megasmrt"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 18.0.0.209 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf]
"Description"=
"Path"=C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.45.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.45.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@wolfram.com/Mathematica]
"Description"=Wolfram Mathematica Plug-in
"Path"=C:\Program Files (x86)\Common Files\Wolfram Research\Browser\9.0.1.4055459\npmathplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 18.0.0.209 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.80.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.80.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll


C:\Program Files (x86)\Mozilla Firefox\plugins\
nplv2010win32.dll
nplv2011win32.dll
nppdf32.dll

C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\rt2ob5hs.default\extensions\
donottrackplus@abine.com
r2d2b2g@mozilla.org
{56B7AD5C-9854-11E0-908B-34214824019B}

C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\rt2ob5hs.default\searchplugins\
vyhledvn-vide-ve-slub-youtube.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2015-07-07 553896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-06-13 662672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-07-07 211880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-22 460712]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{876d9f09-c6d6-4324-a2cc-04dd9a4de12f}]
Microsoft Web Test Recorder 10.0 Helper - C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2012-07-26 74888]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-06-13 565304]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-22 172968]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-11-05 3056880]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2012-03-26 170264]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2012-03-26 398616]
"Persistence"=C:\Windows\system32\igfxpers.exe [2012-03-26 439064]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2012-11-12 1664000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"=C:\Program Files (x86)\Google\Drive\googledrivesync.exe [2015-06-20 22012688]
"EPSON680352 (Epson Stylus SX525WD)"=C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGAE.EXE [2010-01-12 224768]
"EPSON SX525WD Series"=C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGAE.EXE [2010-01-12 224768]
"AccelerometerSysTrayApplet"=C:\Program Files\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.Exe [2013-06-11 75584]
"EPSON SX525WD Series (kopie 1)"=C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGAE.EXE [2010-01-12 224768]
"f.lux"=C:\Users\Petr\AppData\Local\FluxSoftware\Flux\flux.exe [2013-10-24 1017224]
"RESTART_STICKY_NOTES"=C:\Windows\System32\StikyNot.exe [2009-07-14 427520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21 959176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe /s []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-07-03 3673184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dropbox Update]
C:\Users\Petr\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-24 134512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ext2 Volume Manager]
C:\Program Files\Ext2Fsd\Ext2Mgr.exe [2014-08-26 1217176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_Plugin.exe -update plugin []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NCPluginUpdater]
c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe [2015-07-15 21304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NI Update Service]
C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe [2011-11-02 3004512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
C:\Program Files\OO Software\Defrag\oodtray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WindowsIoTCoreWatcher.lnk]
C:\PROGRA~2\MI28D0~1\WINDOW~1.EXE [2015-06-19 399336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Petr^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
C:\Users\Petr\AppData\Roaming\Dropbox\bin\Dropbox.exe [2015-06-26 43871968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Petr^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Serviio.lnk]
C:\PROGRA~1\Serviio\bin\SERVII~3.EXE []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"=C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2009-06-17 288312]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2012-10-24 290688]
"QLBController"=C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [2012-09-12 334240]
""= []
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2015-06-13 5515496]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-03-29 636032]
"AMD AVT"=Cmd.exe /c start AMD Accelerated Video Transcoding device initialization /min C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe aml []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\System32\igfxdev.dll [2012-03-26 434688]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0x91000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux1"=wdmaud.drv
"wave3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - "C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\Dreamweaver.exe","%1"

======List of files/folders created in the last 1 month======

2015-07-25 23:02:41 ----D---- C:\_OTM
2015-07-25 20:06:53 ----D---- C:\AdwCleaner
2015-07-25 13:11:37 ----D---- C:\Program Files\trend micro
2015-07-25 13:11:35 ----D---- C:\rsit
2015-07-18 08:58:11 ----SHD---- C:\Config.Msi
2015-07-17 17:13:07 ----D---- C:\Program Files (x86)\Paragon Software
2015-07-17 17:07:44 ----A---- C:\Windows\system32\drivers\ext2fsd.sys
2015-07-17 17:07:43 ----D---- C:\Program Files\Ext2Fsd
2015-07-17 15:09:40 ----D---- C:\Program Files (x86)\Microsoft IoT
2015-07-17 15:08:20 ----D---- C:\Program Files (x86)\DiskInternals
2015-07-13 14:34:46 ----A---- C:\test7.txt
2015-07-10 09:38:13 ----A---- C:\test6.txt
2015-07-09 09:42:44 ----A---- C:\test5.txt
2015-07-09 09:39:32 ----A---- C:\test4.txt
2015-07-09 09:32:29 ----A---- C:\test3.txt
2015-07-08 21:49:33 ----A---- C:\test2.txt
2015-07-08 21:17:37 ----A---- C:\test.txt
2015-07-08 19:40:49 ----D---- C:\Program Files (x86)\FreeCommander XE
2015-07-07 22:44:15 ----SD---- C:\Windows\SYSWOW64\GWX
2015-07-07 22:44:13 ----SD---- C:\Windows\system32\GWX
2015-07-07 22:08:20 ----D---- C:\Program Files (x86)\Mozilla Firefox
2015-07-07 21:03:13 ----A---- C:\Windows\SYSWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-07-07 21:03:13 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-07-07 21:00:42 ----D---- C:\Program Files\Microsoft Silverlight
2015-07-07 21:00:42 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2015-07-07 20:55:09 ----A---- C:\Windows\SYSWOW64\blackbox.dll
2015-07-07 20:55:09 ----A---- C:\Windows\system32\blackbox.dll
2015-07-07 20:55:08 ----A---- C:\Windows\system32\drmv2clt.dll
2015-07-07 20:55:07 ----A---- C:\Windows\SYSWOW64\drmv2clt.dll
2015-07-07 20:55:01 ----A---- C:\Windows\system32\wmdrmsdk.dll
2015-07-07 20:55:00 ----A---- C:\Windows\SYSWOW64\wmdrmsdk.dll
2015-07-07 20:55:00 ----A---- C:\Windows\SYSWOW64\mf.dll
2015-07-07 20:54:57 ----A---- C:\Windows\system32\drmmgrtn.dll
2015-07-07 20:54:56 ----A---- C:\Windows\SYSWOW64\drmmgrtn.dll
2015-07-07 20:54:56 ----A---- C:\Windows\system32\crypt32.dll
2015-07-07 20:54:55 ----A---- C:\Windows\system32\drivers\PEAuth.sys
2015-07-07 20:54:55 ----A---- C:\Windows\system32\ci.dll
2015-07-07 20:54:54 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2015-07-07 20:54:54 ----A---- C:\Windows\system32\winload.exe
2015-07-07 20:54:54 ----A---- C:\Windows\system32\quartz.dll
2015-07-07 20:54:54 ----A---- C:\Windows\system32\cryptsvc.dll
2015-07-07 20:54:53 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2015-07-07 20:54:53 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll
2015-07-07 20:54:53 ----A---- C:\Windows\system32\wintrust.dll
2015-07-07 20:54:53 ----A---- C:\Windows\system32\winresume.exe
2015-07-07 20:54:53 ----A---- C:\Windows\system32\evr.dll
2015-07-07 20:54:52 ----A---- C:\Windows\SYSWOW64\evr.dll
2015-07-07 20:54:52 ----A---- C:\Windows\system32\cryptui.dll
2015-07-07 20:54:49 ----A---- C:\Windows\system32\mfplat.dll
2015-07-07 20:54:48 ----A---- C:\Windows\SYSWOW64\quartz.dll
2015-07-07 20:54:47 ----A---- C:\Windows\SYSWOW64\mfplat.dll
2015-07-07 20:54:47 ----A---- C:\Windows\SYSWOW64\cryptui.dll
2015-07-07 20:54:47 ----A---- C:\Windows\system32\pcasvc.dll
2015-07-07 20:54:47 ----A---- C:\Windows\system32\drivers\mountmgr.sys
2015-07-07 20:54:46 ----A---- C:\Windows\SYSWOW64\cryptsp.dll
2015-07-07 20:54:46 ----A---- C:\Windows\system32\cryptsp.dll
2015-07-07 20:54:45 ----A---- C:\Windows\system32\mf.dll
2015-07-07 20:54:44 ----A---- C:\Windows\system32\msscp.dll
2015-07-07 20:54:42 ----A---- C:\Windows\SYSWOW64\qdvd.dll
2015-07-07 20:54:42 ----A---- C:\Windows\system32\msnetobj.dll
2015-07-07 20:54:42 ----A---- C:\Windows\system32\appidapi.dll
2015-07-07 20:54:41 ----A---- C:\Windows\SYSWOW64\msscp.dll
2015-07-07 20:54:41 ----A---- C:\Windows\SYSWOW64\msnetobj.dll
2015-07-07 20:54:41 ----A---- C:\Windows\SYSWOW64\cryptnet.dll
2015-07-07 20:54:41 ----A---- C:\Windows\SYSWOW64\AudioEng.dll
2015-07-07 20:54:41 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2015-07-07 20:54:41 ----A---- C:\Windows\system32\rrinstaller.exe
2015-07-07 20:54:41 ----A---- C:\Windows\system32\qdvd.dll
2015-07-07 20:54:41 ----A---- C:\Windows\system32\pcadm.dll
2015-07-07 20:54:41 ----A---- C:\Windows\system32\drivers\appid.sys
2015-07-07 20:54:41 ----A---- C:\Windows\system32\cryptnet.dll
2015-07-07 20:54:41 ----A---- C:\Windows\system32\audiosrv.dll
2015-07-07 20:54:41 ----A---- C:\Windows\system32\AudioSes.dll
2015-07-07 20:54:41 ----A---- C:\Windows\system32\AUDIOKSE.dll
2015-07-07 20:54:41 ----A---- C:\Windows\system32\AudioEng.dll
2015-07-07 20:54:41 ----A---- C:\Windows\system32\audiodg.exe
2015-07-07 20:54:41 ----A---- C:\Windows\system32\appidsvc.dll
2015-07-07 20:54:40 ----A---- C:\Windows\SYSWOW64\rrinstaller.exe
2015-07-07 20:54:40 ----A---- C:\Windows\SYSWOW64\mfps.dll
2015-07-07 20:54:40 ----A---- C:\Windows\SYSWOW64\mfpmp.exe
2015-07-07 20:54:40 ----A---- C:\Windows\SYSWOW64\AudioSes.dll
2015-07-07 20:54:40 ----A---- C:\Windows\SYSWOW64\AUDIOKSE.dll
2015-07-07 20:54:40 ----A---- C:\Windows\system32\setbcdlocale.dll
2015-07-07 20:54:40 ----A---- C:\Windows\system32\pcawrk.exe
2015-07-07 20:54:40 ----A---- C:\Windows\system32\pcalua.exe
2015-07-07 20:54:40 ----A---- C:\Windows\system32\pcaevts.dll
2015-07-07 20:54:40 ----A---- C:\Windows\system32\msmmsp.dll
2015-07-07 20:54:40 ----A---- C:\Windows\system32\mfps.dll
2015-07-07 20:54:40 ----A---- C:\Windows\system32\mfpmp.exe
2015-07-07 20:54:40 ----A---- C:\Windows\system32\EncDump.dll
2015-07-07 20:54:40 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2015-07-07 20:54:40 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2015-07-07 20:54:39 ----A---- C:\Windows\SYSWOW64\mferror.dll
2015-07-07 20:54:39 ----A---- C:\Windows\system32\mferror.dll
2015-07-07 20:53:48 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2015-07-07 20:53:48 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2015-07-07 20:53:48 ----A---- C:\Windows\system32\ieetwproxystub.dll
2015-07-07 20:53:48 ----A---- C:\Windows\system32\ieetwcollector.exe
2015-07-07 20:53:47 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2015-07-07 20:53:47 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2015-07-07 20:53:47 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2015-07-07 20:53:47 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2015-07-07 20:53:47 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2015-07-07 20:53:47 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2015-07-07 20:53:47 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2015-07-07 20:53:47 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2015-07-07 20:53:47 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-07 20:53:47 ----A---- C:\Windows\system32\iernonce.dll
2015-07-07 20:53:47 ----A---- C:\Windows\system32\ie4uinit.exe
2015-07-07 20:53:46 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2015-07-07 20:53:46 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2015-07-07 20:53:46 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2015-07-07 20:53:46 ----A---- C:\Windows\system32\iedkcs32.dll
2015-07-07 20:53:45 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2015-07-07 20:53:45 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2015-07-07 20:53:45 ----A---- C:\Windows\SYSWOW64\jscript.dll
2015-07-07 20:53:45 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2015-07-07 20:53:45 ----A---- C:\Windows\SYSWOW64\ieui.dll
2015-07-07 20:53:45 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2015-07-07 20:53:45 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2015-07-07 20:53:45 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2015-07-07 20:53:45 ----A---- C:\Windows\system32\urlmon.dll
2015-07-07 20:53:45 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-07 20:53:45 ----A---- C:\Windows\system32\msfeeds.dll
2015-07-07 20:53:45 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2015-07-07 20:53:45 ----A---- C:\Windows\system32\dxtrans.dll
2015-07-07 20:53:44 ----A---- C:\Windows\system32\iesetup.dll
2015-07-07 20:53:44 ----A---- C:\Windows\system32\ieapfltr.dll
2015-07-07 20:53:43 ----A---- C:\Windows\SYSWOW64\wininet.dll
2015-07-07 20:53:43 ----A---- C:\Windows\SYSWOW64\msrating.dll
2015-07-07 20:53:43 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2015-07-07 20:53:43 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2015-07-07 20:53:43 ----A---- C:\Windows\system32\vbscript.dll
2015-07-07 20:53:43 ----A---- C:\Windows\system32\jsproxy.dll
2015-07-07 20:53:43 ----A---- C:\Windows\system32\ieUnatt.exe
2015-07-07 20:53:43 ----A---- C:\Windows\system32\iertutil.dll
2015-07-07 20:53:42 ----A---- C:\Windows\system32\mshtmled.dll
2015-07-07 20:53:42 ----A---- C:\Windows\system32\ieui.dll
2015-07-07 20:53:42 ----A---- C:\Windows\system32\ieframe.dll
2015-07-07 20:53:42 ----A---- C:\Windows\system32\dxtmsft.dll
2015-07-07 20:53:41 ----A---- C:\Windows\system32\wininet.dll
2015-07-07 20:53:41 ----A---- C:\Windows\system32\mshtmlmedia.dll
2015-07-07 20:53:41 ----A---- C:\Windows\system32\jscript9diag.dll
2015-07-07 20:53:41 ----A---- C:\Windows\system32\jscript9.dll
2015-07-07 20:53:41 ----A---- C:\Windows\system32\jscript.dll
2015-07-07 20:53:40 ----A---- C:\Windows\system32\msrating.dll
2015-07-07 20:53:40 ----A---- C:\Windows\system32\MshtmlDac.dll
2015-07-07 20:53:39 ----A---- C:\Windows\system32\mshtml.dll
2015-07-07 20:53:02 ----A---- C:\Windows\system32\UtcResources.dll
2015-07-07 20:53:01 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-07-07 20:53:01 ----A---- C:\Windows\system32\diagtrack.dll
2015-07-07 20:53:00 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2015-07-07 20:53:00 ----A---- C:\Windows\system32\ntdll.dll
2015-07-07 20:53:00 ----A---- C:\Windows\system32\lsasrv.dll
2015-07-07 20:52:59 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2015-07-07 20:52:59 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2015-07-07 20:52:59 ----A---- C:\Windows\system32\schannel.dll
2015-07-07 20:52:59 ----A---- C:\Windows\system32\kernel32.dll
2015-07-07 20:52:59 ----A---- C:\Windows\system32\kerberos.dll
2015-07-07 20:52:58 ----A---- C:\Windows\SYSWOW64\schannel.dll
2015-07-07 20:52:58 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2015-07-07 20:52:58 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2015-07-07 20:52:58 ----A---- C:\Windows\system32\tdh.dll
2015-07-07 20:52:58 ----A---- C:\Windows\system32\msv1_0.dll
2015-07-07 20:52:58 ----A---- C:\Windows\system32\KernelBase.dll
2015-07-07 20:52:57 ----A---- C:\Windows\SYSWOW64\tdh.dll
2015-07-07 20:52:57 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2015-07-07 20:52:57 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2015-07-07 20:52:57 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2015-07-07 20:52:57 ----A---- C:\Windows\system32\wow64win.dll
2015-07-07 20:52:57 ----A---- C:\Windows\system32\wow64.dll
2015-07-07 20:52:57 ----A---- C:\Windows\system32\winsrv.dll
2015-07-07 20:52:57 ----A---- C:\Windows\system32\TSpkg.dll
2015-07-07 20:52:57 ----A---- C:\Windows\system32\ncrypt.dll
2015-07-07 20:52:57 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2015-07-07 20:52:57 ----A---- C:\Windows\system32\advapi32.dll
2015-07-07 20:52:57 ----A---- C:\Windows\system32\adtschema.dll
2015-07-07 20:52:56 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2015-07-07 20:52:56 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2015-07-07 20:52:56 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2015-07-07 20:52:56 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2015-07-07 20:52:56 ----A---- C:\Windows\system32\wdigest.dll
2015-07-07 20:52:56 ----A---- C:\Windows\system32\srcore.dll
2015-07-07 20:52:56 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2015-07-07 20:52:56 ----A---- C:\Windows\system32\conhost.exe
2015-07-07 20:52:55 ----A---- C:\Windows\SYSWOW64\typeperf.exe
2015-07-07 20:52:55 ----A---- C:\Windows\SYSWOW64\tracerpt.exe
2015-07-07 20:52:55 ----A---- C:\Windows\SYSWOW64\setup16.exe
2015-07-07 20:52:55 ----A---- C:\Windows\SYSWOW64\sechost.dll
2015-07-07 20:52:55 ----A---- C:\Windows\SYSWOW64\relog.exe
2015-07-07 20:52:55 ----A---- C:\Windows\SYSWOW64\logman.exe
2015-07-07 20:52:55 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2015-07-07 20:52:55 ----A---- C:\Windows\system32\typeperf.exe
2015-07-07 20:52:55 ----A---- C:\Windows\system32\tracerpt.exe
2015-07-07 20:52:55 ----A---- C:\Windows\system32\sspicli.dll
2015-07-07 20:52:55 ----A---- C:\Windows\system32\srclient.dll
2015-07-07 20:52:55 ----A---- C:\Windows\system32\smss.exe
2015-07-07 20:52:55 ----A---- C:\Windows\system32\sechost.dll
2015-07-07 20:52:55 ----A---- C:\Windows\system32\rstrui.exe
2015-07-07 20:52:55 ----A---- C:\Windows\system32\relog.exe
2015-07-07 20:52:55 ----A---- C:\Windows\system32\lsass.exe
2015-07-07 20:52:55 ----A---- C:\Windows\system32\logman.exe
2015-07-07 20:52:55 ----A---- C:\Windows\system32\csrsrv.dll
2015-07-07 20:52:55 ----A---- C:\Windows\system32\auditpol.exe
2015-07-07 20:52:54 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-07-07 20:52:54 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-07-07 20:52:54 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2015-07-07 20:52:54 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-07-07 20:52:54 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-07-07 20:52:54 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-07-07 20:52:54 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-07-07 20:52:54 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-07-07 20:52:54 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-07-07 20:52:54 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-07-07 20:52:54 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2015-07-07 20:52:54 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-07-07 20:52:54 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-07-07 20:52:54 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-07-07 20:52:54 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-07-07 20:52:54 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-07-07 20:52:54 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-07-07 20:52:54 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-07-07 20:52:54 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-07-07 20:52:54 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-07-07 20:52:54 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-07-07 20:52:54 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-07-07 20:52:54 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-07-07 20:52:54 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-07-07 20:52:54 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-07-07 20:52:54 ----A---- C:\Windows\SYSWOW64\wow32.dll
2015-07-07 20:52:54 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2015-07-07 20:52:54 ----A---- C:\Windows\SYSWOW64\srclient.dll
2015-07-07 20:52:54 ----A---- C:\Windows\SYSWOW64\secur32.dll
2015-07-07 20:52:54 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2015-07-07 20:52:54 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2015-07-07 20:52:54 ----A---- C:\Windows\SYSWOW64\instnm.exe
2015-07-07 20:52:54 ----A---- C:\Windows\SYSWOW64\diskperf.exe
2015-07-07 20:52:54 ----A---- C:\Windows\SYSWOW64\credssp.dll
2015-07-07 20:52:54 ----A---- C:\Windows\system32\wow64cpu.dll
2015-07-07 20:52:54 ----A---- C:\Windows\system32\sspisrv.dll
2015-07-07 20:52:54 ----A---- C:\Windows\system32\secur32.dll
2015-07-07 20:52:54 ----A---- C:\Windows\system32\ntvdm64.dll
2015-07-07 20:52:54 ----A---- C:\Windows\system32\msaudite.dll
2015-07-07 20:52:54 ----A---- C:\Windows\system32\diskperf.exe
2015-07-07 20:52:54 ----A---- C:\Windows\system32\credssp.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-07-07 20:52:53 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-07-07 20:52:53 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2015-07-07 20:52:53 ----A---- C:\Windows\system32\apisetschema.dll
2015-07-07 20:52:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-07-07 20:52:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2015-07-07 20:52:52 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-07-07 20:52:52 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-07-07 20:52:52 ----A---- C:\Windows\SYSWOW64\user.exe
2015-07-07 20:52:52 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2015-07-07 20:52:52 ----A---- C:\Windows\system32\msobjs.dll
2015-07-07 20:52:05 ----A---- C:\Windows\system32\drivers\cng.sys
2015-07-07 20:50:19 ----A---- C:\Windows\system32\profsvc.dll
2015-07-07 20:50:15 ----A---- C:\Windows\system32\win32k.sys
2015-07-07 20:50:04 ----A---- C:\Windows\SYSWOW64\poqexec.exe
2015-07-07 20:50:04 ----A---- C:\Windows\system32\poqexec.exe
2015-07-07 20:49:59 ----A---- C:\Windows\system32\generaltel.dll
2015-07-07 20:49:59 ----A---- C:\Windows\system32\devinv.dll
2015-07-07 20:49:59 ----A---- C:\Windows\system32\aitstatic.exe
2015-07-07 20:49:59 ----A---- C:\Windows\system32\acmigration.dll
2015-07-07 20:49:58 ----A---- C:\Windows\system32\invagent.dll
2015-07-07 20:49:58 ----A---- C:\Windows\system32\appraiser.dll
2015-07-07 20:49:58 ----A---- C:\Windows\system32\aepic.dll
2015-07-07 20:49:58 ----A---- C:\Windows\system32\aeinv.dll
2015-07-07 20:49:57 ----A---- C:\Windows\system32\aepdu.dll
2015-07-07 20:49:54 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2015-07-07 20:49:54 ----A---- C:\Windows\SYSWOW64\wups.dll
2015-07-07 20:49:54 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2015-07-07 20:49:54 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2015-07-07 20:49:54 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2015-07-07 20:49:54 ----A---- C:\Windows\system32\wuapp.exe
2015-07-07 20:49:52 ----A---- C:\Windows\system32\wuwebv.dll
2015-07-07 20:49:52 ----A---- C:\Windows\system32\wups2.dll
2015-07-07 20:49:52 ----A---- C:\Windows\system32\wups.dll
2015-07-07 20:49:52 ----A---- C:\Windows\system32\wudriver.dll
2015-07-07 20:49:52 ----A---- C:\Windows\system32\wucltux.dll
2015-07-07 20:49:52 ----A---- C:\Windows\system32\wuaueng.dll
2015-07-07 20:49:52 ----A---- C:\Windows\system32\wuauclt.exe
2015-07-07 20:49:52 ----A---- C:\Windows\system32\wuapi.dll
2015-07-07 20:49:52 ----A---- C:\Windows\system32\wu.upgrade.ps.dll
2015-07-07 20:49:52 ----A---- C:\Windows\system32\WinSetupUI.dll
2015-07-07 20:49:30 ----A---- C:\Windows\SYSWOW64\certcli.dll
2015-07-07 20:49:30 ----A---- C:\Windows\system32\certcli.dll
2015-07-07 20:49:18 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
2015-07-07 20:49:18 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2015-07-07 20:49:18 ----A---- C:\Windows\system32\msxml3r.dll
2015-07-07 20:49:18 ----A---- C:\Windows\system32\msxml3.dll
2015-07-07 20:49:14 ----A---- C:\Windows\system32\nlasvc.dll
2015-07-07 20:49:13 ----A---- C:\Windows\SYSWOW64\nlaapi.dll
2015-07-07 20:49:13 ----A---- C:\Windows\SYSWOW64\ncsi.dll
2015-07-07 20:49:07 ----A---- C:\Windows\system32\wmp.dll
2015-07-07 20:49:03 ----A---- C:\Windows\SYSWOW64\wmp.dll
2015-07-07 20:49:01 ----A---- C:\Windows\SYSWOW64\wmploc.DLL
2015-07-07 20:49:01 ----A---- C:\Windows\SYSWOW64\spwmp.dll
2015-07-07 20:49:01 ----A---- C:\Windows\SYSWOW64\dxmasf.dll
2015-07-07 20:49:01 ----A---- C:\Windows\system32\spwmp.dll
2015-07-07 20:49:01 ----A---- C:\Windows\system32\dxmasf.dll
2015-07-07 20:49:00 ----A---- C:\Windows\system32\wmploc.DLL
2015-07-07 20:48:56 ----A---- C:\Windows\system32\FntCache.dll
2015-07-07 20:48:56 ----A---- C:\Windows\system32\DWrite.dll
2015-07-07 20:48:55 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2015-07-07 20:48:53 ----A---- C:\Windows\SYSWOW64\comctl32.dll
2015-07-07 20:48:53 ----A---- C:\Windows\system32\comctl32.dll
2015-07-07 20:48:47 ----A---- C:\Windows\SYSWOW64\InkEd.dll
2015-07-07 20:48:47 ----A---- C:\Windows\system32\jnwmon.dll
2015-07-07 20:48:47 ----A---- C:\Windows\system32\InkEd.dll
2015-07-07 20:48:44 ----A---- C:\Windows\SYSWOW64\msctf.dll
2015-07-07 20:48:44 ----A---- C:\Windows\system32\msctf.dll
2015-07-07 20:48:41 ----A---- C:\Windows\system32\shell32.dll
2015-07-07 20:48:39 ----A---- C:\Windows\SYSWOW64\shell32.dll
2015-07-07 20:48:36 ----A---- C:\Windows\SYSWOW64\ubpm.dll
2015-07-07 20:48:36 ----A---- C:\Windows\system32\ubpm.dll
2015-07-07 20:48:32 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2015-07-07 20:48:32 ----A---- C:\Windows\system32\drivers\http.sys
2015-07-07 20:48:32 ----A---- C:\Windows\system32\atmfd.dll
2015-07-07 20:48:31 ----A---- C:\Windows\SYSWOW64\lpk.dll
2015-07-07 20:48:31 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2015-07-07 20:48:31 ----A---- C:\Windows\SYSWOW64\dciman32.dll
2015-07-07 20:48:31 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2015-07-07 20:48:31 ----A---- C:\Windows\system32\lpk.dll
2015-07-07 20:48:31 ----A---- C:\Windows\system32\fontsub.dll
2015-07-07 20:48:31 ----A---- C:\Windows\system32\dciman32.dll
2015-07-07 20:48:31 ----A---- C:\Windows\system32\atmlib.dll
2015-07-07 20:48:27 ----A---- C:\Windows\system32\mstscax.dll
2015-07-07 20:48:26 ----A---- C:\Windows\SYSWOW64\mstscax.dll
2015-07-07 20:48:25 ----A---- C:\Windows\SYSWOW64\aaclient.dll
2015-07-07 20:48:17 ----A---- C:\Windows\system32\drivers\mrxdav.sys
2015-07-07 20:48:15 ----A---- C:\Windows\SYSWOW64\wpdshext.dll
2015-07-07 20:48:15 ----A---- C:\Windows\system32\wpdshext.dll
2015-07-07 20:48:13 ----A---- C:\Windows\system32\TSWbPrxy.exe
2015-07-07 20:47:56 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2015-07-07 20:47:56 ----A---- C:\Windows\system32\oleaut32.dll
2015-07-07 20:47:55 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2015-07-07 20:47:55 ----A---- C:\Windows\system32\gdi32.dll
2015-07-07 20:47:54 ----A---- C:\Windows\system32\services.exe
2015-07-07 20:47:54 ----A---- C:\Windows\system32\drivers\stream.sys
2015-07-07 20:37:46 ----A---- C:\Windows\SYSWOW64\shimeng.dll
2015-07-07 20:37:46 ----A---- C:\Windows\SYSWOW64\sdbinst.exe
2015-07-07 20:37:46 ----A---- C:\Windows\SYSWOW64\apphelp.dll
2015-07-07 20:37:46 ----A---- C:\Windows\system32\shimeng.dll
2015-07-07 20:37:46 ----A---- C:\Windows\system32\sdbinst.exe
2015-07-07 20:37:46 ----A---- C:\Windows\system32\apphelp.dll
2015-07-07 20:37:46 ----A---- C:\Windows\system32\aelupsvc.dll
2015-07-07 20:36:11 ----A---- C:\Windows\SYSWOW64\clfsw32.dll
2015-07-07 20:36:11 ----A---- C:\Windows\system32\clfsw32.dll
2015-07-07 20:36:11 ----A---- C:\Windows\system32\clfs.sys
2015-07-07 20:35:52 ----A---- C:\Windows\SYSWOW64\WindowsCodecs.dll
2015-07-07 20:35:52 ----A---- C:\Windows\system32\WindowsCodecs.dll
2015-07-07 20:35:49 ----A---- C:\Windows\SYSWOW64\scesrv.dll
2015-07-07 20:35:49 ----A---- C:\Windows\system32\scesrv.dll
2015-07-07 20:35:01 ----A---- C:\Windows\system32\javaws.exe
2015-07-07 20:34:47 ----A---- C:\Windows\system32\javaw.exe
2015-07-07 20:34:46 ----A---- C:\Windows\system32\java.exe
2015-07-07 20:32:28 ----A---- C:\Windows\system32\WindowsAccessBridge-64.dll
2015-07-07 20:28:29 ----A---- C:\Windows\SYSWOW64\WMPhoto.dll
2015-07-07 20:28:29 ----A---- C:\Windows\system32\WMPhoto.dll
2015-07-02 18:03:42 ----N---- C:\Windows\difxapi.dll
2015-07-02 18:03:42 ----D---- C:\Program Files (x86)\VIA
2015-07-02 17:55:09 ----A---- C:\Windows\system32\drivers\ViaUsbAudio.sys

======List of files/folders modified in the last 1 month======

2015-07-25 23:15:15 ----D---- C:\Windows\Prefetch
2015-07-25 23:11:24 ----D---- C:\Windows\Temp
2015-07-25 23:11:07 ----D---- C:\tmp
2015-07-25 23:11:04 ----D---- C:\ProgramData\VMware
2015-07-25 23:10:03 ----A---- C:\Windows\SYSWOW64\bscs.ini
2015-07-25 23:02:42 ----D---- C:\Windows\Tasks
2015-07-25 20:16:00 ----D---- C:\Windows\System32
2015-07-25 20:16:00 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-07-25 20:15:59 ----D---- C:\Windows\inf
2015-07-25 20:09:30 ----HD---- C:\ProgramData
2015-07-25 20:06:38 ----A---- C:\Users\Petr\AppData\Roaming\Mouse Monitor_Counters.ini
2015-07-25 13:11:37 ----D---- C:\Program Files
2015-07-25 09:23:05 ----D---- C:\Windows\system32\wdi
2015-07-23 11:29:40 ----D---- C:\Users\Petr\AppData\Roaming\XBMC
2015-07-23 10:17:22 ----SHD---- C:\System Volume Information
2015-07-20 11:37:58 ----D---- C:\Windows\system32\config
2015-07-19 18:10:10 ----D---- C:\Windows\pss
2015-07-18 20:54:19 ----D---- C:\Windows\system32\NDF
2015-07-18 08:58:52 ----SHD---- C:\Windows\Installer
2015-07-17 20:17:38 ----D---- C:\Program Files (x86)\DOSBox-0.74
2015-07-17 17:13:15 ----D---- C:\Windows\system32\Tasks
2015-07-17 17:13:08 ----D---- C:\Windows\SysWOW64
2015-07-17 17:13:08 ----D---- C:\Windows\system32\drivers
2015-07-17 17:13:07 ----RD---- C:\Program Files (x86)
2015-07-17 15:07:13 ----D---- C:\Users\Petr\AppData\Roaming\DAEMON Tools Lite
2015-07-17 13:33:59 ----D---- C:\Users\Petr\AppData\Roaming\VMware
2015-07-17 13:12:27 ----SD---- C:\Users\Petr\AppData\Roaming\Microsoft
2015-07-16 22:23:34 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-07-16 07:51:03 ----D---- C:\Users\Petr\AppData\Roaming\foobar2000
2015-07-15 10:33:14 ----D---- C:\Program Files\WhoCrashed
2015-07-15 10:26:55 ----D---- C:\Windows\Minidump
2015-07-15 10:26:28 ----AD---- C:\Windows
2015-07-14 22:48:55 ----D---- C:\Program Files (x86)\Opera
2015-07-14 21:21:19 ----D---- C:\Windows\rescache
2015-07-14 08:43:21 ----HD---- C:\_acestream_cache_
2015-07-11 19:11:06 ----D---- C:\Users\Petr\AppData\Roaming\Dropbox
2015-07-10 18:10:15 ----D---- C:\Windows\Microsoft.NET
2015-07-10 17:08:29 ----RSD---- C:\Windows\assembly
2015-07-10 13:35:31 ----D---- C:\ProgramData\Compuplast
2015-07-09 15:59:35 ----D---- C:\Users\Petr\AppData\Roaming\MB-Ruler
2015-07-09 11:07:09 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-09 11:05:57 ----D---- C:\Windows\LiveKernelReports
2015-07-08 12:36:00 ----D---- C:\Users\Petr\AppData\Roaming\vlc
2015-07-08 12:16:59 ----D---- C:\Windows\AppCompat
2015-07-07 22:56:52 ----D---- C:\Windows\winsxs
2015-07-07 22:56:17 ----D---- C:\Windows\Logs
2015-07-07 22:55:30 ----D---- C:\Windows\system32\catroot2
2015-07-07 22:45:25 ----D---- C:\Windows\SYSWOW64\cs-CZ
2015-07-07 22:45:25 ----D---- C:\Windows\system32\cs-CZ
2015-07-07 22:45:21 ----D---- C:\Program Files\Windows Media Player
2015-07-07 22:45:21 ----D---- C:\Program Files (x86)\Windows Media Player
2015-07-07 22:45:19 ----SD---- C:\Windows\system32\CompatTel
2015-07-07 22:45:17 ----D---- C:\Windows\system32\wbem
2015-07-07 22:45:17 ----D---- C:\Windows\system32\appraiser
2015-07-07 22:45:17 ----D---- C:\Windows\AppPatch
2015-07-07 22:44:51 ----D---- C:\Windows\SYSWOW64\Dism
2015-07-07 22:44:47 ----D---- C:\Windows\system32\Dism
2015-07-07 22:44:46 ----D---- C:\Windows\system32\en-US
2015-07-07 22:44:39 ----D---- C:\Windows\system32\CodeIntegrity
2015-07-07 22:44:39 ----D---- C:\Windows\system32\Boot
2015-07-07 22:44:38 ----D---- C:\Program Files\Windows Journal
2015-07-07 22:44:34 ----D---- C:\Windows\system32\AdvancedInstallers
2015-07-07 22:44:05 ----D---- C:\Program Files\Internet Explorer
2015-07-07 22:44:02 ----D---- C:\Windows\SYSWOW64\en-US
2015-07-07 22:44:00 ----D---- C:\Windows\PolicyDefinitions
2015-07-07 22:43:54 ----D---- C:\Program Files (x86)\Internet Explorer
2015-07-07 22:43:29 ----D---- C:\Windows\system32\DriverStore
2015-07-07 22:43:28 ----D---- C:\Windows\system32\drivers\UMDF
2015-07-07 21:36:56 ----D---- C:\Windows\system32\catroot
2015-07-07 21:31:27 ----D---- C:\Program Files\SharePoint Client Components
2015-07-07 21:28:53 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2015-07-07 21:18:18 ----D---- C:\Windows\system32\MRT
2015-07-07 21:08:29 ----D---- C:\Windows\debug
2015-07-07 20:29:32 ----D---- C:\Users\Petr\AppData\Roaming\inkscape
2015-07-07 20:29:32 ----D---- C:\Program Files (x86)\Steam
2015-07-07 20:26:20 ----D---- C:\Windows\Panther
2015-07-07 10:42:17 ----D---- C:\MosaicApp
2015-07-07 10:42:07 ----D---- C:\MosaicLib
2015-07-07 10:41:27 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2015-07-07 10:39:36 ----A---- C:\Windows\wininit.ini
2015-07-07 10:38:37 ----D---- C:\Windows\SYSWOW64\drivers
2015-07-07 10:37:56 ----D---- C:\Windows\system32\appmgmt
2015-07-07 10:36:46 ----D---- C:\Program Files (x86)\Exact Audio Copy
2015-07-04 15:57:02 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amdkmpfd;AMD PCI Root Bus Lower Filter; C:\Windows\system32\DRIVERS\amdkmpfd.sys [2012-03-20 32896]
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2015-06-13 65736]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2015-06-13 272248]
R0 hpdskflt;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2012-09-07 31040]
R0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2012-10-16 20024]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 SmartDefragDriver;SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [2014-06-04 21184]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2014-05-04 386680]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2015-06-13 93528]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2015-06-13 1047320]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2015-06-28 442264]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-09-17 283064]
R2 aksdf;aksdf; \??\C:\Windows\system32\drivers\aksdf.sys [2013-08-01 91784]
R2 aksfridge;Sentinel Fridge; C:\Windows\system32\DRIVERS\aksfridge.sys [2013-08-01 140736]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2015-06-13 29168]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2015-06-13 89944]
R2 Dokan;Dokan; \??\C:\Windows\system32\drivers\dokan.sys [2014-11-25 57552]
R2 Ext2Fsd;Ext2 File System; \??\C:\Windows\system32\Drivers\Ext2Fsd.sys [2015-06-09 787576]
R2 hardlock;hardlock; \??\C:\Windows\system32\drivers\hardlock.sys [2013-08-01 331328]
R2 hcmon;VMware hcmon; \??\C:\Windows\system32\drivers\hcmon.sys [2013-08-26 53816]
R2 iocbios2;iocbios2; \??\C:\Program Files (x86)\Intel\Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [2014-06-17 28912]
R2 ParagonLDM;ParagonLDM; \??\C:\Windows\system32\drivers\biont_bs.sys [2014-04-11 19208]
R2 VBoxAswDrv;VBoxAsw Support Driver; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2015-06-13 273824]
R3 Accelerometer;HP Mobile Data Protection Sensor; C:\Windows\system32\DRIVERS\Accelerometer.sys [2012-09-07 43328]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-03-29 10859008]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-03-29 328704]
R3 BtAudioBusSrv;Ralink Bluetooth Audio Bus Service; C:\Windows\System32\Drivers\BtAudioBus.sys [2012-06-15 23136]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2011-07-18 25912]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2013-06-20 331264]
R3 intelkmd;intelkmd; C:\Windows\system32\DRIVERS\igdpmd64.sys [2012-03-26 14748416]
R3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hub.sys [2012-10-16 358456]
R3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2012-10-16 791608]
R3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2013-11-05 176880]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2015-06-18 25816]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [2015-07-25 113880]
R3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [2015-06-18 63704]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [2014-06-16 125952]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver; C:\Windows\system32\DRIVERS\netr28x.sys [2012-12-06 2350176]
R3 rtbth;RTBTH Bluetooth Device Driver; C:\Windows\system32\DRIVERS\rtbth.sys [2012-10-02 692832]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2012-04-12 708200]
R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10322; C:\Windows\system32\DRIVERS\stwrt64.sys [2012-11-12 543744]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2013-11-05 495856]
R3 UsbAudio10;Audio-gd USB Device Driver(AVSTREAM); C:\Windows\system32\drivers\ViaUsbAudio.sys [2015-01-21 110896]
S2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2015-06-13 137288]
S2 Sentinel64;Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [2009-09-17 145448]
S3 akshasp;SafeNet Inc. HASP Key; C:\Windows\system32\DRIVERS\akshasp.sys [2013-08-01 60488]
S3 akshhl;SafeNet Inc. Sentinel HL Key; C:\Windows\system32\DRIVERS\akshhl.sys [2013-08-01 63944]
S3 aksusb;SafeNet Inc. USB Key; C:\Windows\system32\DRIVERS\aksusb.sys [2013-08-01 303624]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service; C:\Windows\System32\Drivers\BtL2caScoIf.sys [2012-07-19 56904]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [2012-10-02 48608]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 ggflt;SOMC USB Flash Driver Filter; C:\Windows\system32\DRIVERS\ggflt.sys [2014-07-27 16088]
S3 ggsemc;SEMC USB Flash Driver; C:\Windows\system32\DRIVERS\ggsemc.sys [2014-04-16 27760]
S3 ggsomc;SOMC USB Flash Driver; C:\Windows\system32\DRIVERS\ggsomc.sys [2014-07-27 30424]
S3 GPU-Z;GPU-Z; \??\C:\Users\Petr\AppData\Local\Temp\GPU-Z.sys []
S3 hwdatacard;ZD DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ZDDriver.sys [2010-01-20 122496]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2012-03-26 14748416]
S3 libusb0;libusb-win32 - Kernel Driver 04/08/2011 1.2.4.0; C:\Windows\system32\DRIVERS\libusb0.sys [2011-05-28 44480]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2012-10-17 26112]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2010-11-21 109056]
S3 SmbDrvI;SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [2013-01-10 32496]
S3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2012-11-28 1866080]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2013-02-12 19968]
S3 usbser;USB Modem Driver; C:\Windows\system32\DRIVERS\usbser.sys [2013-08-29 33280]
S4 RsFx0201;RsFx0201 Driver; C:\Windows\system32\DRIVERS\RsFx0201.sys [2012-10-20 336880]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-09-12 64704]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-03-29 235520]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-06-13 343336]
R2 BlueSoleilCS;BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [2012-09-26 1612552]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DokanMounter;DokanMounter; C:\Program Files (x86)\Paragon Software\Paragon ExtFS for Windows\Dokan\DokanLibrary\mounter.exe [2014-11-25 21200]
R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04); C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-14 166400]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04); C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-14 128512]
R2 hasplms;Sentinel LDK License Manager; C:\Windows\system32\hasplms.exe [2013-08-01 4609928]
R2 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2015-05-19 99128]
R2 hpHotkeyMonitor;hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [2012-09-12 523680]
R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2012-09-07 33600]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-12-10 732160]
R2 LkCitadelServer;Lookout Citadel Server; C:\Windows\SysWOW64\lkcitdl.exe [2010-10-27 695136]
R2 lkClassAds;National Instruments PSP Server Locator; C:\Windows\SysWOW64\lkads.exe [2011-06-14 46192]
R2 lkTimeSync;National Instruments Time Synchronization; C:\Windows\SysWOW64\lktsrv.exe [2011-06-14 56952]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-06-18 1133880]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-06-18 1871160]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2014-07-23 192160]
R2 NIApplicationWebServer;NI Application Web Server; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2011-05-27 50336]
R2 NIDomainService;National Instruments Domain Service; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [2011-06-14 362104]
R2 nimDNSResponder;National Instruments mDNS Responder Service; C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [2011-06-01 194224]
R2 niSvcLoc;NI System Web Server; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [2011-05-27 50328]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2012-10-20 130024]
R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10122; C:\Program Files\IDT\WDM\STacSV64.exe [2012-11-12 327680]
R3 AvastVBoxSvc;AvastVBox COM Service; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2015-06-13 4034896]
R3 BsHelpCS;BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [2012-09-19 146184]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2012-09-06 1001376]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-02-01 160256]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-19 116648]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S3 c2wts;@%ProgramFiles%\Windows Identity Foundation\v3.5\c2wtsres.dll,-1000; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [2010-02-03 15768]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2012-03-26 276248]
S3 fussvc;Windows App Certification Kit Fast User Switching Utility Service; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [2013-08-22 142336]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-19 116648]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-05-22 114688]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2012-12-10 803872]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-07-07 148136]
S3 NILM License Manager;NILM License Manager; C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [2010-08-02 1427688]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2013-04-18 737616]
S3 Sony PC Companion;Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2013-02-04 155824]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2014-11-18 833728]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Te.Service;Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [2013-08-22 119808]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NIApplicationWebServer64;NI Application Web Server (64-bit); C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2011-05-27 68256]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2014-07-23 613024]
S4 SQLBrowser;SQL Server Browser; C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2012-02-11 269912]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119675
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Neodstranitelný malware

#8 Příspěvek od Rudy »

Smazáno. Změnilo se něco?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Lemmy11
Návštěvník
Návštěvník
Příspěvky: 8
Registrován: 25 črc 2015 12:54

Re: Neodstranitelný malware

#9 Příspěvek od Lemmy11 »

Pořád stejný problém. Malwarebytes najde několik problematických souborů a při pokusu o jejich smazání spadne. Je možné, že je to falešná detekce, ale nikdy předtím je nehlásíl.


Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 26.7.2015
Čas skenování: 12:06
Protokol: log.txt
Správce: Ano

Verze: 2.1.8.1057
Databáze malwaru: v2015.07.26.03
Databáze rootkitů: v2015.07.22.01
Licence: Premium
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Petr

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 500659
Uplynulý čas: 1 hod, 11 min, 3 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Zapnuto
Sken hloubkových rootkitů: Zapnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 20
PUP.Optional.Goobzo.A, C:\Users\Petr\AppData\Local\Installer\Install_955, , [23385e886c1e1c1aecc3e425f70cb947],
PUP.Optional.Goobzo.A, C:\Users\Petr\AppData\Local\Installer\Install_2174, , [194226c018723204674930d9ab5848b8],
PUP.Optional.Goobzo.A, C:\Users\Petr\AppData\Local\Installer\Install_4921, , [f467994db4d6c86ea60a67a222e19e62],
PUP.Optional.Goobzo.A, C:\Users\Petr\AppData\Local\Installer\Install_7938, , [411ad70fdbafa88e9818c445bd467e82],
PUP.Optional.Goobzo.A, C:\Users\Petr\AppData\Local\Installer\Install_8072, , [0d4e885edeac8aacd1dfe326768d1be5],
PUP.Optional.Goobzo.A, C:\Users\Petr\AppData\Local\Installer\Install_9086, , [b2a9c42293f71422bdf327e218eb7789],
PUP.Optional.Goobzo.A, C:\Users\Petr\AppData\Local\Installer\Install_15661, , [3724eff76a202e0878390afff2110cf4],
PUP.Optional.Goobzo.A, C:\Users\Petr\AppData\Local\Installer\Install_11186, , [be9d4c9a44462e08c4ed7099c043c53b],
PUP.Optional.Goobzo.A, C:\Users\Petr\AppData\Local\Installer\Install_11238, , [25368b5b68221f1781306a9f59aac937],
PUP.Optional.Goobzo.A, C:\Users\Petr\AppData\Local\Installer\Install_16349, , [3328af37840666d0991840c96c97ca36],
PUP.Optional.Goobzo.A, C:\Users\Petr\AppData\Local\Installer\Install_20181, , [6bf09f47ed9d2b0bbff2c7429271e719],
PUP.Optional.Goobzo.A, C:\Users\Petr\AppData\Local\Installer\Install_20468, , [32299e48820837ffd2df39d081828b75],
PUP.Optional.Goobzo.A, C:\Users\Petr\AppData\Local\Installer\Install_20770, , [3a21c81eb5d5db5b28897792ce358977],
PUP.Optional.Goobzo.A, C:\Users\Petr\AppData\Local\Installer\Install_21437, , [d7846581f79365d16a47cb3eaf546a96],
PUP.Optional.Goobzo.A, C:\Users\Petr\AppData\Local\Installer\Install_23685, , [84d7786e256514226b465faa9f6418e8],
PUP.Optional.Goobzo.A, C:\Users\Petr\AppData\Local\Installer\Install_25841, , [b9a2cd1951394cea0fa286832cd76b95],
PUP.Optional.Goobzo.A, C:\Users\Petr\AppData\Local\Installer\Install_26625, , [ce8d17cfe4a6092dd0e1ee1b5ca748b8],
PUP.Optional.Goobzo.A, C:\Users\Petr\AppData\Local\Installer\Install_27677, , [5209b135c5c50135d8d9c346fc07f20e],
PUP.Optional.Goobzo.A, C:\Users\Petr\AppData\Local\Installer\Install_29917, , [b0abb63044461a1ce7ca1aef26ddd32d],
PUP.Optional.Goobzo.A, C:\Users\Petr\AppData\Local\Installer\Install_31085, , [471412d44644979fc8e93fcab84bd927],

Soubory: 0
(Nenalezeny žádné škodlivé položky)

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119675
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Neodstranitelný malware

#10 Příspěvek od Rudy »

Dejte log ComboFix:
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Lemmy11
Návštěvník
Návštěvník
Příspěvky: 8
Registrován: 25 črc 2015 12:54

Re: Neodstranitelný malware

#11 Příspěvek od Lemmy11 »

ComboFix 15-07-23.01 - Petr 26.07.2015 13:40:13.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.8073.5497 [GMT 2:00]
Spuštěný z: c:\users\Petr\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 24 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Petr\AppData\Local\Temp\_MEI57362\_ctypes.pyd
c:\users\Petr\AppData\Local\Temp\_MEI57362\_elementtree.pyd
c:\users\Petr\AppData\Local\Temp\_MEI57362\_hashlib.pyd
c:\users\Petr\AppData\Local\Temp\_MEI57362\_multiprocessing.pyd
c:\users\Petr\AppData\Local\Temp\_MEI57362\_psutil_windows.pyd
c:\users\Petr\AppData\Local\Temp\_MEI57362\_socket.pyd
c:\users\Petr\AppData\Local\Temp\_MEI57362\_ssl.pyd
c:\users\Petr\AppData\Local\Temp\_MEI57362\_yappi.pyd
c:\users\Petr\AppData\Local\Temp\_MEI57362\common.time34.pyd
c:\users\Petr\AppData\Local\Temp\_MEI57362\hashobjs_ext.pyd
c:\users\Petr\AppData\Local\Temp\_MEI57362\pyexpat.pyd
c:\users\Petr\AppData\Local\Temp\_MEI57362\pysqlite2._sqlite.pyd
c:\users\Petr\AppData\Local\Temp\_MEI57362\python27.dll
c:\users\Petr\AppData\Local\Temp\_MEI57362\pythoncom27.dll
c:\users\Petr\AppData\Local\Temp\_MEI57362\PyWinTypes27.dll
c:\users\Petr\AppData\Local\Temp\_MEI57362\select.pyd
c:\users\Petr\AppData\Local\Temp\_MEI57362\unicodedata.pyd
c:\users\Petr\AppData\Local\Temp\_MEI57362\usb_ext.pyd
c:\users\Petr\AppData\Local\Temp\_MEI57362\win32api.pyd
c:\users\Petr\AppData\Local\Temp\_MEI57362\win32com.shell.shell.pyd
c:\users\Petr\AppData\Local\Temp\_MEI57362\win32crypt.pyd
c:\users\Petr\AppData\Local\Temp\_MEI57362\win32event.pyd
c:\users\Petr\AppData\Local\Temp\_MEI57362\win32file.pyd
c:\users\Petr\AppData\Local\Temp\_MEI57362\win32gui.pyd
c:\users\Petr\AppData\Local\Temp\_MEI57362\win32inet.pyd
c:\users\Petr\AppData\Local\Temp\_MEI57362\win32pdh.pyd
c:\users\Petr\AppData\Local\Temp\_MEI57362\win32pipe.pyd
c:\users\Petr\AppData\Local\Temp\_MEI57362\win32process.pyd
c:\users\Petr\AppData\Local\Temp\_MEI57362\win32profile.pyd
c:\users\Petr\AppData\Local\Temp\_MEI57362\win32security.pyd
c:\users\Petr\AppData\Local\Temp\_MEI57362\win32ts.pyd
c:\users\Petr\AppData\Local\Temp\_MEI57362\windows._lib_cacheinvalidation.pyd
c:\users\Petr\AppData\Local\Temp\_MEI57362\wx._animate.pyd
c:\users\Petr\AppData\Local\Temp\_MEI57362\wx._controls_.pyd
c:\users\Petr\AppData\Local\Temp\_MEI57362\wx._core_.pyd
c:\users\Petr\AppData\Local\Temp\_MEI57362\wx._gdi_.pyd
c:\users\Petr\AppData\Local\Temp\_MEI57362\wx._html2.pyd
c:\users\Petr\AppData\Local\Temp\_MEI57362\wx._misc_.pyd
c:\users\Petr\AppData\Local\Temp\_MEI57362\wx._windows_.pyd
c:\users\Petr\AppData\Local\Temp\_MEI57362\wx._wizard.pyd
c:\users\Petr\AppData\Local\Temp\_MEI57362\wxbase294u_net_vc90.dll
c:\users\Petr\AppData\Local\Temp\_MEI57362\wxbase294u_vc90.dll
c:\users\Petr\AppData\Local\Temp\_MEI57362\wxmsw294u_adv_vc90.dll
c:\users\Petr\AppData\Local\Temp\_MEI57362\wxmsw294u_core_vc90.dll
c:\users\Petr\AppData\Local\Temp\_MEI57362\wxmsw294u_html_vc90.dll
c:\users\Petr\AppData\Local\Temp\_MEI57362\wxmsw294u_webview_vc90.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-06-26 do 2015-07-26 )))))))))))))))))))))))))))))))
.
.
2015-07-25 21:22 . 2015-06-13 20:31 137288 ----a-w- c:\windows\system32\drivers\aswB947.tmp
2015-07-25 21:22 . 2015-06-13 20:31 272248 ----a-w- c:\windows\system32\drivers\aswB31E.tmp
2015-07-25 21:22 . 2015-06-28 15:04 442264 ----a-w- c:\windows\system32\drivers\aswAEBA.tmp
2015-07-25 21:21 . 2015-06-13 20:31 65736 ----a-w- c:\windows\system32\drivers\aswA99B.tmp
2015-07-25 21:21 . 2015-06-13 20:31 89944 ----a-w- c:\windows\system32\drivers\aswA4F8.tmp
2015-07-25 21:21 . 2015-06-13 20:31 29168 ----a-w- c:\windows\system32\drivers\aswA065.tmp
2015-07-25 21:21 . 2015-06-13 20:31 93528 ----a-w- c:\windows\system32\drivers\asw99EE.tmp
2015-07-25 21:21 . 2015-06-13 20:30 1047320 ----a-w- c:\windows\system32\drivers\asw7F4C.tmp
2015-07-25 21:21 . 2015-07-25 21:20 115152 ----a-w- c:\windows\system32\drivers\ngvss.sys
2015-07-25 21:21 . 2015-07-25 21:21 378880 ----a-w- c:\windows\system32\aswBoot.exe
2015-07-25 21:20 . 2015-07-25 21:20 43112 ----a-w- c:\windows\avastSS.scr
2015-07-25 21:02 . 2015-07-25 21:02 -------- d-----w- C:\_OTM
2015-07-25 18:06 . 2015-07-25 18:21 -------- d-----w- C:\AdwCleaner
2015-07-25 11:11 . 2015-07-25 21:15 -------- d-----w- c:\program files\trend micro
2015-07-25 11:11 . 2015-07-25 11:12 -------- d-----w- C:\rsit
2015-07-23 08:24 . 2015-07-23 08:24 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{468A8A41-5454-49DB-8EF4-AF5CCD65AD6D}\offreg.4440.dll
2015-07-23 08:17 . 2015-07-15 01:12 12222168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{468A8A41-5454-49DB-8EF4-AF5CCD65AD6D}\mpengine.dll
2015-07-17 15:13 . 2015-07-17 15:13 -------- d-----w- c:\program files (x86)\Paragon Software
2015-07-17 15:07 . 2015-06-09 21:03 787576 ----a-w- c:\windows\system32\drivers\ext2fsd.sys
2015-07-17 15:07 . 2015-07-17 15:07 -------- d-----w- c:\program files\Ext2Fsd
2015-07-17 13:09 . 2015-07-17 13:09 -------- d-----w- c:\program files (x86)\Microsoft IoT
2015-07-17 13:08 . 2015-07-17 13:08 -------- d-----w- c:\program files (x86)\DiskInternals
2015-07-09 10:34 . 2015-07-09 10:34 -------- d-----w- c:\users\Petr\AppData\Local\GWX
2015-07-08 17:40 . 2015-07-08 17:40 -------- d-----w- c:\program files (x86)\FreeCommander XE
2015-07-08 17:40 . 2015-07-08 17:40 -------- d-----w- c:\users\Petr\AppData\Local\FreeCommanderXE
2015-07-07 20:44 . 2015-07-07 20:44 -------- d-s---w- c:\windows\SysWow64\GWX
2015-07-07 20:44 . 2015-07-07 20:56 -------- d-s---w- c:\windows\system32\GWX
2015-07-07 19:03 . 2015-05-01 13:17 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-07-07 19:03 . 2015-05-01 13:16 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-07-07 19:00 . 2015-07-07 19:00 -------- d-----w- c:\program files\Microsoft Silverlight
2015-07-07 19:00 . 2015-07-07 19:00 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2015-07-07 18:55 . 2015-02-03 03:30 842240 ----a-w- c:\windows\system32\blackbox.dll
2015-07-07 18:55 . 2015-02-03 03:12 744960 ----a-w- c:\windows\SysWow64\blackbox.dll
2015-07-07 18:55 . 2015-02-03 03:30 1202176 ----a-w- c:\windows\system32\drmv2clt.dll
2015-07-07 18:55 . 2015-02-03 03:12 988160 ----a-w- c:\windows\SysWow64\drmv2clt.dll
2015-07-07 18:55 . 2015-02-03 03:31 782848 ----a-w- c:\windows\system32\wmdrmsdk.dll
2015-07-07 18:55 . 2015-02-03 03:12 617984 ----a-w- c:\windows\SysWow64\wmdrmsdk.dll
2015-07-07 18:55 . 2015-02-03 03:12 3209728 ----a-w- c:\windows\SysWow64\mf.dll
2015-07-07 18:53 . 2015-05-23 03:15 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2015-07-07 18:52 . 2015-05-25 18:19 342016 ----a-w- c:\windows\system32\schannel.dll
2015-07-07 18:50 . 2014-12-19 03:06 210432 ----a-w- c:\windows\system32\profsvc.dll
2015-07-07 18:50 . 2015-05-25 17:08 3206144 ----a-w- c:\windows\system32\win32k.sys
2015-07-07 18:50 . 2015-02-18 07:06 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2015-07-07 18:50 . 2015-02-18 07:04 142336 ----a-w- c:\windows\system32\poqexec.exe
2015-07-07 18:48 . 2015-04-20 03:17 1647104 ----a-w- c:\windows\system32\DWrite.dll
2015-07-07 18:47 . 2014-11-26 03:53 861696 ----a-w- c:\windows\system32\oleaut32.dll
2015-07-07 18:47 . 2014-11-26 03:32 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2015-07-07 18:47 . 2015-03-05 05:12 404480 ----a-w- c:\windows\system32\gdi32.dll
2015-07-07 18:47 . 2015-03-05 04:05 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2015-07-07 18:47 . 2015-04-13 03:28 328704 ----a-w- c:\windows\system32\services.exe
2015-07-07 18:47 . 2015-04-11 03:19 69888 ----a-w- c:\windows\system32\drivers\stream.sys
2015-07-07 18:37 . 2015-03-04 04:41 6656 ----a-w- c:\windows\system32\shimeng.dll
2015-07-07 18:37 . 2015-03-04 04:41 72192 ----a-w- c:\windows\system32\aelupsvc.dll
2015-07-07 18:37 . 2015-03-04 04:41 342016 ----a-w- c:\windows\system32\apphelp.dll
2015-07-07 18:37 . 2015-03-04 04:41 23552 ----a-w- c:\windows\system32\sdbinst.exe
2015-07-07 18:37 . 2015-03-04 04:11 5120 ----a-w- c:\windows\SysWow64\shimeng.dll
2015-07-07 18:37 . 2015-03-04 04:10 295936 ----a-w- c:\windows\SysWow64\apphelp.dll
2015-07-07 18:37 . 2015-03-04 04:10 20992 ----a-w- c:\windows\SysWow64\sdbinst.exe
2015-07-07 18:36 . 2015-03-04 04:55 367552 ----a-w- c:\windows\system32\clfs.sys
2015-07-07 18:36 . 2015-03-04 04:41 79360 ----a-w- c:\windows\system32\clfsw32.dll
2015-07-07 18:36 . 2015-03-04 04:10 58880 ----a-w- c:\windows\SysWow64\clfsw32.dll
2015-07-07 18:35 . 2015-02-03 03:31 1424896 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-07-07 18:35 . 2015-02-03 03:12 1230848 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2015-07-07 18:35 . 2014-12-08 03:09 406528 ----a-w- c:\windows\system32\scesrv.dll
2015-07-07 18:35 . 2014-12-08 02:46 308224 ----a-w- c:\windows\SysWow64\scesrv.dll
2015-07-07 18:35 . 2015-07-07 18:34 320424 ----a-w- c:\windows\system32\javaws.exe
2015-07-07 18:34 . 2015-07-07 18:34 189864 ----a-w- c:\windows\system32\javaw.exe
2015-07-07 18:34 . 2015-07-07 18:34 189864 ----a-w- c:\windows\system32\java.exe
2015-07-07 18:32 . 2015-07-07 18:34 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2015-07-07 18:28 . 2015-02-04 03:16 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2015-07-07 18:28 . 2015-02-04 02:54 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2015-07-02 16:03 . 2015-07-02 16:03 -------- d-----w- c:\program files (x86)\VIA
2015-07-02 16:03 . 2009-07-14 07:40 504320 ------w- c:\windows\difxapi.dll
2015-07-02 15:55 . 2015-01-21 11:57 110896 ----a-w- c:\windows\system32\drivers\ViaUsbAudio.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-26 12:09 . 2015-04-12 16:49 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-07-25 21:21 . 2013-12-28 21:43 150160 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-07-25 21:21 . 2014-05-04 14:09 28656 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-07-25 21:21 . 2013-06-19 16:26 447944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-07-25 21:21 . 2013-06-19 16:26 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-07-25 21:21 . 2013-06-19 16:26 274808 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-07-25 21:21 . 2013-06-19 16:25 65224 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-07-25 21:21 . 2013-06-19 16:25 90968 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-07-25 21:20 . 2013-06-19 16:26 1048856 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-07-16 20:23 . 2013-06-20 14:38 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-07-16 20:23 . 2013-06-20 14:38 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-06-23 11:30 . 2010-11-21 03:27 300704 ------w- c:\windows\system32\MpSigStub.exe
2015-06-18 06:41 . 2015-04-12 16:48 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-06-18 06:41 . 2015-04-12 16:48 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-06-18 06:41 . 2015-04-12 16:48 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-06-15 13:04 . 2013-06-21 08:57 2574304 ----a-w- c:\programdata\Microsoft\VisualStudio\11.0\1033\ResourceCache.dll
2015-05-26 22:04 . 2013-06-19 15:05 140135120 ----a-w- c:\windows\system32\MRT.exe
2015-05-25 18:19 . 2015-07-07 18:52 113664 ----a-w- c:\windows\system32\sechost.dll
2015-05-25 18:01 . 2015-07-07 18:52 92160 ----a-w- c:\windows\SysWow64\sechost.dll
2015-05-25 18:01 . 2015-07-07 18:52 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30 151576 ----a-w- c:\users\Petr\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30 151576 ----a-w- c:\users\Petr\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30 151576 ----a-w- c:\users\Petr\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30 151576 ----a-w- c:\users\Petr\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30 151576 ----a-w- c:\users\Petr\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30 151576 ----a-w- c:\users\Petr\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30 151576 ----a-w- c:\users\Petr\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30 151576 ----a-w- c:\users\Petr\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2015-06-20 22012688]
"AccelerometerSysTrayApplet"="c:\program files\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.Exe" [2013-06-11 75584]
"f.lux"="c:\users\Petr\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-23 1017224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-06-17 288312]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-10-24 290688]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe" [2012-09-12 334240]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-06-13 5515496]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-29 636032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys;c:\windows\SYSNATIVE\Drivers\Sentinel64.sys [x]
R3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service;c:\windows\system32\Drivers\BtL2caScoIf.sys;c:\windows\SYSNATIVE\Drivers\BtL2caScoIf.sys [x]
R3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service;c:\windows\system32\Drivers\IvtUrbBtFlt.sys;c:\windows\SYSNATIVE\Drivers\IvtUrbBtFlt.sys [x]
R3 c2wts;Claims to Windows Token Service;c:\program files\Windows Identity Foundation\v3.5\c2wtshost.exe;c:\program files\Windows Identity Foundation\v3.5\c2wtshost.exe [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 ggflt;SOMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 ggsomc;SOMC USB Flash Driver;c:\windows\system32\DRIVERS\ggsomc.sys;c:\windows\SYSNATIVE\DRIVERS\ggsomc.sys [x]
R3 GPU-Z;GPU-Z;c:\users\Petr\AppData\Local\Temp\GPU-Z.sys;c:\users\Petr\AppData\Local\Temp\GPU-Z.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 libusb0;libusb-win32 - Kernel Driver 04/08/2011 1.2.4.0;c:\windows\system32\DRIVERS\libusb0.sys;c:\windows\SYSNATIVE\DRIVERS\libusb0.sys [x]
R3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe;c:\program files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 UsbAudio10;Audio-gd USB Device Driver(AVSTREAM);c:\windows\system32\drivers\ViaUsbAudio.sys;c:\windows\SYSNATIVE\drivers\ViaUsbAudio.sys [x]
R3 VsEtwService120;Visual Studio ETW Event Collection Service;c:\program files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe;c:\program files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;Podpora skenování WSD přes UMB;c:\windows\system32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x]
R4 NIApplicationWebServer64;NI Application Web Server (64-bit);c:\program files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe;c:\program files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [x]
R4 RsFx0201;RsFx0201 Driver;c:\windows\system32\DRIVERS\RsFx0201.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0201.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmpfd.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 ngvss;ngvss; [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys;c:\windows\SYSNATIVE\drivers\vsock.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys;c:\windows\SYSNATIVE\drivers\aksdf.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys;c:\windows\SYSNATIVE\drivers\dokan.sys [x]
S2 DokanMounter;DokanMounter;c:\program files (x86)\Paragon Software\Paragon ExtFS for Windows\Dokan\DokanLibrary\mounter.exe;c:\program files (x86)\Paragon Software\Paragon ExtFS for Windows\Dokan\DokanLibrary\mounter.exe [x]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [x]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]
S2 Ext2Fsd;Ext2 File System;c:\windows\system32\Drivers\Ext2Fsd.sys;c:\windows\SYSNATIVE\Drivers\Ext2Fsd.sys [x]
S2 hasplms;Sentinel LDK License Manager;c:\windows\system32\hasplms.exe -run;c:\windows\SYSNATIVE\hasplms.exe -run [x]
S2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 iocbios2;iocbios2;c:\program files (x86)\Intel\Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys;c:\program files (x86)\Intel\Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 NIApplicationWebServer;NI Application Web Server;c:\program files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe;c:\program files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [x]
S2 nimDNSResponder;National Instruments mDNS Responder Service;c:\program files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe;c:\program files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [x]
S2 ParagonLDM;ParagonLDM;c:\windows\system32\drivers\biont_bs.sys;c:\windows\SYSNATIVE\drivers\biont_bs.sys [x]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
S2 XTU3SERVICE;Intel(R) Extreme Tuning Utility Service;c:\program files (x86)\Intel\Extreme Tuning Utility\XtuService.exe;c:\program files (x86)\Intel\Extreme Tuning Utility\XtuService.exe [x]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
S3 BtAudioBusSrv;Ralink Bluetooth Audio Bus Service;c:\windows\system32\Drivers\BtAudioBus.sys;c:\windows\SYSNATIVE\Drivers\BtAudioBus.sys [x]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 rtbth;RTBTH Bluetooth Device Driver;c:\windows\system32\DRIVERS\rtbth.sys;c:\windows\SYSNATIVE\DRIVERS\rtbth.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-07-25 18:16 995144 ----a-w- c:\program files (x86)\Google\Chrome\Application\44.0.2403.107\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-07-19 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3068799367-1245275925-3185582627-1000Core.job
- c:\users\Petr\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-24 10:43]
.
2015-07-19 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3068799367-1245275925-3185582627-1000UA.job
- c:\users\Petr\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-24 10:43]
.
2015-07-19 c:\windows\Tasks\HPCeeScheduleForPetr.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30 184856 ----a-w- c:\users\Petr\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30 184856 ----a-w- c:\users\Petr\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30 184856 ----a-w- c:\users\Petr\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30 184856 ----a-w- c:\users\Petr\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30 184856 ----a-w- c:\users\Petr\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30 184856 ----a-w- c:\users\Petr\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30 184856 ----a-w- c:\users\Petr\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30 184856 ----a-w- c:\users\Petr\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-06-13 20:31 722400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-06-20 11:48 774984 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-06-20 11:48 774984 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2015-06-20 11:48 774984 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-06-20 11:48 774984 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-06-20 11:48 774984 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-26 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-26 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-26 439064]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-11-12 1664000]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/?clid=13415
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 195.178.88.66
TCP: Interfaces\{3095CDBF-813B-498F-9934-1FD9DBD3F01A}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
TCP: Interfaces\{7E6A6E78-D9FD-4E4A-AB36-41ECD558E531}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
FF - ProfilePath - c:\users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\rt2ob5hs.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.domovska-stranka.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG17.00.00.01PROFESSIONAL"="EBB3387F203B23EEA29F90B0B580B5A8DEFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA9C6AECB7A5D14078EDD5E5BE2F6E667FEBC9E127BECC74CC038D530D6EB3452E0AB031BFA96263E26194E8490115F12352C37CA19F420DA521F6F2DB0C56291DC71A21AC88D63F630B990539C8D05E99DBE3374ADC5428F72667EC25146B0CB0C6DA84C51D5950B827802D919E7025A5DF1652FF1DC8C50D42EAC99D61710C1B371BD534F677E51B437A831DE334341F7D149A70188B52092D08C143DE59E3E9DC432653F67C4785D4929840CB516D0FADD011DB9CCD4D5471A592843915CD99420F44C62B4F27F9C7250138466AF0E730C4DE5415FE51B914B6DDCEDAC2F06EA321D66BE5E77BB12F00B2FECF427D1734397E77BA9CA6F94994CD206FEE086731D65281CA9A555E5736EC1AF42F5CB13DEECA0174BC6277A2F99B897841EF188762A15870FB1CA409AAFC4FA647E7C6CB0FA20009782E5EB281E5471EC7AB485486FC7543BB76BCD00AAC7C12482BA1EFA970BEB9389A99B14467FA91B68904C91D870940E365CC22DDDEE397E2AAE4B76B998D0FA4E3FBA7A24A797A6C3964143B1CEA41D0E1752A2EB6FDA2700D819CF7C16E8BB25C981D26CCCD6DBC7AE4C43E73C1E3087E737D11C976780730834A5A1E4367844BF2C0B7786C6B91896DAEC0D20E5C34C6F2FA259C35DA65863490D0C75F807C8EC7A82437B8D73B85D5C8BD6F89E0969A17CEEB2E8076667658C8D43543AF234EF2F116F6A13719265C6651F5BB1E353C8E2085A0E6BC139D9B4A3F31C437AE93B12FCC0A482CE7467122CE36C4D6CDF012E2FA74E596CCEE4FA3F6D7BA590B3947005A00E4C5A0FEFBB0D47656270493BAA1B965863510C7A9F442439B2D9BB9718591D22A418F7DCC2240F1525EE2D3CAAF844EF608EB6E4E30BAF2C813394B3DC9E656C0440A8E4AD05A4DE109E0F1C0365F46E69F47CC28FDECCC16EAAB0AB176FCF0FA53DFD8C84B317B75EE5D4480D740EBA5D09E905EB00597918816A9522D7533F0B30B9B1532C182A9362C881292E1CD7DC86F4F049235A66612F7C5B5D580F45F76B8104AB5C7C54F3E399DCB60C4CD750597422F8EFF8B2F1DD093EAD67C180F3F5DE0721A43E6A876FD9439A7DF361DFA222845381FE1B346D134F796C52DFCB0C3E124D5C7DB01C3E00F0C0E50830FA399FDAB0E95E6D586E83F4AC45C8E90F9DF1D04CCDF88044BBE5F5951C2414D326EEBAF02BA8105028A66A37C2D13812CDAF433F35194BD208CA388AEA07EFDFA6780D773E18FA54162DBF0CAABEF7EC730FBDCAC6E61063F94FEF1511133BD9AD8611A98F87B85F64AAD5A43584E87C9B8F6717281068CF97FBAAAF435080BEDE49D7F27EF5EB30F718647A103B61E08411"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
c:\windows\system32\hasplms.exe
c:\windows\SysWOW64\lkads.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
c:\program files (x86)\National Instruments\Shared\Security\nidmsrv.exe
c:\program files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
c:\windows\SysWOW64\vmnat.exe
c:\windows\SysWOW64\lkcitdl.exe
c:\windows\SysWOW64\lktsrv.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\VMware\VMware Player\vmware-authd.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
.
**************************************************************************
.
Celkový čas: 2015-07-26 14:19:50 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-07-26 12:19
.
Před spuštěním: Volných bajtů: 410 774 077 440
Po spuštění: Volných bajtů: 410 687 365 120
.
- - End Of File - - 7681EF12DF7304945C584ABD1A71D525
A36C5E4F47E84449FF07ED3517B43A31
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119675
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Neodstranitelný malware

#12 Příspěvek od Rudy »

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
KillAll::

File::
c:\windows\system32\drivers\aswB947.tmp
c:\windows\system32\drivers\aswB31E.tmp
c:\windows\system32\drivers\aswAEBA.tmp
c:\windows\system32\drivers\aswA99B.tmp
c:\windows\system32\drivers\aswA4F8.tmp
c:\windows\system32\drivers\aswA065.tmp
c:\windows\system32\drivers\asw99EE.tmp
c:\windows\system32\drivers\asw7F4C.tmp

Regnull::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Reboot::
Uložte bna plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Lemmy11
Návštěvník
Návštěvník
Příspěvky: 8
Registrován: 25 črc 2015 12:54

Re: Neodstranitelný malware

#13 Příspěvek od Lemmy11 »

Provedeno - Malwarebytes stále detekuje to samé, ale je to v kategorii Potenciálně nebezpečný program, takže to může být jenom špatná detekce. Přikládám výpis z ComboFixu. Netuším co se mu nelíbilo na souboru test.txt, který obsahoval jenom pár číselných hodnot.



ComboFix 15-07-23.01 - Petr 26.07.2015 17:24:16.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.8073.5905 [GMT 2:00]
Spuštěný z: c:\users\Petr\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Petr\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\drivers\asw7F4C.tmp"
"c:\windows\system32\drivers\asw99EE.tmp"
"c:\windows\system32\drivers\aswA065.tmp"
"c:\windows\system32\drivers\aswA4F8.tmp"
"c:\windows\system32\drivers\aswA99B.tmp"
"c:\windows\system32\drivers\aswAEBA.tmp"
"c:\windows\system32\drivers\aswB31E.tmp"
"c:\windows\system32\drivers\aswB947.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
C:\test.txt
c:\windows\system32\drivers\asw7F4C.tmp
c:\windows\system32\drivers\asw99EE.tmp
c:\windows\system32\drivers\aswA065.tmp
c:\windows\system32\drivers\aswA4F8.tmp
c:\windows\system32\drivers\aswA99B.tmp
c:\windows\system32\drivers\aswAEBA.tmp
c:\windows\system32\drivers\aswB31E.tmp
c:\windows\system32\drivers\aswB947.tmp
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-06-26 do 2015-07-26 )))))))))))))))))))))))))))))))
.
.
2015-07-26 15:36 . 2015-07-26 15:36 -------- d-----w- c:\users\MSSQL$SQLEXPRESS\AppData\Local\temp
2015-07-26 15:36 . 2015-07-26 15:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-07-26 11:52 . 2015-07-26 11:52 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{468A8A41-5454-49DB-8EF4-AF5CCD65AD6D}\offreg.3940.dll
2015-07-25 21:21 . 2015-07-25 21:20 115152 ----a-w- c:\windows\system32\drivers\ngvss.sys
2015-07-25 21:21 . 2015-07-25 21:21 378880 ----a-w- c:\windows\system32\aswBoot.exe
2015-07-25 21:20 . 2015-07-25 21:20 43112 ----a-w- c:\windows\avastSS.scr
2015-07-25 21:02 . 2015-07-25 21:02 -------- d-----w- C:\_OTM
2015-07-25 18:06 . 2015-07-25 18:21 -------- d-----w- C:\AdwCleaner
2015-07-25 11:11 . 2015-07-25 21:15 -------- d-----w- c:\program files\trend micro
2015-07-25 11:11 . 2015-07-25 11:12 -------- d-----w- C:\rsit
2015-07-23 08:24 . 2015-07-23 08:24 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{468A8A41-5454-49DB-8EF4-AF5CCD65AD6D}\offreg.4440.dll
2015-07-23 08:17 . 2015-07-15 01:12 12222168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{468A8A41-5454-49DB-8EF4-AF5CCD65AD6D}\mpengine.dll
2015-07-17 15:13 . 2015-07-17 15:13 -------- d-----w- c:\program files (x86)\Paragon Software
2015-07-17 15:07 . 2015-06-09 21:03 787576 ----a-w- c:\windows\system32\drivers\ext2fsd.sys
2015-07-17 15:07 . 2015-07-17 15:07 -------- d-----w- c:\program files\Ext2Fsd
2015-07-17 13:09 . 2015-07-17 13:09 -------- d-----w- c:\program files (x86)\Microsoft IoT
2015-07-17 13:08 . 2015-07-17 13:08 -------- d-----w- c:\program files (x86)\DiskInternals
2015-07-09 10:34 . 2015-07-09 10:34 -------- d-----w- c:\users\Petr\AppData\Local\GWX
2015-07-08 17:40 . 2015-07-08 17:40 -------- d-----w- c:\program files (x86)\FreeCommander XE
2015-07-08 17:40 . 2015-07-08 17:40 -------- d-----w- c:\users\Petr\AppData\Local\FreeCommanderXE
2015-07-07 20:44 . 2015-07-07 20:44 -------- d-s---w- c:\windows\SysWow64\GWX
2015-07-07 20:44 . 2015-07-07 20:56 -------- d-s---w- c:\windows\system32\GWX
2015-07-07 19:03 . 2015-05-01 13:17 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-07-07 19:03 . 2015-05-01 13:16 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-07-07 19:00 . 2015-07-07 19:00 -------- d-----w- c:\program files\Microsoft Silverlight
2015-07-07 19:00 . 2015-07-07 19:00 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2015-07-07 18:55 . 2015-02-03 03:30 842240 ----a-w- c:\windows\system32\blackbox.dll
2015-07-07 18:55 . 2015-02-03 03:12 744960 ----a-w- c:\windows\SysWow64\blackbox.dll
2015-07-07 18:55 . 2015-02-03 03:30 1202176 ----a-w- c:\windows\system32\drmv2clt.dll
2015-07-07 18:55 . 2015-02-03 03:12 988160 ----a-w- c:\windows\SysWow64\drmv2clt.dll
2015-07-07 18:55 . 2015-02-03 03:31 782848 ----a-w- c:\windows\system32\wmdrmsdk.dll
2015-07-07 18:55 . 2015-02-03 03:12 617984 ----a-w- c:\windows\SysWow64\wmdrmsdk.dll
2015-07-07 18:55 . 2015-02-03 03:12 3209728 ----a-w- c:\windows\SysWow64\mf.dll
2015-07-07 18:53 . 2015-05-23 03:15 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2015-07-07 18:52 . 2015-05-25 18:19 342016 ----a-w- c:\windows\system32\schannel.dll
2015-07-07 18:50 . 2014-12-19 03:06 210432 ----a-w- c:\windows\system32\profsvc.dll
2015-07-07 18:50 . 2015-05-25 17:08 3206144 ----a-w- c:\windows\system32\win32k.sys
2015-07-07 18:50 . 2015-02-18 07:06 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2015-07-07 18:50 . 2015-02-18 07:04 142336 ----a-w- c:\windows\system32\poqexec.exe
2015-07-07 18:48 . 2015-04-20 03:17 1647104 ----a-w- c:\windows\system32\DWrite.dll
2015-07-07 18:47 . 2014-11-26 03:53 861696 ----a-w- c:\windows\system32\oleaut32.dll
2015-07-07 18:47 . 2014-11-26 03:32 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2015-07-07 18:47 . 2015-03-05 05:12 404480 ----a-w- c:\windows\system32\gdi32.dll
2015-07-07 18:47 . 2015-03-05 04:05 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2015-07-07 18:47 . 2015-04-13 03:28 328704 ----a-w- c:\windows\system32\services.exe
2015-07-07 18:47 . 2015-04-11 03:19 69888 ----a-w- c:\windows\system32\drivers\stream.sys
2015-07-07 18:37 . 2015-03-04 04:41 6656 ----a-w- c:\windows\system32\shimeng.dll
2015-07-07 18:37 . 2015-03-04 04:41 72192 ----a-w- c:\windows\system32\aelupsvc.dll
2015-07-07 18:37 . 2015-03-04 04:41 342016 ----a-w- c:\windows\system32\apphelp.dll
2015-07-07 18:37 . 2015-03-04 04:41 23552 ----a-w- c:\windows\system32\sdbinst.exe
2015-07-07 18:37 . 2015-03-04 04:11 5120 ----a-w- c:\windows\SysWow64\shimeng.dll
2015-07-07 18:37 . 2015-03-04 04:10 295936 ----a-w- c:\windows\SysWow64\apphelp.dll
2015-07-07 18:37 . 2015-03-04 04:10 20992 ----a-w- c:\windows\SysWow64\sdbinst.exe
2015-07-07 18:36 . 2015-03-04 04:55 367552 ----a-w- c:\windows\system32\clfs.sys
2015-07-07 18:36 . 2015-03-04 04:41 79360 ----a-w- c:\windows\system32\clfsw32.dll
2015-07-07 18:36 . 2015-03-04 04:10 58880 ----a-w- c:\windows\SysWow64\clfsw32.dll
2015-07-07 18:35 . 2015-02-03 03:31 1424896 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-07-07 18:35 . 2015-02-03 03:12 1230848 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2015-07-07 18:35 . 2014-12-08 03:09 406528 ----a-w- c:\windows\system32\scesrv.dll
2015-07-07 18:35 . 2014-12-08 02:46 308224 ----a-w- c:\windows\SysWow64\scesrv.dll
2015-07-07 18:35 . 2015-07-07 18:34 320424 ----a-w- c:\windows\system32\javaws.exe
2015-07-07 18:34 . 2015-07-07 18:34 189864 ----a-w- c:\windows\system32\javaw.exe
2015-07-07 18:34 . 2015-07-07 18:34 189864 ----a-w- c:\windows\system32\java.exe
2015-07-07 18:32 . 2015-07-07 18:34 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2015-07-07 18:28 . 2015-02-04 03:16 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2015-07-07 18:28 . 2015-02-04 02:54 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2015-07-02 16:03 . 2015-07-02 16:03 -------- d-----w- c:\program files (x86)\VIA
2015-07-02 16:03 . 2009-07-14 07:40 504320 ------w- c:\windows\difxapi.dll
2015-07-02 15:55 . 2015-01-21 11:57 110896 ----a-w- c:\windows\system32\drivers\ViaUsbAudio.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-26 15:38 . 2015-04-12 16:49 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-07-25 21:21 . 2013-12-28 21:43 150160 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-07-25 21:21 . 2014-05-04 14:09 28656 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-07-25 21:21 . 2013-06-19 16:26 447944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-07-25 21:21 . 2013-06-19 16:26 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-07-25 21:21 . 2013-06-19 16:26 274808 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-07-25 21:21 . 2013-06-19 16:25 65224 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-07-25 21:21 . 2013-06-19 16:25 90968 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-07-25 21:20 . 2013-06-19 16:26 1048856 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-07-16 20:23 . 2013-06-20 14:38 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-07-16 20:23 . 2013-06-20 14:38 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-06-23 11:30 . 2010-11-21 03:27 300704 ------w- c:\windows\system32\MpSigStub.exe
2015-06-18 06:41 . 2015-04-12 16:48 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-06-18 06:41 . 2015-04-12 16:48 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-06-18 06:41 . 2015-04-12 16:48 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-06-15 13:04 . 2013-06-21 08:57 2574304 ----a-w- c:\programdata\Microsoft\VisualStudio\11.0\1033\ResourceCache.dll
2015-05-26 22:04 . 2013-06-19 15:05 140135120 ----a-w- c:\windows\system32\MRT.exe
2015-05-25 18:19 . 2015-07-07 18:52 113664 ----a-w- c:\windows\system32\sechost.dll
2015-05-25 18:01 . 2015-07-07 18:52 92160 ----a-w- c:\windows\SysWow64\sechost.dll
2015-05-25 18:01 . 2015-07-07 18:52 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30 151576 ----a-w- c:\users\Petr\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30 151576 ----a-w- c:\users\Petr\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30 151576 ----a-w- c:\users\Petr\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30 151576 ----a-w- c:\users\Petr\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30 151576 ----a-w- c:\users\Petr\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30 151576 ----a-w- c:\users\Petr\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30 151576 ----a-w- c:\users\Petr\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30 151576 ----a-w- c:\users\Petr\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2015-06-20 22012688]
"AccelerometerSysTrayApplet"="c:\program files\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.Exe" [2013-06-11 75584]
"f.lux"="c:\users\Petr\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-23 1017224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-06-17 288312]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-10-24 290688]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe" [2012-09-12 334240]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-06-13 5515496]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-29 636032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys;c:\windows\SYSNATIVE\Drivers\Sentinel64.sys [x]
R3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service;c:\windows\system32\Drivers\BtL2caScoIf.sys;c:\windows\SYSNATIVE\Drivers\BtL2caScoIf.sys [x]
R3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service;c:\windows\system32\Drivers\IvtUrbBtFlt.sys;c:\windows\SYSNATIVE\Drivers\IvtUrbBtFlt.sys [x]
R3 c2wts;Claims to Windows Token Service;c:\program files\Windows Identity Foundation\v3.5\c2wtshost.exe;c:\program files\Windows Identity Foundation\v3.5\c2wtshost.exe [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 ggflt;SOMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 ggsomc;SOMC USB Flash Driver;c:\windows\system32\DRIVERS\ggsomc.sys;c:\windows\SYSNATIVE\DRIVERS\ggsomc.sys [x]
R3 GPU-Z;GPU-Z;c:\users\Petr\AppData\Local\Temp\GPU-Z.sys;c:\users\Petr\AppData\Local\Temp\GPU-Z.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 libusb0;libusb-win32 - Kernel Driver 04/08/2011 1.2.4.0;c:\windows\system32\DRIVERS\libusb0.sys;c:\windows\SYSNATIVE\DRIVERS\libusb0.sys [x]
R3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe;c:\program files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 VsEtwService120;Visual Studio ETW Event Collection Service;c:\program files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe;c:\program files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;Podpora skenování WSD přes UMB;c:\windows\system32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x]
R4 NIApplicationWebServer64;NI Application Web Server (64-bit);c:\program files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe;c:\program files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [x]
R4 RsFx0201;RsFx0201 Driver;c:\windows\system32\DRIVERS\RsFx0201.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0201.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmpfd.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 ngvss;ngvss; [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys;c:\windows\SYSNATIVE\drivers\vsock.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys;c:\windows\SYSNATIVE\drivers\aksdf.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys;c:\windows\SYSNATIVE\drivers\dokan.sys [x]
S2 DokanMounter;DokanMounter;c:\program files (x86)\Paragon Software\Paragon ExtFS for Windows\Dokan\DokanLibrary\mounter.exe;c:\program files (x86)\Paragon Software\Paragon ExtFS for Windows\Dokan\DokanLibrary\mounter.exe [x]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [x]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]
S2 Ext2Fsd;Ext2 File System;c:\windows\system32\Drivers\Ext2Fsd.sys;c:\windows\SYSNATIVE\Drivers\Ext2Fsd.sys [x]
S2 hasplms;Sentinel LDK License Manager;c:\windows\system32\hasplms.exe -run;c:\windows\SYSNATIVE\hasplms.exe -run [x]
S2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 iocbios2;iocbios2;c:\program files (x86)\Intel\Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys;c:\program files (x86)\Intel\Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 NIApplicationWebServer;NI Application Web Server;c:\program files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe;c:\program files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [x]
S2 nimDNSResponder;National Instruments mDNS Responder Service;c:\program files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe;c:\program files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [x]
S2 ParagonLDM;ParagonLDM;c:\windows\system32\drivers\biont_bs.sys;c:\windows\SYSNATIVE\drivers\biont_bs.sys [x]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
S2 XTU3SERVICE;Intel(R) Extreme Tuning Utility Service;c:\program files (x86)\Intel\Extreme Tuning Utility\XtuService.exe;c:\program files (x86)\Intel\Extreme Tuning Utility\XtuService.exe [x]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
S3 BtAudioBusSrv;Ralink Bluetooth Audio Bus Service;c:\windows\system32\Drivers\BtAudioBus.sys;c:\windows\SYSNATIVE\Drivers\BtAudioBus.sys [x]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 rtbth;RTBTH Bluetooth Device Driver;c:\windows\system32\DRIVERS\rtbth.sys;c:\windows\SYSNATIVE\DRIVERS\rtbth.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 UsbAudio10;Audio-gd USB Device Driver(AVSTREAM);c:\windows\system32\drivers\ViaUsbAudio.sys;c:\windows\SYSNATIVE\drivers\ViaUsbAudio.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-07-25 18:16 995144 ----a-w- c:\program files (x86)\Google\Chrome\Application\44.0.2403.107\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-07-19 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3068799367-1245275925-3185582627-1000Core.job
- c:\users\Petr\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-24 10:43]
.
2015-07-19 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3068799367-1245275925-3185582627-1000UA.job
- c:\users\Petr\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-24 10:43]
.
2015-07-19 c:\windows\Tasks\HPCeeScheduleForPetr.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30 184856 ----a-w- c:\users\Petr\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30 184856 ----a-w- c:\users\Petr\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30 184856 ----a-w- c:\users\Petr\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30 184856 ----a-w- c:\users\Petr\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30 184856 ----a-w- c:\users\Petr\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30 184856 ----a-w- c:\users\Petr\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30 184856 ----a-w- c:\users\Petr\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30 184856 ----a-w- c:\users\Petr\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-06-13 20:31 722400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-06-20 11:48 774984 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-06-20 11:48 774984 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2015-06-20 11:48 774984 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-06-20 11:48 774984 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-06-20 11:48 774984 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-26 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-26 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-26 439064]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-11-12 1664000]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/?clid=13415
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 195.178.88.66
TCP: Interfaces\{3095CDBF-813B-498F-9934-1FD9DBD3F01A}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
TCP: Interfaces\{7E6A6E78-D9FD-4E4A-AB36-41ECD558E531}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
FF - ProfilePath - c:\users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\rt2ob5hs.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.domovska-stranka.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG17.00.00.01PROFESSIONAL"="EBB3387F203B23EEA29F90B0B580B5A8DEFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA9C6AECB7A5D14078EDD5E5BE2F6E667FEBC9E127BECC74CC038D530D6EB3452E0AB031BFA96263E26194E8490115F12352C37CA19F420DA521F6F2DB0C56291DC71A21AC88D63F630B990539C8D05E99DBE3374ADC5428F72667EC25146B0CB0C6DA84C51D5950B827802D919E7025A5DF1652FF1DC8C50D42EAC99D61710C1B371BD534F677E51B437A831DE334341F7D149A70188B52092D08C143DE59E3E9DC432653F67C4785D4929840CB516D0FADD011DB9CCD4D5471A592843915CD99420F44C62B4F27F9C7250138466AF0E730C4DE5415FE51B914B6DDCEDAC2F06EA321D66BE5E77BB12F00B2FECF427D1734397E77BA9CA6F94994CD206FEE086731D65281CA9A555E5736EC1AF42F5CB13DEECA0174BC6277A2F99B897841EF188762A15870FB1CA409AAFC4FA647E7C6CB0FA20009782E5EB281E5471EC7AB485486FC7543BB76BCD00AAC7C12482BA1EFA970BEB9389A99B14467FA91B68904C91D870940E365CC22DDDEE397E2AAE4B76B998D0FA4E3FBA7A24A797A6C3964143B1CEA41D0E1752A2EB6FDA2700D819CF7C16E8BB25C981D26CCCD6DBC7AE4C43E73C1E3087E737D11C976780730834A5A1E4367844BF2C0B7786C6B91896DAEC0D20E5C34C6F2FA259C35DA65863490D0C75F807C8EC7A82437B8D73B85D5C8BD6F89E0969A17CEEB2E8076667658C8D43543AF234EF2F116F6A13719265C6651F5BB1E353C8E2085A0E6BC139D9B4A3F31C437AE93B12FCC0A482CE7467122CE36C4D6CDF012E2FA74E596CCEE4FA3F6D7BA590B3947005A00E4C5A0FEFBB0D47656270493BAA1B965863510C7A9F442439B2D9BB9718591D22A418F7DCC2240F1525EE2D3CAAF844EF608EB6E4E30BAF2C813394B3DC9E656C0440A8E4AD05A4DE109E0F1C0365F46E69F47CC28FDECCC16EAAB0AB176FCF0FA53DFD8C84B317B75EE5D4480D740EBA5D09E905EB00597918816A9522D7533F0B30B9B1532C182A9362C881292E1CD7DC86F4F049235A66612F7C5B5D580F45F76B8104AB5C7C54F3E399DCB60C4CD750597422F8EFF8B2F1DD093EAD67C180F3F5DE0721A43E6A876FD9439A7DF361DFA222845381FE1B346D134F796C52DFCB0C3E124D5C7DB01C3E00F0C0E50830FA399FDAB0E95E6D586E83F4AC45C8E90F9DF1D04CCDF88044BBE5F5951C2414D326EEBAF02BA8105028A66A37C2D13812CDAF433F35194BD208CA388AEA07EFDFA6780D773E18FA54162DBF0CAABEF7EC730FBDCAC6E61063F94FEF1511133BD9AD8611A98F87B85F64AAD5A43584E87C9B8F6717281068CF97FBAAAF435080BEDE49D7F27EF5EB30F718647A103B61E08411"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
c:\windows\system32\hasplms.exe
c:\windows\SysWOW64\lkads.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
c:\program files (x86)\National Instruments\Shared\Security\nidmsrv.exe
c:\program files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
c:\windows\SysWOW64\vmnat.exe
c:\windows\SysWOW64\lkcitdl.exe
c:\windows\SysWOW64\lktsrv.exe
c:\program files (x86)\VMware\VMware Player\vmware-authd.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
.
**************************************************************************
.
Celkový čas: 2015-07-26 17:53:15 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-07-26 15:53
ComboFix2.txt 2015-07-26 12:19
.
Před spuštěním: Volných bajtů: 410 779 389 952
Po spuštění: Volných bajtů: 410 707 976 192
.
- - End Of File - - 21D07ADEDF6B197AC71E0669F3C8CAE4
A36C5E4F47E84449FF07ED3517B43A31
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119675
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Neodstranitelný malware

#14 Příspěvek od Rudy »

Smazáno. CF přejmenujte na uninstall a spusťte. CF se odinstaluje. PC by měl být čistý.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Lemmy11
Návštěvník
Návštěvník
Příspěvky: 8
Registrován: 25 črc 2015 12:54

Re: Neodstranitelný malware

#15 Příspěvek od Lemmy11 »

Beru to tedy jako planý poplach.
Děkuji za pomoc.
Nahoru
Zamčeno

Zpět na „Řešení problémů, logy“