Preventivní kontrola

[JAnMAcko]

Děkuji za kontrolu

Logfile of random's system information tool 1.10 (written by random/random)
Run by Jan at 2015-08-27 13:25:09
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 45 GB (19%) free of 237 GB
Total RAM: 3957 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:25:14, on 27.8.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17937)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
C:\windows\SysWOW64\RunDll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe
C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
C:\Program Files (x86)\FastShare\FastShare.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\trend micro\Jan.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSStp] C:\windows\inf\msstp.vbe
O4 - HKLM\..\Run: [Avira Systray] C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [NextLive] C:\windows\SysWOW64\rundll32.exe ",EntryPoint -m l
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\windows\system32\install\server.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-442157560-71985194-424515763-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-442157560-71985194-424515763-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: PokerStars.eu - {07BA1DA9-F501-4796-8728-74D1B91A6CD5} - C:\Program Files (x86)\PokerStars.EU\PokerStarsUpdate.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Service Host (Avira.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.11.149\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - CyberLink - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Samsung UPD Service - Unknown owner - C:\windows\System32\SUPDSvc.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11712 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
winlogon.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe 5271344
\??\C:\windows\system32\conhost.exe "-1322699576-1702028692-1456490067-1318679852-309911614-1631245350877750626-21884026
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\windows\system32\nvvsvc.exe -session -first
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"
C:\windows\System32\svchost.exe -k utcsvc
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\SysWOW64\PnkBstrA.exe
"C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"taskhost.exe"
taskeng.exe {13E5BF29-CD90-4430-B8B1-23CDCEB67E60}
"C:\windows\system32\Dwm.exe"
C:\windows\Explorer.EXE
WLIDSvcM.exe 2072
"C:\windows\system32\GWX\GWX.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Elantech\ETDCtrl.exe"
"C:\Windows\WindowsMobile\wmdcBase.exe"
taskeng.exe {6A2288CB-3417-4E14-865A-077E374CFCC4}
"C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\srspremiumpanel_64.exe" /h
"C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe"
"C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe" hide
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe"
"C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe"
"C:\windows\SysWOW64\RunDll32.exe" "C:\Program Files\WIDCOMM\Bluetooth Software\SysWOW64\BtMmHook.dll",SetAndWaitBtMmHook
"C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe" -Embedding
C:\windows\system32\SearchIndexer.exe /Embedding
C:\windows\system32\svchost.exe -k WindowsMobile
"C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe"
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\servicing\TrustedInstaller.exe
"C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe"
"C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe"
"C:\Program Files\Elantech\ETDCtrlHelper.exe"
"C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe"
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
C:\windows\System32\alg.exe
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe" /DisableUI
"C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
"C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files\Windows Media Player\wmprph.exe" -Embedding
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k SDRSVC
"taskhost.exe"
C:\windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\FastShare\FastShare.exe"
"C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe"
"C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe"
"C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe" avshadowcontrol0_00001e4c
"C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min /NOSPLASH /SETUPSTART
"C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe" -auto -scheduled
"C:\Program Files\CyberLink\Shared files\RichVideo64.exe"
"C:\windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe123_ Global\UsGthrCtrlFltPipeMssGthrPipe123 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\windows\system32\SearchFilterHost.exe" 0 512 516 524 65536 520

"C:\Users\Jan\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\windows\tasks\Adobe Flash Player Updater.job - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\windows\tasks\DriverToolkit Autorun.job - C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe --autorun
C:\windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\windows\tasks\MagniPicUpdaterTask{0C825ACD-4020-435C-BF5C-5AD88B946948}.job - C:\ProgramData\Premium\MagniPic\MagniPic.exe /schedule /profile "C:\ProgramData\Premium\MagniPic\profile.ini"

=========Mozilla firefox=========

ProfilePath - C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\x0r7v2po.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 18.0.0.232 Plugin
"Path"=C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.45.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.45.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 18.0.0.232 Plugin
"Path"=C:\windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=11.45.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=11.45.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

C:\Program Files (x86)\Mozilla Firefox\components\
nsIBitCometAgent.xpt

C:\Program Files (x86)\Mozilla Firefox\plugins\
npBitCometAgent.dll
nppdf32.dll

C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\x0r7v2po.default\extensions\
{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}

C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\x0r7v2po.default\searchplugins\
ask-search.xml.bak
default-search.xml.bak

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-07-09 551520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-07-09 212576]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-07-09 460384]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-07-09 172640]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-12-01 11660904]
"ETDCtrl"=C:\Program Files\Elantech\ETDCtrl.exe [2012-04-25 2817872]
"Windows Mobile-based device management"=C:\windows\WindowsMobile\wmdcBase.exe [2007-05-31 660360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2012-04-11 3672384]
"AdobeBridge"= []
"NextLive"=C:\windows\SysWOW64\rundll32.exe [2009-07-14 44544]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2015-07-28 53655680]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Policies"=C:\windows\system32\install\server.exe []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
"avgnt"=C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2015-08-26 782008]
"NeroFilterCheck"=C:\windows\system32\NeroCheck.exe []
"MSStp"=C:\windows\inf\msstp.vbe [2014-03-05 1584]
"Avira Systray"=C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [2015-07-02 134368]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-04-30 334896]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"vidc.tscc"=C:\windows\SysWOW64\tsccvid64.dll
"vidc.tsc2"=C:\windows\SysWOW64\tsc2_codec64.dll
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux1"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"aux2"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"vidc.pDAD"=prodad-codec.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2015-08-27 13:25:09 ----D---- C:\rsit
2015-08-27 12:17:57 ----D---- C:\ProgramData\SmartSound Software Inc
2015-08-27 12:17:56 ----D---- C:\ProgramData\eSellerate
2015-08-27 12:17:56 ----D---- C:\Program Files (x86)\SmartSound Software
2015-08-27 11:49:02 ----D---- C:\Users\Jan\AppData\Roaming\Titler
2015-08-27 11:28:00 ----D---- C:\Users\Jan\AppData\Roaming\proDAD
2015-08-27 11:27:59 ----A---- C:\windows\system32\prodad-codec.dll
2015-08-27 11:27:57 ----D---- C:\ProgramData\proDAD
2015-08-27 11:27:57 ----A---- C:\windows\system32\proDAD-PA-Support.dll
2015-08-27 11:27:56 ----D---- C:\Program Files\proDAD
2015-08-27 11:26:02 ----D---- C:\Program Files\Common Files\NewBlue
2015-08-27 11:25:43 ----D---- C:\Program Files\NewBlue
2015-08-27 11:25:30 ----D---- C:\Program Files (x86)\NewBlue
2015-08-27 11:25:18 ----D---- C:\Program Files (x86)\NSIS Uninstall Information
2015-08-27 11:19:13 ----D---- C:\Program Files\CyberLink
2015-08-27 11:15:41 ----D---- C:\ProgramData\SUPPORTDIR
2015-08-27 11:15:41 ----D---- C:\ProgramData\install_clap
2015-08-20 15:00:14 ----A---- C:\windows\system32\mshtml.dll
2015-08-20 15:00:11 ----A---- C:\windows\SYSWOW64\mshtml.dll
2015-08-19 21:32:15 ----D---- C:\ProgramData\MAGIX
2015-08-19 21:30:36 ----A---- C:\windows\SYSWOW64\GDIPFONTCACHEV1.DAT
2015-08-19 21:30:03 ----D---- C:\Users\Jan\AppData\Roaming\Opera Software
2015-08-19 21:29:41 ----D---- C:\ProgramData\simplitec
2015-08-19 21:29:39 ----A---- C:\windows\SYSWOW64\DLLDEV32i.dll
2015-08-19 21:28:38 ----D---- C:\Program Files (x86)\Opera
2015-08-19 21:24:22 ----D---- C:\Program Files (x86)\FormatFactory
2015-08-17 17:25:46 ----A---- C:\windows\SYSWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-17 17:25:46 ----A---- C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-17 17:23:08 ----D---- C:\Program Files (x86)\Mozilla Firefox
2015-08-16 13:51:41 ----A---- C:\windows\SYSWOW64\iernonce.dll
2015-08-16 13:51:41 ----A---- C:\windows\SYSWOW64\ieetwproxystub.dll
2015-08-16 13:51:41 ----A---- C:\windows\system32\iertutil.dll
2015-08-16 13:51:40 ----A---- C:\windows\SYSWOW64\mshtmled.dll
2015-08-16 13:51:40 ----A---- C:\windows\system32\ieetwproxystub.dll
2015-08-16 13:51:40 ----A---- C:\windows\system32\ieetwcollector.exe
2015-08-16 13:51:39 ----A---- C:\windows\SYSWOW64\iertutil.dll
2015-08-16 13:51:38 ----A---- C:\windows\SYSWOW64\urlmon.dll
2015-08-16 13:51:38 ----A---- C:\windows\SYSWOW64\iedkcs32.dll
2015-08-16 13:51:38 ----A---- C:\windows\system32\iernonce.dll
2015-08-16 13:51:38 ----A---- C:\windows\system32\ie4uinit.exe
2015-08-16 13:51:37 ----A---- C:\windows\SYSWOW64\vbscript.dll
2015-08-16 13:51:37 ----A---- C:\windows\SYSWOW64\msfeeds.dll
2015-08-16 13:51:37 ----A---- C:\windows\SYSWOW64\JavaScriptCollectionAgent.dll
2015-08-16 13:51:37 ----A---- C:\windows\SYSWOW64\dxtrans.dll
2015-08-16 13:51:37 ----A---- C:\windows\system32\JavaScriptCollectionAgent.dll
2015-08-16 13:51:35 ----A---- C:\windows\SYSWOW64\jscript.dll
2015-08-16 13:51:35 ----A---- C:\windows\SYSWOW64\iesetup.dll
2015-08-16 13:51:35 ----A---- C:\windows\SYSWOW64\ieapfltr.dll
2015-08-16 13:51:35 ----A---- C:\windows\system32\urlmon.dll
2015-08-16 13:51:35 ----A---- C:\windows\system32\ieetwcollectorres.dll
2015-08-16 13:51:35 ----A---- C:\windows\system32\iedkcs32.dll
2015-08-16 13:51:34 ----A---- C:\windows\SYSWOW64\jsproxy.dll
2015-08-16 13:51:34 ----A---- C:\windows\SYSWOW64\jscript9diag.dll
2015-08-16 13:51:34 ----A---- C:\windows\SYSWOW64\ieUnatt.exe
2015-08-16 13:51:34 ----A---- C:\windows\SYSWOW64\ieui.dll
2015-08-16 13:51:34 ----A---- C:\windows\SYSWOW64\ieframe.dll
2015-08-16 13:51:34 ----A---- C:\windows\SYSWOW64\dxtmsft.dll
2015-08-16 13:51:34 ----A---- C:\windows\system32\MsSpellCheckingFacility.exe
2015-08-16 13:51:34 ----A---- C:\windows\system32\msfeeds.dll
2015-08-16 13:51:34 ----A---- C:\windows\system32\dxtrans.dll
2015-08-16 13:51:33 ----A---- C:\windows\system32\iesetup.dll
2015-08-16 13:51:33 ----A---- C:\windows\system32\ieapfltr.dll
2015-08-16 13:51:31 ----A---- C:\windows\SYSWOW64\wininet.dll
2015-08-16 13:51:31 ----A---- C:\windows\SYSWOW64\mshtmlmedia.dll
2015-08-16 13:51:31 ----A---- C:\windows\SYSWOW64\jscript9.dll
2015-08-16 13:51:31 ----A---- C:\windows\system32\vbscript.dll
2015-08-16 13:51:31 ----A---- C:\windows\system32\jsproxy.dll
2015-08-16 13:51:31 ----A---- C:\windows\system32\ieUnatt.exe
2015-08-16 13:51:30 ----A---- C:\windows\SYSWOW64\msrating.dll
2015-08-16 13:51:30 ----A---- C:\windows\SYSWOW64\MshtmlDac.dll
2015-08-16 13:51:30 ----A---- C:\windows\system32\ieui.dll
2015-08-16 13:51:30 ----A---- C:\windows\system32\ieframe.dll
2015-08-16 13:51:30 ----A---- C:\windows\system32\dxtmsft.dll
2015-08-16 13:51:29 ----A---- C:\windows\system32\mshtmlmedia.dll
2015-08-16 13:51:29 ----A---- C:\windows\system32\mshtmled.dll
2015-08-16 13:51:28 ----A---- C:\windows\system32\wininet.dll
2015-08-16 13:51:28 ----A---- C:\windows\system32\jscript9diag.dll
2015-08-16 13:51:28 ----A---- C:\windows\system32\jscript9.dll
2015-08-16 13:51:28 ----A---- C:\windows\system32\jscript.dll
2015-08-16 13:51:27 ----A---- C:\windows\system32\MshtmlDac.dll
2015-08-16 13:51:26 ----A---- C:\windows\system32\msrating.dll
2015-08-16 13:50:01 ----A---- C:\windows\system32\generaltel.dll
2015-08-16 13:50:01 ----A---- C:\windows\system32\devinv.dll
2015-08-16 13:50:00 ----A---- C:\windows\system32\invagent.dll
2015-08-16 13:50:00 ----A---- C:\windows\system32\appraiser.dll
2015-08-16 13:50:00 ----A---- C:\windows\system32\aeinv.dll
2015-08-16 13:50:00 ----A---- C:\windows\system32\acmigration.dll
2015-08-16 13:49:55 ----A---- C:\windows\system32\aepdu.dll
2015-08-16 13:49:53 ----A---- C:\windows\system32\CompatTelRunner.exe
2015-08-16 13:48:13 ----A---- C:\windows\system32\ntoskrnl.exe
2015-08-16 13:48:13 ----A---- C:\windows\system32\ntdll.dll
2015-08-16 13:48:12 ----A---- C:\windows\SYSWOW64\ntoskrnl.exe
2015-08-16 13:48:12 ----A---- C:\windows\system32\kernel32.dll
2015-08-16 13:48:11 ----A---- C:\windows\SYSWOW64\ntkrnlpa.exe
2015-08-16 13:48:11 ----A---- C:\windows\SYSWOW64\ntdll.dll
2015-08-16 13:48:11 ----A---- C:\windows\system32\sysmain.dll
2015-08-16 13:48:10 ----A---- C:\windows\SYSWOW64\kernel32.dll
2015-08-16 13:48:10 ----A---- C:\windows\system32\lsasrv.dll
2015-08-16 13:48:10 ----A---- C:\windows\system32\KernelBase.dll
2015-08-16 13:48:10 ----A---- C:\windows\system32\drivers\mountmgr.sys
2015-08-16 13:48:09 ----A---- C:\windows\SYSWOW64\kerberos.dll
2015-08-16 13:48:09 ----A---- C:\windows\system32\wow64.dll
2015-08-16 13:48:09 ----A---- C:\windows\system32\winsrv.dll
2015-08-16 13:48:09 ----A---- C:\windows\system32\srcore.dll
2015-08-16 13:48:09 ----A---- C:\windows\system32\rstrui.exe
2015-08-16 13:48:09 ----A---- C:\windows\system32\rpcrt4.dll
2015-08-16 13:48:09 ----A---- C:\windows\system32\kerberos.dll
2015-08-16 13:48:09 ----A---- C:\windows\system32\conhost.exe
2015-08-16 13:48:08 ----A---- C:\windows\SYSWOW64\wdigest.dll
2015-08-16 13:48:08 ----A---- C:\windows\SYSWOW64\schannel.dll
2015-08-16 13:48:08 ----A---- C:\windows\SYSWOW64\ncrypt.dll
2015-08-16 13:48:08 ----A---- C:\windows\SYSWOW64\msv1_0.dll
2015-08-16 13:48:08 ----A---- C:\windows\system32\wdigest.dll
2015-08-16 13:48:08 ----A---- C:\windows\system32\TSpkg.dll
2015-08-16 13:48:08 ----A---- C:\windows\system32\sspicli.dll
2015-08-16 13:48:08 ----A---- C:\windows\system32\smss.exe
2015-08-16 13:48:08 ----A---- C:\windows\system32\schannel.dll
2015-08-16 13:48:08 ----A---- C:\windows\system32\ncrypt.dll
2015-08-16 13:48:08 ----A---- C:\windows\system32\msv1_0.dll
2015-08-16 13:48:08 ----A---- C:\windows\system32\drivers\ksecpkg.sys
2015-08-16 13:48:08 ----A---- C:\windows\system32\drivers\ksecdd.sys
2015-08-16 13:48:08 ----A---- C:\windows\system32\csrsrv.dll
2015-08-16 13:48:07 ----A---- C:\windows\SYSWOW64\TSpkg.dll
2015-08-16 13:48:07 ----A---- C:\windows\SYSWOW64\srclient.dll
2015-08-16 13:48:07 ----A---- C:\windows\SYSWOW64\setup16.exe
2015-08-16 13:48:07 ----A---- C:\windows\SYSWOW64\ntvdm64.dll
2015-08-16 13:48:07 ----A---- C:\windows\SYSWOW64\KernelBase.dll
2015-08-16 13:48:07 ----A---- C:\windows\SYSWOW64\cryptbase.dll
2015-08-16 13:48:07 ----A---- C:\windows\SYSWOW64\auditpol.exe
2015-08-16 13:48:07 ----A---- C:\windows\system32\srclient.dll
2015-08-16 13:48:07 ----A---- C:\windows\system32\secur32.dll
2015-08-16 13:48:07 ----A---- C:\windows\system32\ntvdm64.dll
2015-08-16 13:48:07 ----A---- C:\windows\system32\msmmsp.dll
2015-08-16 13:48:07 ----A---- C:\windows\system32\lsass.exe
2015-08-16 13:48:07 ----A---- C:\windows\system32\cryptbase.dll
2015-08-16 13:48:07 ----A---- C:\windows\system32\auditpol.exe
2015-08-16 13:48:06 ----A---- C:\windows\SYSWOW64\secur32.dll
2015-08-16 13:48:06 ----A---- C:\windows\SYSWOW64\rpcrt4.dll
2015-08-16 13:48:06 ----A---- C:\windows\SYSWOW64\credssp.dll
2015-08-16 13:48:06 ----A---- C:\windows\system32\wow64win.dll
2015-08-16 13:48:06 ----A---- C:\windows\system32\wow64cpu.dll
2015-08-16 13:48:06 ----A---- C:\windows\system32\sspisrv.dll
2015-08-16 13:48:06 ----A---- C:\windows\system32\credssp.dll
2015-08-16 13:48:05 ----AH---- C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-16 13:48:05 ----AH---- C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-16 13:48:05 ----A---- C:\windows\SYSWOW64\wow32.dll
2015-08-16 13:48:05 ----A---- C:\windows\SYSWOW64\sspicli.dll
2015-08-16 13:48:05 ----A---- C:\windows\system32\drivers\mrxsmb20.sys
2015-08-16 13:48:05 ----A---- C:\windows\system32\drivers\mrxsmb10.sys
2015-08-16 13:48:05 ----A---- C:\windows\system32\drivers\mrxsmb.sys
2015-08-16 13:48:04 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-16 13:48:04 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-08-16 13:48:04 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-16 13:48:04 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-16 13:48:04 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-08-16 13:48:04 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-16 13:48:04 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2015-08-16 13:48:04 ----AH---- C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-08-16 13:48:04 ----AH---- C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-08-16 13:48:04 ----AH---- C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-16 13:48:04 ----AH---- C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-08-16 13:48:04 ----AH---- C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-16 13:48:04 ----AH---- C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-16 13:48:04 ----AH---- C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-08-16 13:48:04 ----AH---- C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-08-16 13:48:04 ----AH---- C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-16 13:48:04 ----AH---- C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-08-16 13:48:04 ----AH---- C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-08-16 13:48:03 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-16 13:48:03 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-16 13:48:03 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-08-16 13:48:03 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-16 13:48:03 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-08-16 13:48:03 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-16 13:48:03 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2015-08-16 13:48:03 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-16 13:48:03 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-08-16 13:48:03 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-08-16 13:48:03 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-08-16 13:48:03 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-16 13:48:03 ----AH---- C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-08-16 13:48:03 ----AH---- C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-08-16 13:48:03 ----AH---- C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-16 13:48:03 ----AH---- C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-08-16 13:48:03 ----AH---- C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-16 13:48:03 ----AH---- C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-08-16 13:48:03 ----AH---- C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-16 13:48:03 ----AH---- C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-08-16 13:48:03 ----AH---- C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-08-16 13:48:03 ----AH---- C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-16 13:48:02 ----AH---- C:\windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2015-08-16 13:48:02 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-08-16 13:48:02 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2015-08-16 13:48:02 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2015-08-16 13:48:02 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-08-16 13:48:02 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-08-16 13:48:02 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-08-16 13:48:02 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-08-16 13:48:02 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2015-08-16 13:48:02 ----AH---- C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-08-16 13:48:02 ----AH---- C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-08-16 13:48:02 ----AH---- C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-08-16 13:48:02 ----AH---- C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-08-16 13:48:02 ----AH---- C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-08-16 13:48:02 ----A---- C:\windows\SYSWOW64\user.exe
2015-08-16 13:48:02 ----A---- C:\windows\SYSWOW64\instnm.exe
2015-08-16 13:48:02 ----A---- C:\windows\SYSWOW64\apisetschema.dll
2015-08-16 13:48:02 ----A---- C:\windows\SYSWOW64\adtschema.dll
2015-08-16 13:48:02 ----A---- C:\windows\system32\apisetschema.dll
2015-08-16 13:48:02 ----A---- C:\windows\system32\adtschema.dll
2015-08-16 13:48:01 ----A---- C:\windows\SYSWOW64\msobjs.dll
2015-08-16 13:48:01 ----A---- C:\windows\SYSWOW64\msaudite.dll
2015-08-16 13:48:01 ----A---- C:\windows\system32\msobjs.dll
2015-08-16 13:48:01 ----A---- C:\windows\system32\msaudite.dll
2015-08-16 13:47:34 ----A---- C:\windows\SYSWOW64\mstscax.dll
2015-08-16 13:47:34 ----A---- C:\windows\system32\mstscax.dll
2015-08-16 13:47:33 ----A---- C:\windows\SYSWOW64\tsgqec.dll
2015-08-16 13:47:33 ----A---- C:\windows\SYSWOW64\aaclient.dll
2015-08-16 13:47:33 ----A---- C:\windows\system32\tsgqec.dll
2015-08-16 13:47:33 ----A---- C:\windows\system32\aaclient.dll
2015-08-16 13:47:00 ----A---- C:\windows\system32\basesrv.dll
2015-08-16 13:41:20 ----A---- C:\windows\SYSWOW64\WebClnt.dll
2015-08-16 13:41:20 ----A---- C:\windows\SYSWOW64\davclnt.dll
2015-08-16 13:41:20 ----A---- C:\windows\system32\WebClnt.dll
2015-08-16 13:41:20 ----A---- C:\windows\system32\davclnt.dll
2015-08-16 13:41:17 ----A---- C:\windows\SYSWOW64\msxml6.dll
2015-08-16 13:41:17 ----A---- C:\windows\SYSWOW64\msxml3.dll
2015-08-16 13:41:17 ----A---- C:\windows\system32\msxml6.dll
2015-08-16 13:41:17 ----A---- C:\windows\system32\msxml3.dll
2015-08-16 13:41:16 ----A---- C:\windows\SYSWOW64\msxml6r.dll
2015-08-16 13:41:16 ----A---- C:\windows\SYSWOW64\msxml3r.dll
2015-08-16 13:41:16 ----A---- C:\windows\system32\msxml6r.dll
2015-08-16 13:41:16 ----A---- C:\windows\system32\msxml3r.dll
2015-08-16 13:41:14 ----A---- C:\windows\SYSWOW64\DWrite.dll
2015-08-16 13:41:14 ----A---- C:\windows\system32\FntCache.dll
2015-08-16 13:41:14 ----A---- C:\windows\system32\DWrite.dll
2015-08-16 13:41:13 ----A---- C:\windows\system32\win32k.sys
2015-08-16 13:41:13 ----A---- C:\windows\system32\atmfd.dll
2015-08-16 13:41:12 ----A---- C:\windows\SYSWOW64\atmfd.dll
2015-08-16 13:41:09 ----A---- C:\windows\system32\lpk.dll
2015-08-16 13:41:09 ----A---- C:\windows\system32\d3d10warp.dll
2015-08-16 13:41:08 ----A---- C:\windows\SYSWOW64\fontsub.dll
2015-08-16 13:41:08 ----A---- C:\windows\SYSWOW64\dciman32.dll
2015-08-16 13:41:08 ----A---- C:\windows\SYSWOW64\d3d10warp.dll
2015-08-16 13:41:08 ----A---- C:\windows\SYSWOW64\atmlib.dll
2015-08-16 13:41:08 ----A---- C:\windows\system32\fontsub.dll
2015-08-16 13:41:08 ----A---- C:\windows\system32\dciman32.dll
2015-08-16 13:41:08 ----A---- C:\windows\system32\atmlib.dll
2015-08-16 13:41:07 ----A---- C:\windows\SYSWOW64\lpk.dll
2015-08-16 13:40:51 ----A---- C:\windows\SYSWOW64\notepad.exe
2015-08-16 13:40:51 ----A---- C:\windows\system32\notepad.exe
2015-08-16 13:40:51 ----A---- C:\windows\notepad.exe
2015-08-16 13:40:41 ----A---- C:\windows\system32\shell32.dll
2015-08-16 13:40:34 ----A---- C:\windows\SYSWOW64\shell32.dll
2015-08-16 13:39:28 ----A---- C:\windows\system32\wucltux.dll
2015-08-16 13:39:28 ----A---- C:\windows\system32\wuaueng.dll
2015-08-16 13:39:27 ----A---- C:\windows\SYSWOW64\wuwebv.dll
2015-08-16 13:39:27 ----A---- C:\windows\SYSWOW64\wuapi.dll
2015-08-16 13:39:27 ----A---- C:\windows\system32\wuauclt.exe
2015-08-16 13:39:27 ----A---- C:\windows\system32\wuapi.dll
2015-08-16 13:39:26 ----A---- C:\windows\SYSWOW64\wups.dll
2015-08-16 13:39:26 ----A---- C:\windows\SYSWOW64\wudriver.dll
2015-08-16 13:39:26 ----A---- C:\windows\SYSWOW64\wuapp.exe
2015-08-16 13:39:26 ----A---- C:\windows\system32\wuwebv.dll
2015-08-16 13:39:26 ----A---- C:\windows\system32\wups2.dll
2015-08-16 13:39:26 ----A---- C:\windows\system32\wups.dll
2015-08-16 13:39:26 ----A---- C:\windows\system32\wudriver.dll
2015-08-16 13:39:26 ----A---- C:\windows\system32\wuapp.exe
2015-08-16 13:39:26 ----A---- C:\windows\system32\wu.upgrade.ps.dll
2015-08-16 13:39:26 ----A---- C:\windows\system32\WinSetupUI.dll
2015-08-08 12:23:45 ----A---- C:\Users\Jan\AppData\Roaming\JANMAN-PC.MTBF.txt
2015-08-08 12:00:27 ----D---- C:\ProgramData\Pinnacle
2015-08-07 18:31:12 ----D---- C:\ProgramData\regid.1986-12.com.adobe
2015-08-07 18:25:15 ----N---- C:\windows\system32\drivers\PxHlpa64.sys
2015-08-07 18:25:15 ----N---- C:\windows\system32\drivers\cdralw2k.sys
2015-08-07 18:25:15 ----N---- C:\windows\system32\drivers\cdr4_xp.sys
2015-08-06 21:11:06 ----D---- C:\Users\Jan\AppData\Roaming\Sony Creative Software Inc
2015-08-06 20:03:25 ----D---- C:\Program Files (x86)\Sony
2015-08-06 20:03:24 ----D---- C:\Program Files\Sony
2015-08-03 14:31:58 ----D---- C:\Program Files\McAfee Security Scan

======List of files/folders modified in the last 1 month======

2015-08-27 13:25:14 ----D---- C:\windows\Temp
2015-08-27 13:25:11 ----D---- C:\Program Files\trend micro
2015-08-27 13:17:24 ----D---- C:\Users\Jan\AppData\Roaming\DAEMON Tools Lite
2015-08-27 13:17:16 ----D---- C:\windows\inf
2015-08-27 13:17:15 ----D---- C:\windows\debug
2015-08-27 13:17:15 ----D---- C:\Windows
2015-08-27 13:12:33 ----D---- C:\Program Files (x86)\FastShare
2015-08-27 13:10:10 ----D---- C:\windows\system32\Tasks
2015-08-27 13:10:04 ----D---- C:\ProgramData\Adobe
2015-08-27 13:07:49 ----D---- C:\Program Files\Common Files\Adobe
2015-08-27 13:06:53 ----RD---- C:\Program Files
2015-08-27 13:06:48 ----D---- C:\Program Files (x86)
2015-08-27 13:05:31 ----D---- C:\Program Files (x86)\Adobe
2015-08-27 13:05:10 ----D---- C:\windows\SysWOW64
2015-08-27 13:03:35 ----D---- C:\windows\System32
2015-08-27 12:52:09 ----SHD---- C:\windows\Installer
2015-08-27 12:52:09 ----SHD---- C:\Config.Msi
2015-08-27 12:50:04 ----D---- C:\Program Files (x86)\Common Files
2015-08-27 12:48:21 ----SHD---- C:\System Volume Information
2015-08-27 12:42:56 ----D---- C:\windows\Tasks
2015-08-27 12:42:01 ----D---- C:\ProgramData
2015-08-27 12:18:09 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2015-08-27 12:18:06 ----D---- C:\windows\winsxs
2015-08-27 12:08:39 ----D---- C:\Program Files (x86)\CyberLink
2015-08-27 12:08:27 ----D---- C:\ProgramData\Temp
2015-08-27 12:07:44 ----A---- C:\windows\system32\PerfStringBackup.INI
2015-08-27 11:54:49 ----D---- C:\ProgramData\CyberLink
2015-08-27 11:33:18 ----D---- C:\windows\Prefetch
2015-08-27 11:26:02 ----D---- C:\Program Files\Common Files
2015-08-27 11:18:44 ----D---- C:\ProgramData\Package Cache
2015-08-21 02:09:38 ----D---- C:\windows\rescache
2015-08-19 21:32:15 ----D---- C:\Users\Jan\AppData\Roaming\MAGIX
2015-08-19 21:29:39 ----RSD---- C:\windows\Fonts
2015-08-18 22:14:57 ----D---- C:\Users\Jan\AppData\Roaming\Skype
2015-08-18 22:13:50 ----A---- C:\windows\SYSWOW64\log.txt
2015-08-18 22:07:54 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-17 23:36:09 ----D---- C:\windows\Microsoft.NET
2015-08-17 23:30:10 ----RSD---- C:\windows\assembly
2015-08-17 22:17:41 ----D---- C:\windows\system32\config
2015-08-17 22:15:24 ----D---- C:\Program Files\Microsoft Silverlight
2015-08-17 22:15:23 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2015-08-17 22:12:10 ----SD---- C:\windows\system32\CompatTel
2015-08-17 22:12:09 ----D---- C:\windows\system32\appraiser
2015-08-17 22:12:08 ----D---- C:\windows\AppPatch
2015-08-17 22:12:04 ----D---- C:\windows\SYSWOW64\cs-CZ
2015-08-17 22:12:02 ----D---- C:\windows\system32\drivers\cs-CZ
2015-08-17 22:12:02 ----D---- C:\windows\system32\cs-CZ
2015-08-17 22:11:58 ----D---- C:\windows\system32\drivers
2015-08-17 22:11:50 ----D---- C:\Program Files\Internet Explorer
2015-08-17 22:11:48 ----D---- C:\windows\SYSWOW64\en-US
2015-08-17 22:11:46 ----D---- C:\windows\system32\en-US
2015-08-17 22:11:45 ----D---- C:\Program Files (x86)\Internet Explorer
2015-08-17 21:43:33 ----D---- C:\Users\Jan\AppData\Roaming\vlc
2015-08-17 17:27:48 ----D---- C:\ProgramData\Microsoft Help
2015-08-17 17:26:29 ----D---- C:\windows\system32\catroot2
2015-08-17 08:52:27 ----D---- C:\windows\system32\MRT
2015-08-17 08:40:30 ----A---- C:\windows\system32\MRT.exe
2015-08-17 08:40:06 ----D---- C:\windows\system32\catroot
2015-08-16 14:08:20 ----A---- C:\windows\SYSWOW64\FlashPlayerApp.exe
2015-08-16 12:35:49 ----D---- C:\ProgramData\Skype
2015-08-16 12:35:16 ----RD---- C:\Program Files (x86)\Skype
2015-08-08 12:15:44 ----D---- C:\windows\system32\DriverStore
2015-08-07 18:32:30 ----D---- C:\Users\Jan\AppData\Roaming\Adobe
2015-08-07 18:32:09 ----D---- C:\Users\Jan\AppData\Roaming\PACE Anti-Piracy
2015-08-07 18:32:09 ----D---- C:\ProgramData\PACE Anti-Piracy
2015-08-06 20:52:18 ----D---- C:\Users\Jan\AppData\Roaming\Sony
2015-08-04 15:41:41 ----SD---- C:\Users\Jan\AppData\Roaming\Microsoft
2015-08-03 14:31:57 ----D---- C:\ProgramData\McAfee Security Scan
2015-07-28 12:35:37 ----D---- C:\windows\SoftwareDistribution
2015-07-28 11:20:08 ----D---- C:\ProgramData\BtCrashDumps

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2010-04-27 540696]
R0 PxHlpa64;PxHlpa64; C:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 sptd;sptd; C:\windows\System32\Drivers\sptd.sys [2014-01-01 386680]
R1 avipbb;avipbb; C:\windows\system32\DRIVERS\avipbb.sys [2015-07-23 141416]
R1 avkmgr;avkmgr; C:\windows\system32\DRIVERS\avkmgr.sys [2013-12-10 28600]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-09-05 283200]
R1 SABI;SAMSUNG Kernel Driver For Windows 7; \??\C:\windows\system32\Drivers\SABI.sys [2010-10-07 13824]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2011-01-25 60416]
R2 avgntflt;avgntflt; C:\windows\system32\DRIVERS\avgntflt.sys [2015-07-23 162528]
R2 avnetflt;avnetflt; C:\windows\system32\DRIVERS\avnetflt.sys [2015-03-10 44088]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\windows\system32\DRIVERS\bcmwl664.sys [2011-07-05 4745280]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
R3 BTWAMPFL;btwampfl; C:\windows\system32\DRIVERS\btwampfl.sys [2013-11-17 598808]
R3 btwaudio;Bluetooth Audio Device Service; C:\windows\system32\drivers\btwaudio.sys [2013-11-17 184144]
R3 btwavdt;Bluetooth AVDT Service; C:\windows\system32\DRIVERS\btwavdt.sys [2013-11-17 210984]
R3 btwl2cap;Bluetooth L2CAP Service; C:\windows\system32\DRIVERS\btwl2cap.sys [2013-11-17 39976]
R3 btwrchid;btwrchid; C:\windows\system32\DRIVERS\btwrchid.sys [2013-11-17 21544]
R3 clwvd;CyberLink WebCam Virtual Driver; C:\windows\system32\DRIVERS\clwvd.sys [2010-11-10 31088]
R3 ETD;ELAN PS/2 Port Input Device; C:\windows\system32\DRIVERS\ETD.sys [2012-04-25 258896]
R3 HECIx64;Intel(R) Management Engine Interface; C:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RTKVHD64.sys [2010-12-01 2647528]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\windows\system32\drivers\nvhda64v.sys [2012-07-03 189288]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt64win7.sys [2010-11-25 409192]
R3 StillCam;Still Serial Digital Camera Driver; C:\windows\system32\DRIVERS\serscan.sys [2009-07-14 12288]
S0 TPkd;TPkd; C:\windows\system32\drivers\TPkd.sys []
S3 BTHPORT;Ovladač portu Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2009-06-10 6108416]
S3 Impcd;Impcd; C:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\windows\system32\drivers\ccdcmbx64.sys [2012-11-16 19968]
S3 pciide;pciide; C:\windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 TsUsbFlt;TsUsbFlt; C:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 usbscan;Ovladač skeneru USB; C:\windows\system32\drivers\usbscan.sys [2013-07-03 42496]
S3 usbser;USB Modem Driver; C:\windows\system32\drivers\usbser.sys [2010-11-21 32768]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys [2011-01-25 18432]
S3 WinUsb;Ovladač WinUsb; C:\windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-07-07 82128]
R2 AntiVirService;Avira Real-Time Protection; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2015-08-26 461672]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2015-08-26 461672]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2013-02-27 1008344]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\windows\System32\svchost.exe [2009-07-14 27136]
R2 Fabs;FABS - Helping agent for MAGIX media database; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-05-24 1840128]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-07-01 325656]
R2 nvsvc;NVIDIA Display Driver Service; C:\windows\system32\nvvsvc.exe [2012-08-30 891240]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-08-30 1258856]
R2 PnkBstrA;PnkBstrA; C:\windows\syswow64\PnkBstrA.exe [2013-02-27 76888]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\windows\system32\svchost.exe [2009-07-14 27136]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [2009-12-01 244904]
R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2014-04-01 614664]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-07-01 2533400]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\windows\system32\svchost.exe [2009-07-14 27136]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
S2 AntiVirMailService;Avira Mail Protection; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [2015-07-23 887128]
S2 Avira.ServiceHost;Avira Service Host; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [2015-07-02 218816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24 107912]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-06-25 327296]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-16 269000]
S3 aspnet_state;Stavová služba ASP.NET; C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-04-26 2702848]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24 107912]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\windows\system32\IEEtwCollector.exe [2015-07-16 114688]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.11.149\McCHSvc.exe [2015-06-26 289256]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-08-17 149160]
S3 NBService;NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-16 271920]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Samsung UPD Service;Samsung UPD Service; C:\windows\System32\SUPDSvc.exe [2010-08-09 166704]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2012-09-04 1255736]
S4 AntiVirWebService;Avira Web Protection; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [2015-08-26 1213072]
S4 NetMsmqActivator;@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetPipeActivator;@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetTcpActivator;@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

-----------------EOF-----------------

[Roli]

Zdravím, smaž nepotřebné soubory

pomocí CCleaneru

návod :

Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)

čištění registru je třeba několikrát zopakovat !

Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém


Přes Start >> Všechny programy >> Příslušenství >> Spustit >> napiš - services.msc >> Enter. Najdi službu :

NBService - Nero AG
NMIndexingService - Nero AG
NVIDIA Update Service Daemon
Cyberlink RichVideo Service(CRVS) (RichVideo)
Cyberlink RichVideo64 Service(CRVS) (RichVideo64)
Služba Google Update (gupdate)
Služba Google Update (gupdatem)

dvojklikem se otevře karta kde nejprve službu zastav tlačítkem Zastavit u položky Typ spouštění vyber Zakázáno a klik na OK.


V Knihovně Plánovače úloh zakaž Google Update bude to tam několikrát.


Stáhni a ulož na plochu AdwCleaner,

ukonči všechny programy včetně prohlížeče a dvojklikem jej spusť,

objeví se okno kde vlevo nahoře klikni na Scan.

Po dokončení skenu klikni na Clean,

proběhne restart PC kdy dojde ke smazání nepořádku.

Po té mi sem zkopíruj Report.


Stáhni a spusť OTMoveIt

do levého okna aplikace pod Paste Instructions for Items to be Moved zkopíruj tento text:

Kód: Vybrat vše

:processes
explorer.exe       

:files
C:\windows\inf\msstp.vbe

:reg
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"MSStp"=-

:commands
[purity]
[emptytemp]
[start explorer]

klikni na MoveIt! a v pravém zeleném okně aplikace se Ti objeví info o provedene akci, obsah okna zkopíruj sem,

pokud aplikace bude požadovat restart, klikni na YES

v tom případě sem zkopíruj obsah logu uloženého na C:\_OTMoveIt\MovedFiles\

[JAnMAcko]

report z adw

# AdwCleaner v5.004 - Logfile created 28/08/2015 at 08:26:19
# Updated 26/08/2015 by Xplode
# Database : 2015-08-25.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Jan - JANMAN-PC
# Running from : C:\Users\Jan\Desktop\adwcleaner_5.004.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\SiteLookup
[-] Folder Deleted : C:\Program Files (x86)\Smart Driver Updater
[-] Folder Deleted : C:\Program Files (x86)\PANDORA.TV
[-] Folder Deleted : C:\ProgramData\apn
[-] Folder Deleted : C:\ProgramData\simplitec
[-] Folder Deleted : C:\Users\Jan\AppData\Local\genienext
[-] Folder Deleted : C:\Users\Jan\AppData\Local\Mobogenie
[-] Folder Deleted : C:\Users\Jan\AppData\Local\PackageAware
[-] Folder Deleted : C:\Users\Jan\AppData\Local\DriverToolkit
[-] Folder Deleted : C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihhddmggpeikkghdagfkoijjhbghfngm
[-] Folder Deleted : C:\Users\Jan\AppData\Local\Temp\apn
[-] Folder Deleted : C:\Users\Jan\AppData\Roaming\GrabPro
[-] Folder Deleted : C:\Users\Jan\AppData\Roaming\newnext.me
[-] Folder Deleted : C:\Users\Jan\AppData\Roaming\OpenCandy
[-] Folder Deleted : C:\Users\Jan\AppData\Roaming\SimilarSites
[-] Folder Deleted : C:\Users\Jan\AppData\Roaming\ProgSense

***** [ Files ] *****

[-] File Deleted : C:\Users\Jan\daemonprocess.txt

***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCompress3.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioFormatSettings3.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
[-] Key Deleted : HKCU\Software\Mozilla\Extends
[-] Key Deleted : HKLM\SOFTWARE\0d79c293c1ed61418462e24595c90d04
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{F7BCCFD4-2FA6-477D-A1B0-EF7500B3C49E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6C9945B7-1D19-46CB-88C0-45A24DF6CD6E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{84B9B044-17C0-48FB-A300-C9747D5DF29C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key Deleted : HKU\.DEFAULT\Software\AskPartnerNetwork
[-] Key Deleted : HKCU\Software\APN PIP
[-] Key Deleted : HKCU\Software\IGearSettings
[-] Key Deleted : HKCU\Software\PrivitizeVPNInstallDates
[-] Key Deleted : HKCU\Software\Softonic
[-] Key Deleted : HKCU\Software\ProgSense
[-] Key Deleted : HKCU\Software\DriverToolkit
[-] Key Deleted : HKLM\SOFTWARE\APN PIP
[-] Key Deleted : HKLM\SOFTWARE\simplitec
[-] Key Deleted : HKLM\SOFTWARE\SmdmF
[-] Key Deleted : HKLM\SOFTWARE\webssearchesSoftware
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
[!] Key Not Deleted : [x64] HKCU\Software\APN PIP
[!] Key Not Deleted : [x64] HKCU\Software\IGearSettings
[!] Key Not Deleted : [x64] HKCU\Software\PrivitizeVPNInstallDates
[!] Key Not Deleted : [x64] HKCU\Software\Softonic
[!] Key Not Deleted : [x64] HKCU\Software\ProgSense
[!] Key Not Deleted : [x64] HKCU\Software\DriverToolkit
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494

***** [ Web browsers ] *****


*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5595 bytes] ##########

[JAnMAcko]

a zbytek z otm

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
C:\windows\inf\msstp.vbe moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\MSStp deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jan
->Temp folder emptied: 20264842 bytes
->Temporary Internet Files folder emptied: 1312364 bytes
->Java cache emptied: 741304 bytes
->FireFox cache emptied: 369955789 bytes
->Flash cache emptied: 59121 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 301056 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7832 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 23694708 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 397.00 mb


OTM by OldTimer - Version 3.1.21.0 log created on 08282015_083946

Files moved on Reboot...
C:\Users\Jan\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll moved successfully.
C:\Users\Jan\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Jan\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

Registry entries deleted on Reboot...

[Roli]

Znovu spusť OTMoveIt a nahoře v aplikaci klini na CleanUP!

tímto po sobě uklidí.


Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.


V případě nejasností je ZDE obrázkový návod.

[JAnMAcko]

ComboFix 15-08-27.01 - Jan 30.08.2015 15:25:43.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3957.2154 [GMT 2:00]
Spuštěný z: c:\users\Jan\Desktop\ComboFix.exe
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\0tbpw.pad
c:\users\Jan\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\windows\IsUn0405.exe
c:\windows\SysWow64\install
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-07-28 do 2015-08-30 )))))))))))))))))))))))))))))))
.
.
2015-08-30 13:49 . 2015-08-30 13:49 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5A6D540C-319F-41C2-A9F0-264660275924}\offreg.1272.dll
2015-08-28 06:23 . 2015-08-28 06:26 -------- d-----w- C:\AdwCleaner
2015-08-28 06:21 . 2015-07-31 09:21 11745192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5A6D540C-319F-41C2-A9F0-264660275924}\mpengine.dll
2015-08-27 10:17 . 2015-08-27 10:18 -------- d-----w- c:\programdata\SmartSound Software Inc
2015-08-27 10:17 . 2015-08-27 10:17 -------- d-----w- c:\programdata\eSellerate
2015-08-27 10:17 . 2015-08-27 10:17 -------- d-----w- c:\program files (x86)\SmartSound Software
2015-08-27 09:49 . 2015-08-27 09:49 -------- d-----w- c:\users\Jan\AppData\Roaming\Titler
2015-08-27 09:28 . 2015-08-27 09:28 -------- d-----w- c:\users\Jan\AppData\Roaming\proDAD
2015-08-27 09:27 . 2014-09-04 20:02 607256 ----a-w- c:\windows\system32\prodad-codec.dll
2015-08-27 09:27 . 2015-08-27 09:27 -------- d-----w- c:\programdata\proDAD
2015-08-27 09:27 . 2014-09-04 20:02 375832 ----a-w- c:\windows\system32\proDAD-PA-Support.dll
2015-08-27 09:27 . 2015-08-27 09:27 -------- d-----w- c:\program files\proDAD
2015-08-27 09:26 . 2015-08-27 09:26 -------- d-----w- c:\program files\Common Files\NewBlue
2015-08-27 09:25 . 2015-08-27 09:27 -------- d-----w- c:\program files\NewBlue
2015-08-27 09:25 . 2015-08-27 09:25 -------- d-----w- c:\program files (x86)\Common Files\NewBlue
2015-08-27 09:25 . 2015-08-27 09:27 -------- d-----w- c:\program files (x86)\NewBlue
2015-08-27 09:25 . 2015-08-27 09:32 -------- d-----w- c:\program files (x86)\NSIS Uninstall Information
2015-08-27 09:19 . 2015-08-27 09:26 -------- d-----w- c:\program files\CyberLink
2015-08-27 09:15 . 2015-08-27 10:19 -------- d-----w- c:\programdata\SUPPORTDIR
2015-08-27 09:15 . 2015-08-27 10:18 -------- d-----w- c:\programdata\install_clap
2015-08-20 13:00 . 2015-08-11 01:20 25191936 ----a-w- c:\windows\system32\mshtml.dll
2015-08-20 13:00 . 2015-08-11 01:14 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2015-08-20 13:00 . 2015-08-11 00:33 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2015-08-19 19:32 . 2015-08-19 19:32 -------- d-----w- c:\programdata\MAGIX
2015-08-19 19:30 . 2015-08-19 19:30 -------- d-----w- c:\users\Jan\AppData\Local\Opera Software
2015-08-19 19:30 . 2015-08-19 19:30 -------- d-----w- c:\users\Jan\AppData\Roaming\Opera Software
2015-08-19 19:29 . 2015-05-06 14:54 120200 ----a-w- c:\windows\SysWow64\DLLDEV32i.dll
2015-08-19 19:28 . 2015-08-27 10:48 -------- d-----w- c:\program files (x86)\Opera
2015-08-19 19:24 . 2015-08-19 19:24 -------- d-----w- c:\program files (x86)\FormatFactory
2015-08-17 15:25 . 2015-07-30 13:13 103120 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-08-17 15:25 . 2015-07-30 13:13 124624 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-16 11:50 . 2015-08-28 08:49 -------- d-----w- c:\users\Jan\AppData\Local\Windows Live
2015-08-16 11:50 . 2015-07-28 20:05 743424 ----a-w- c:\windows\system32\generaltel.dll
2015-08-16 11:50 . 2015-07-28 20:05 437760 ----a-w- c:\windows\system32\devinv.dll
2015-08-16 11:50 . 2015-07-28 20:05 774656 ----a-w- c:\windows\system32\invagent.dll
2015-08-16 11:50 . 2015-07-28 20:05 1116672 ----a-w- c:\windows\system32\appraiser.dll
2015-08-16 11:50 . 2015-07-28 20:05 69120 ----a-w- c:\windows\system32\acmigration.dll
2015-08-16 11:50 . 2015-07-28 19:55 1148416 ----a-w- c:\windows\system32\aeinv.dll
2015-08-16 11:49 . 2015-07-28 20:05 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-08-16 11:49 . 2015-07-28 20:09 17344 ----a-w- c:\windows\system32\CompatTelRunner.exe
2015-08-16 11:47 . 2015-07-10 17:51 3722752 ----a-w- c:\windows\system32\mstscax.dll
2015-08-16 11:47 . 2015-07-10 17:34 3221504 ----a-w- c:\windows\SysWow64\mstscax.dll
2015-08-16 11:47 . 2015-07-10 17:51 44032 ----a-w- c:\windows\system32\tsgqec.dll
2015-08-16 11:47 . 2015-07-10 17:51 158720 ----a-w- c:\windows\system32\aaclient.dll
2015-08-16 11:47 . 2015-07-10 17:34 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll
2015-08-16 11:47 . 2015-07-10 17:33 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
2015-08-16 11:47 . 2015-07-15 03:19 52736 ----a-w- c:\windows\system32\basesrv.dll
2015-08-16 11:40 . 2015-07-09 17:57 193536 ----a-w- c:\windows\system32\notepad.exe
2015-08-16 11:40 . 2015-07-09 17:57 193536 ----a-w- c:\windows\notepad.exe
2015-08-16 11:40 . 2015-07-09 17:42 179712 ----a-w- c:\windows\SysWow64\notepad.exe
2015-08-16 11:40 . 2015-07-10 17:51 14177280 ----a-w- c:\windows\system32\shell32.dll
2015-08-08 10:24 . 2015-08-18 20:22 -------- d-----w- c:\users\Jan\temp
2015-08-08 10:23 . 2015-08-18 20:19 -------- d-----w- c:\users\Jan\AppData\Local\Pinnacle
2015-08-08 10:00 . 2015-08-27 10:51 -------- d-----w- c:\programdata\Pinnacle
2015-08-07 16:31 . 2015-08-27 10:57 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2015-08-07 16:25 . 2015-08-07 16:25 -------- d-----w- c:\program files (x86)\Common Files\Sonic Shared
2015-08-07 16:25 . 2015-08-07 16:25 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2015-08-07 16:25 . 2011-11-03 01:01 56208 ------w- c:\windows\system32\drivers\PxHlpa64.sys
2015-08-07 16:25 . 2011-10-17 01:00 10224 ------w- c:\windows\system32\drivers\cdralw2k.sys
2015-08-07 16:25 . 2011-10-17 01:00 10224 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2015-08-06 19:11 . 2015-08-06 19:11 -------- d-----w- c:\users\Jan\AppData\Roaming\Sony Creative Software Inc
2015-08-06 18:03 . 2015-08-06 18:03 -------- d-----w- c:\program files (x86)\Sony
2015-08-06 18:03 . 2015-08-06 18:03 -------- d-----w- c:\program files\Sony
2015-08-03 12:31 . 2015-08-03 12:32 -------- d-----w- c:\program files\McAfee Security Scan
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-08-17 06:40 . 2012-10-10 16:49 132483416 ----a-w- c:\windows\system32\MRT.exe
2015-08-16 12:08 . 2012-09-03 12:39 778440 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-08-16 12:08 . 2012-09-03 12:39 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-23 17:25 . 2013-12-09 22:59 162528 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2015-07-23 17:25 . 2013-12-09 22:59 141416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2015-07-15 18:10 . 2015-08-16 11:48 342016 ----a-w- c:\windows\system32\schannel.dll
2015-07-15 17:55 . 2015-08-16 11:48 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-07-15 17:54 . 2015-08-16 11:48 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-07-09 11:44 . 2013-12-30 17:32 319584 ----a-w- c:\windows\system32\javaws.exe
2015-07-09 11:44 . 2013-12-30 17:32 206944 ----a-w- c:\windows\system32\javaw.exe
2015-07-09 11:44 . 2013-12-30 17:32 206432 ----a-w- c:\windows\system32\java.exe
2015-07-09 11:44 . 2013-12-30 17:32 110688 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2015-07-09 11:42 . 2015-07-09 11:46 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-07-04 18:07 . 2015-07-15 10:23 2087424 ----a-w- c:\windows\system32\ole32.dll
2015-07-04 17:48 . 2015-07-15 10:23 1414656 ----a-w- c:\windows\SysWow64\ole32.dll
2015-06-23 11:30 . 2010-11-21 03:27 300704 ------w- c:\windows\system32\MpSigStub.exe
2015-06-17 17:47 . 2015-07-15 10:38 404992 ----a-w- c:\windows\system32\gdi32.dll
2015-06-17 17:37 . 2015-07-15 10:38 312320 ----a-w- c:\windows\SysWow64\gdi32.dll
2015-06-16 23:01 . 2015-06-16 23:01 1202856 ----a-w- c:\windows\SysWow64\FM20.DLL
2015-06-15 21:50 . 2015-07-15 10:21 112064 ----a-w- c:\windows\system32\consent.exe
2015-06-15 21:45 . 2015-07-15 10:21 3242496 ----a-w- c:\windows\system32\msi.dll
2015-06-15 21:45 . 2015-07-15 10:21 504320 ----a-w- c:\windows\system32\msihnd.dll
2015-06-15 21:45 . 2015-07-15 10:21 1941504 ----a-w- c:\windows\system32\authui.dll
2015-06-15 21:45 . 2015-07-15 10:21 70656 ----a-w- c:\windows\system32\appinfo.dll
2015-06-15 21:44 . 2015-07-15 10:21 128000 ----a-w- c:\windows\system32\msiexec.exe
2015-06-15 21:43 . 2015-07-15 10:21 2364416 ----a-w- c:\windows\SysWow64\msi.dll
2015-06-15 21:43 . 2015-07-15 10:21 337408 ----a-w- c:\windows\SysWow64\msihnd.dll
2015-06-15 21:43 . 2015-07-15 10:21 1805824 ----a-w- c:\windows\SysWow64\authui.dll
2015-06-15 21:42 . 2015-07-15 10:21 73216 ----a-w- c:\windows\SysWow64\msiexec.exe
2015-06-15 21:42 . 2015-07-15 10:21 25088 ----a-w- c:\windows\system32\msimsg.dll
2015-06-15 21:37 . 2015-07-15 10:21 25088 ----a-w- c:\windows\SysWow64\msimsg.dll
2015-06-02 00:07 . 2015-07-15 10:47 254976 ----a-w- c:\windows\system32\cewmdm.dll
2015-06-01 23:47 . 2015-07-15 10:47 210432 ----a-w- c:\windows\SysWow64\cewmdm.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-11 3672384]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-07-28 53655680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2015-08-26 782008]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Avira Systray"="c:\program files (x86)\Avira\Launcher\Avira.Systray.exe" [2015-07-02 134368]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-04-30 334896]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2013-2-27 1395416]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.11.149\SSScheduler.exe [2015-6-26 330456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
R2 AntiVirMailService;Avira Mail Protection;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.11.149\McCHSvc.exe;c:\program files\McAfee Security Scan\3.11.149\McCHSvc.exe [x]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe;c:\windows\SYSNATIVE\SUPDSvc.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
R4 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe;c:\program files\CyberLink\Shared files\RichVideo64.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Avira.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2015-08-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-03 12:08]
.
2015-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-15 15:17]
.
2015-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-15 15:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-30 11660904]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 660360]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
uDefault_Search_URL = hxxp://go.microsoft.com
mDefault_Search_URL = hxxp://go.microsoft.com
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://go.microsoft.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{07BA1DA9-F501-4796-8728-74D1B91A6CD5} - c:\program files (x86)\PokerStars.EU\PokerStarsUpdate.exe
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\x0r7v2po.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM_Wow6432Node-ActiveSetup-{8V77DCLX-2H8P-LVKG-K567-R65UEGG248EU} - c:\windows\system32\install\server.exe
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-442157560-71985194-424515763-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-442157560-71985194-424515763-1001\Software\SecuROM\License information*]
"datasecu"=hex:01,30,4a,fb,08,53,ca,30,56,ac,20,47,3e,86,d1,8f,9d,8c,65,98,49,
7c,83,b8,38,d9,91,04,60,77,8c,08,ec,5f,af,25,59,bf,23,95,1f,4f,8e,a4,f1,53,\
"rkeysecu"=hex:ff,85,51,81,23,d8,5b,a2,4e,f4,71,5f,52,73,97,44
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_232_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_232_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_232_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_232_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.18"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
.
**************************************************************************
.
Celkový čas: 2015-08-30 16:31:31 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-08-30 14:31
.
Před spuštěním: Volných bajtů: 55 382 429 696
Po spuštění: Volných bajtů: 54 575 677 440
.
- - End Of File - - A7E4398BF9813F702618E094F5503101

[Roli]

Pokud jsi tak ještě neučinil, přesuň Combofix na plochu

otevři si Poznámkový blok

do něj zkopíruj skript z následujícího okna:

Kód: Vybrat vše

RegLock:: 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,

po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:



Po aplikaci na Tebe vypadne další log, zkopíruj ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,

v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci

[JAnMAcko]

ComboFix 15-08-27.01 - Jan 03.09.2015 21:07:26.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3957.2630 [GMT 2:00]
Spuštěný z: c:\users\Jan\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Jan\Desktop\CFScript.txt
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-08-03 do 2015-09-03 )))))))))))))))))))))))))))))))
.
.
2015-09-03 19:19 . 2015-09-03 19:19 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2015-09-03 19:19 . 2015-09-03 19:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-09-03 19:17 . 2015-09-03 19:17 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9DDA3B4B-8AEF-44D1-AFF1-CE441C01E4CC}\offreg.1272.dll
2015-09-01 16:32 . 2015-07-31 09:21 11745192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9DDA3B4B-8AEF-44D1-AFF1-CE441C01E4CC}\mpengine.dll
2015-08-28 06:23 . 2015-08-28 06:26 -------- d-----w- C:\AdwCleaner
2015-08-27 10:17 . 2015-08-27 10:18 -------- d-----w- c:\programdata\SmartSound Software Inc
2015-08-27 10:17 . 2015-08-27 10:17 -------- d-----w- c:\programdata\eSellerate
2015-08-27 10:17 . 2015-08-27 10:17 -------- d-----w- c:\program files (x86)\SmartSound Software
2015-08-27 09:49 . 2015-08-27 09:49 -------- d-----w- c:\users\Jan\AppData\Roaming\Titler
2015-08-27 09:28 . 2015-08-27 09:28 -------- d-----w- c:\users\Jan\AppData\Roaming\proDAD
2015-08-27 09:27 . 2014-09-04 20:02 607256 ----a-w- c:\windows\system32\prodad-codec.dll
2015-08-27 09:27 . 2015-08-27 09:27 -------- d-----w- c:\programdata\proDAD
2015-08-27 09:27 . 2014-09-04 20:02 375832 ----a-w- c:\windows\system32\proDAD-PA-Support.dll
2015-08-27 09:27 . 2015-08-27 09:27 -------- d-----w- c:\program files\proDAD
2015-08-27 09:26 . 2015-08-27 09:26 -------- d-----w- c:\program files\Common Files\NewBlue
2015-08-27 09:25 . 2015-08-27 09:27 -------- d-----w- c:\program files\NewBlue
2015-08-27 09:25 . 2015-08-27 09:25 -------- d-----w- c:\program files (x86)\Common Files\NewBlue
2015-08-27 09:25 . 2015-08-27 09:27 -------- d-----w- c:\program files (x86)\NewBlue
2015-08-27 09:25 . 2015-08-27 09:32 -------- d-----w- c:\program files (x86)\NSIS Uninstall Information
2015-08-27 09:19 . 2015-08-27 09:26 -------- d-----w- c:\program files\CyberLink
2015-08-27 09:15 . 2015-08-27 10:19 -------- d-----w- c:\programdata\SUPPORTDIR
2015-08-27 09:15 . 2015-08-27 10:18 -------- d-----w- c:\programdata\install_clap
2015-08-20 13:00 . 2015-08-11 01:20 25191936 ----a-w- c:\windows\system32\mshtml.dll
2015-08-20 13:00 . 2015-08-11 01:14 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2015-08-20 13:00 . 2015-08-11 00:33 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2015-08-19 19:32 . 2015-08-19 19:32 -------- d-----w- c:\programdata\MAGIX
2015-08-19 19:30 . 2015-08-19 19:30 -------- d-----w- c:\users\Jan\AppData\Local\Opera Software
2015-08-19 19:30 . 2015-08-19 19:30 -------- d-----w- c:\users\Jan\AppData\Roaming\Opera Software
2015-08-19 19:29 . 2015-05-06 14:54 120200 ----a-w- c:\windows\SysWow64\DLLDEV32i.dll
2015-08-19 19:28 . 2015-08-27 10:48 -------- d-----w- c:\program files (x86)\Opera
2015-08-19 19:24 . 2015-08-19 19:24 -------- d-----w- c:\program files (x86)\FormatFactory
2015-08-17 15:25 . 2015-07-30 13:13 103120 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-08-17 15:25 . 2015-07-30 13:13 124624 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-16 11:50 . 2015-08-28 08:49 -------- d-----w- c:\users\Jan\AppData\Local\Windows Live
2015-08-16 11:50 . 2015-07-28 20:05 743424 ----a-w- c:\windows\system32\generaltel.dll
2015-08-16 11:50 . 2015-07-28 20:05 437760 ----a-w- c:\windows\system32\devinv.dll
2015-08-16 11:50 . 2015-07-28 20:05 774656 ----a-w- c:\windows\system32\invagent.dll
2015-08-16 11:50 . 2015-07-28 20:05 1116672 ----a-w- c:\windows\system32\appraiser.dll
2015-08-16 11:50 . 2015-07-28 20:05 69120 ----a-w- c:\windows\system32\acmigration.dll
2015-08-16 11:50 . 2015-07-28 19:55 1148416 ----a-w- c:\windows\system32\aeinv.dll
2015-08-16 11:49 . 2015-07-28 20:05 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-08-16 11:49 . 2015-07-28 20:09 17344 ----a-w- c:\windows\system32\CompatTelRunner.exe
2015-08-16 11:47 . 2015-07-10 17:51 3722752 ----a-w- c:\windows\system32\mstscax.dll
2015-08-16 11:47 . 2015-07-10 17:34 3221504 ----a-w- c:\windows\SysWow64\mstscax.dll
2015-08-16 11:47 . 2015-07-10 17:51 44032 ----a-w- c:\windows\system32\tsgqec.dll
2015-08-16 11:47 . 2015-07-10 17:51 158720 ----a-w- c:\windows\system32\aaclient.dll
2015-08-16 11:47 . 2015-07-10 17:34 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll
2015-08-16 11:47 . 2015-07-10 17:33 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
2015-08-16 11:47 . 2015-07-15 03:19 52736 ----a-w- c:\windows\system32\basesrv.dll
2015-08-16 11:40 . 2015-07-09 17:57 193536 ----a-w- c:\windows\system32\notepad.exe
2015-08-16 11:40 . 2015-07-09 17:57 193536 ----a-w- c:\windows\notepad.exe
2015-08-16 11:40 . 2015-07-09 17:42 179712 ----a-w- c:\windows\SysWow64\notepad.exe
2015-08-16 11:40 . 2015-07-10 17:51 14177280 ----a-w- c:\windows\system32\shell32.dll
2015-08-08 10:24 . 2015-08-18 20:22 -------- d-----w- c:\users\Jan\temp
2015-08-08 10:23 . 2015-08-18 20:19 -------- d-----w- c:\users\Jan\AppData\Local\Pinnacle
2015-08-08 10:00 . 2015-08-27 10:51 -------- d-----w- c:\programdata\Pinnacle
2015-08-07 16:31 . 2015-08-27 10:57 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2015-08-07 16:25 . 2015-08-07 16:25 -------- d-----w- c:\program files (x86)\Common Files\Sonic Shared
2015-08-07 16:25 . 2015-08-07 16:25 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2015-08-07 16:25 . 2011-11-03 01:01 56208 ------w- c:\windows\system32\drivers\PxHlpa64.sys
2015-08-07 16:25 . 2011-10-17 01:00 10224 ------w- c:\windows\system32\drivers\cdralw2k.sys
2015-08-07 16:25 . 2011-10-17 01:00 10224 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2015-08-06 19:11 . 2015-08-06 19:11 -------- d-----w- c:\users\Jan\AppData\Roaming\Sony Creative Software Inc
2015-08-06 18:03 . 2015-08-06 18:03 -------- d-----w- c:\program files (x86)\Sony
2015-08-06 18:03 . 2015-08-06 18:03 -------- d-----w- c:\program files\Sony
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-08-17 06:40 . 2012-10-10 16:49 132483416 ----a-w- c:\windows\system32\MRT.exe
2015-08-16 12:08 . 2012-09-03 12:39 778440 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-08-16 12:08 . 2012-09-03 12:39 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-23 17:25 . 2013-12-09 22:59 162528 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2015-07-23 17:25 . 2013-12-09 22:59 141416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2015-07-15 18:10 . 2015-08-16 11:48 342016 ----a-w- c:\windows\system32\schannel.dll
2015-07-15 17:55 . 2015-08-16 11:48 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-07-15 17:54 . 2015-08-16 11:48 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-07-09 11:44 . 2013-12-30 17:32 319584 ----a-w- c:\windows\system32\javaws.exe
2015-07-09 11:44 . 2013-12-30 17:32 206944 ----a-w- c:\windows\system32\javaw.exe
2015-07-09 11:44 . 2013-12-30 17:32 206432 ----a-w- c:\windows\system32\java.exe
2015-07-09 11:44 . 2013-12-30 17:32 110688 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2015-07-09 11:42 . 2015-07-09 11:46 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-07-04 18:07 . 2015-07-15 10:23 2087424 ----a-w- c:\windows\system32\ole32.dll
2015-07-04 17:48 . 2015-07-15 10:23 1414656 ----a-w- c:\windows\SysWow64\ole32.dll
2015-06-23 11:30 . 2010-11-21 03:27 300704 ------w- c:\windows\system32\MpSigStub.exe
2015-06-17 17:47 . 2015-07-15 10:38 404992 ----a-w- c:\windows\system32\gdi32.dll
2015-06-17 17:37 . 2015-07-15 10:38 312320 ----a-w- c:\windows\SysWow64\gdi32.dll
2015-06-16 23:01 . 2015-06-16 23:01 1202856 ----a-w- c:\windows\SysWow64\FM20.DLL
2015-06-15 21:50 . 2015-07-15 10:21 112064 ----a-w- c:\windows\system32\consent.exe
2015-06-15 21:45 . 2015-07-15 10:21 3242496 ----a-w- c:\windows\system32\msi.dll
2015-06-15 21:45 . 2015-07-15 10:21 504320 ----a-w- c:\windows\system32\msihnd.dll
2015-06-15 21:45 . 2015-07-15 10:21 1941504 ----a-w- c:\windows\system32\authui.dll
2015-06-15 21:45 . 2015-07-15 10:21 70656 ----a-w- c:\windows\system32\appinfo.dll
2015-06-15 21:44 . 2015-07-15 10:21 128000 ----a-w- c:\windows\system32\msiexec.exe
2015-06-15 21:43 . 2015-07-15 10:21 2364416 ----a-w- c:\windows\SysWow64\msi.dll
2015-06-15 21:43 . 2015-07-15 10:21 337408 ----a-w- c:\windows\SysWow64\msihnd.dll
2015-06-15 21:43 . 2015-07-15 10:21 1805824 ----a-w- c:\windows\SysWow64\authui.dll
2015-06-15 21:42 . 2015-07-15 10:21 73216 ----a-w- c:\windows\SysWow64\msiexec.exe
2015-06-15 21:42 . 2015-07-15 10:21 25088 ----a-w- c:\windows\system32\msimsg.dll
2015-06-15 21:37 . 2015-07-15 10:21 25088 ----a-w- c:\windows\SysWow64\msimsg.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-11 3672384]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-07-28 53655680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2015-08-26 782008]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Avira Systray"="c:\program files (x86)\Avira\Launcher\Avira.Systray.exe" [2015-07-02 134368]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-04-30 334896]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2013-2-27 1395416]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.11.149\SSScheduler.exe [2015-6-26 330456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
R2 AntiVirMailService;Avira Mail Protection;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.11.149\McCHSvc.exe;c:\program files\McAfee Security Scan\3.11.149\McCHSvc.exe [x]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe;c:\windows\SYSNATIVE\SUPDSvc.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
R4 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe;c:\program files\CyberLink\Shared files\RichVideo64.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Avira.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2015-09-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-03 12:08]
.
2015-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-15 15:17]
.
2015-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-15 15:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-30 11660904]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 660360]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
uDefault_Search_URL = hxxp://go.microsoft.com
mDefault_Search_URL = hxxp://go.microsoft.com
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://go.microsoft.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{07BA1DA9-F501-4796-8728-74D1B91A6CD5} - c:\program files (x86)\PokerStars.EU\PokerStarsUpdate.exe
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\x0r7v2po.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-442157560-71985194-424515763-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-442157560-71985194-424515763-1001\Software\SecuROM\License information*]
"datasecu"=hex:01,30,4a,fb,08,53,ca,30,56,ac,20,47,3e,86,d1,8f,9d,8c,65,98,49,
7c,83,b8,38,d9,91,04,60,77,8c,08,ec,5f,af,25,59,bf,23,95,1f,4f,8e,a4,f1,53,\
"rkeysecu"=hex:ff,85,51,81,23,d8,5b,a2,4e,f4,71,5f,52,73,97,44
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_232_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_232_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_232_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_232_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.18"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Celkový čas: 2015-09-03 21:24:06
ComboFix-quarantined-files.txt 2015-09-03 19:24
ComboFix2.txt 2015-08-30 14:31
.
Před spuštěním: Volných bajtů: 49 817 694 208
Po spuštění: Volných bajtů: 49 589 202 944
.
- - End Of File - - 4AA6754B4CB5729DBA6DDD7D52A15199

[Roli]

Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.


Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.

Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.


Pak dej vědět jak se PC chová.