Dobrý den.
Dnes jsem provedl Avastem úplný test systému. Našlo to 2 viry. Dal jsem je do truhly. Avast chtěl provést ještě test po restartu. Potvrdil jsem to. Našel další 3 infikované soubory.
Pak jsem kopíroval film (asi 1 GB) z PC na flashku a trvalo to půl hodiny, což je o hodně pomalejší než obvykle. Podíváte se mi na to prosím? Děkuji.
log:
Logfile of random's system information tool 1.10 (written by random/random)
Run by Tomáš at 2015-10-29 00:13:02
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 89 GB (56%) free of 160 GB
Total RAM: 4094 MB (60% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:13:19, on 29.10.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18057)
Boot mode: Normal
Running processes:
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Tomáš.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://www.slavoj.cz
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 8026 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe"
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k secsvcs
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
atieclxx
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --incognito
"D:\Dokumenty\ONDRA_dokumenty\Karel Gott\KeePass-2.26\KeePass.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="1840.0.440464416\1947638065" --supports-dual-gpus=false --gpu-driver-bug-workarounds=2,12,20,45,55 --disable-accelerated-video-decode --gpu-vendor-id=0x10de --gpu-device-id=0x0140 --gpu-driver-vendor=NVIDIA --gpu-driver-version=9.18.13.908 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AffiliationBasedMatching/Enabled/AppBannerTriggering/Aggressive/AsyncSetAsDefault/Enabled/AudioProcessing48kHzSupport/Default/*AutofillClassifier/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Default/ChromotingQUIC/Disabled/*ClientSideDetectionModel/Model0/*DomRel-Enable/enable/*EmbeddedSearch/Group13 pct:1d stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableGoogleCachedCopyTextExperiment/Button/EnableSessionCrashedBubbleUI/Enabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/Unused_2/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/*PluginPowerSaver/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledNoId/RefreshTokenDeviceId/Enabled/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingReportPhishingErrorLink/Disabled/SafeBrowsingSocialEngineeringStrings/Disabled/*SdchPersistence/Enabled/SessionRestoreBackgroundLoading/Restore/*SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=1 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --channel="1840.2.1346341373\1030515174" --font-cache-shared-handle=2100 /prefetch:673131151
"C:\Windows\system32\GWX\GWX.exe"
C:\Windows\servicing\TrustedInstaller.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --disable-databases --lang=cs --force-fieldtrials="AffiliationBasedMatching/Enabled/AppBannerTriggering/Aggressive/AsyncSetAsDefault/Enabled/AudioProcessing48kHzSupport/Default/*AutofillClassifier/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Default/ChromotingQUIC/Disabled/*ClientSideDetectionModel/Model0/*DomRel-Enable/enable/*EmbeddedSearch/Group13 pct:1d stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableGoogleCachedCopyTextExperiment/Button/EnableSessionCrashedBubbleUI/Enabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/Unused_2/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/*PluginPowerSaver/Enabled/*PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledNoId/RefreshTokenDeviceId/Enabled/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingReportPhishingErrorLink/Disabled/SafeBrowsingSocialEngineeringStrings/Disabled/*SdchPersistence/Enabled/SessionRestoreBackgroundLoading/Restore/*SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=1 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --channel="1840.10.681361054\1813823737" --font-cache-shared-handle=4484 /prefetch:673131151
C:\Windows\system32\sppsvc.exe
"C:\Users\Tomáš\Desktop\RSITx64.exe"
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
=========Mozilla firefox=========
ProfilePath - C:\Users\Tomáš\AppData\Roaming\Mozilla\Firefox\Profiles\cdmrwuo1.default
prefs.js - "browser.startup.homepage" - "https://www.google.cz/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 19.0.0.226 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 19.0.0.226 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-12-19 6671064]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-02 655480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 690392]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-02 559624]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -
{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"=C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [2009-04-09 320000]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2012-06-11 12503184]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeePass 2 PreLoad]
C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe --preload []
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"=C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2012-11-05 89184]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2015-09-21 6134544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-12-19 6671064]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"msacm.l3codecp"=l3codecp.acm
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2015-10-29 00:13:02 ----D---- C:\rsit
2015-10-17 05:55:45 ----D---- C:\Program Files (x86)\Mozilla Firefox
2015-10-15 16:45:03 ----A---- C:\Windows\system32\invagent.dll
2015-10-15 16:45:03 ----A---- C:\Windows\system32\generaltel.dll
2015-10-15 16:45:03 ----A---- C:\Windows\system32\devinv.dll
2015-10-15 16:45:03 ----A---- C:\Windows\system32\CompatTelRunner.exe
2015-10-15 16:45:03 ----A---- C:\Windows\system32\appraiser.dll
2015-10-15 16:45:03 ----A---- C:\Windows\system32\aeinv.dll
2015-10-15 16:45:03 ----A---- C:\Windows\system32\acmigration.dll
2015-10-14 13:06:53 ----A---- C:\Windows\system32\shell32.dll
2015-10-14 13:06:52 ----A---- C:\Windows\system32\ExplorerFrame.dll
2015-10-14 13:06:51 ----A---- C:\Windows\SYSWOW64\shell32.dll
2015-10-14 13:06:51 ----A---- C:\Windows\SYSWOW64\ExplorerFrame.dll
2015-10-14 13:06:43 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2015-10-14 13:06:42 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2015-10-14 13:06:42 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2015-10-14 13:06:42 ----A---- C:\Windows\system32\ieetwproxystub.dll
2015-10-14 13:06:42 ----A---- C:\Windows\system32\ieetwcollector.exe
2015-10-14 13:06:41 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2015-10-14 13:06:41 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2015-10-14 13:06:41 ----A---- C:\Windows\SYSWOW64\occache.dll
2015-10-14 13:06:41 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2015-10-14 13:06:41 ----A---- C:\Windows\system32\iernonce.dll
2015-10-14 13:06:41 ----A---- C:\Windows\system32\ie4uinit.exe
2015-10-14 13:06:40 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2015-10-14 13:06:40 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2015-10-14 13:06:40 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2015-10-14 13:06:40 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2015-10-14 13:06:40 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-10-14 13:06:38 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2015-10-14 13:06:38 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2015-10-14 13:06:38 ----A---- C:\Windows\system32\urlmon.dll
2015-10-14 13:06:38 ----A---- C:\Windows\system32\occache.dll
2015-10-14 13:06:38 ----A---- C:\Windows\system32\iedkcs32.dll
2015-10-14 13:06:37 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2015-10-14 13:06:37 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2015-10-14 13:06:37 ----A---- C:\Windows\SYSWOW64\jscript.dll
2015-10-14 13:06:37 ----A---- C:\Windows\SYSWOW64\ieui.dll
2015-10-14 13:06:37 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2015-10-14 13:06:37 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2015-10-14 13:06:37 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2015-10-14 13:06:37 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2015-10-14 13:06:37 ----A---- C:\Windows\system32\msfeeds.dll
2015-10-14 13:06:37 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2015-10-14 13:06:37 ----A---- C:\Windows\system32\dxtrans.dll
2015-10-14 13:06:36 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2015-10-14 13:06:36 ----A---- C:\Windows\system32\iesetup.dll
2015-10-14 13:06:36 ----A---- C:\Windows\system32\ieapfltr.dll
2015-10-14 13:06:35 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2015-10-14 13:06:35 ----A---- C:\Windows\system32\iertutil.dll
2015-10-14 13:06:34 ----A---- C:\Windows\SYSWOW64\wininet.dll
2015-10-14 13:06:34 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2015-10-14 13:06:34 ----A---- C:\Windows\SYSWOW64\msrating.dll
2015-10-14 13:06:34 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2015-10-14 13:06:34 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2015-10-14 13:06:34 ----A---- C:\Windows\system32\vbscript.dll
2015-10-14 13:06:34 ----A---- C:\Windows\system32\jsproxy.dll
2015-10-14 13:06:34 ----A---- C:\Windows\system32\dxtmsft.dll
2015-10-14 13:06:33 ----A---- C:\Windows\system32\mshtmlmedia.dll
2015-10-14 13:06:33 ----A---- C:\Windows\system32\mshtmled.dll
2015-10-14 13:06:33 ----A---- C:\Windows\system32\ieui.dll
2015-10-14 13:06:33 ----A---- C:\Windows\system32\ieframe.dll
2015-10-14 13:06:32 ----A---- C:\Windows\system32\wininet.dll
2015-10-14 13:06:32 ----A---- C:\Windows\system32\webcheck.dll
2015-10-14 13:06:32 ----A---- C:\Windows\system32\jscript9diag.dll
2015-10-14 13:06:32 ----A---- C:\Windows\system32\jscript9.dll
2015-10-14 13:06:32 ----A---- C:\Windows\system32\jscript.dll
2015-10-14 13:06:32 ----A---- C:\Windows\system32\ieUnatt.exe
2015-10-14 13:06:31 ----A---- C:\Windows\system32\msrating.dll
2015-10-14 13:06:31 ----A---- C:\Windows\system32\MshtmlDac.dll
2015-10-14 13:06:30 ----A---- C:\Windows\system32\mshtml.dll
2015-10-14 13:05:41 ----A---- C:\Windows\system32\wucltux.dll
2015-10-14 13:05:41 ----A---- C:\Windows\system32\wuaueng.dll
2015-10-14 13:05:40 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2015-10-14 13:05:40 ----A---- C:\Windows\SYSWOW64\wups.dll
2015-10-14 13:05:40 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2015-10-14 13:05:40 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2015-10-14 13:05:40 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2015-10-14 13:05:40 ----A---- C:\Windows\system32\wuwebv.dll
2015-10-14 13:05:40 ----A---- C:\Windows\system32\wups2.dll
2015-10-14 13:05:40 ----A---- C:\Windows\system32\wups.dll
2015-10-14 13:05:40 ----A---- C:\Windows\system32\wudriver.dll
2015-10-14 13:05:40 ----A---- C:\Windows\system32\wuauclt.exe
2015-10-14 13:05:40 ----A---- C:\Windows\system32\wuapp.exe
2015-10-14 13:05:40 ----A---- C:\Windows\system32\wuapi.dll
2015-10-14 13:05:40 ----A---- C:\Windows\system32\wu.upgrade.ps.dll
2015-10-14 13:05:40 ----A---- C:\Windows\system32\WinSetupUI.dll
2015-10-14 13:05:29 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-10-14 13:05:28 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2015-10-14 13:05:28 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2015-10-14 13:05:27 ----A---- C:\Windows\system32\kernel32.dll
2015-10-14 13:05:27 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2015-10-14 13:05:26 ----A---- C:\Windows\SYSWOW64\schannel.dll
2015-10-14 13:05:26 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2015-10-14 13:05:26 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2015-10-14 13:05:26 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2015-10-14 13:05:26 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2015-10-14 13:05:26 ----A---- C:\Windows\system32\wow64.dll
2015-10-14 13:05:26 ----A---- C:\Windows\system32\winsrv.dll
2015-10-14 13:05:26 ----A---- C:\Windows\system32\wdigest.dll
2015-10-14 13:05:26 ----A---- C:\Windows\system32\srcore.dll
2015-10-14 13:05:26 ----A---- C:\Windows\system32\schannel.dll
2015-10-14 13:05:26 ----A---- C:\Windows\system32\rstrui.exe
2015-10-14 13:05:26 ----A---- C:\Windows\system32\rpcrt4.dll
2015-10-14 13:05:26 ----A---- C:\Windows\system32\ntdll.dll
2015-10-14 13:05:26 ----A---- C:\Windows\system32\ncrypt.dll
2015-10-14 13:05:26 ----A---- C:\Windows\system32\msv1_0.dll
2015-10-14 13:05:26 ----A---- C:\Windows\system32\lsasrv.dll
2015-10-14 13:05:26 ----A---- C:\Windows\system32\KernelBase.dll
2015-10-14 13:05:26 ----A---- C:\Windows\system32\kerberos.dll
2015-10-14 13:05:26 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2015-10-14 13:05:26 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2015-10-14 13:05:26 ----A---- C:\Windows\system32\conhost.exe
2015-10-14 13:05:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-10-14 13:05:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2015-10-14 13:05:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-14 13:05:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-14 13:05:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-10-14 13:05:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2015-10-14 13:05:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-14 13:05:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-10-14 13:05:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-14 13:05:25 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-10-14 13:05:25 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-10-14 13:05:25 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-14 13:05:25 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-14 13:05:25 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-10-14 13:05:25 ----A---- C:\Windows\SYSWOW64\wow32.dll
2015-10-14 13:05:25 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2015-10-14 13:05:25 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2015-10-14 13:05:25 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2015-10-14 13:05:25 ----A---- C:\Windows\SYSWOW64\srclient.dll
2015-10-14 13:05:25 ----A---- C:\Windows\SYSWOW64\setup16.exe
2015-10-14 13:05:25 ----A---- C:\Windows\SYSWOW64\secur32.dll
2015-10-14 13:05:25 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2015-10-14 13:05:25 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2015-10-14 13:05:25 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2015-10-14 13:05:25 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2015-10-14 13:05:25 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2015-10-14 13:05:25 ----A---- C:\Windows\SYSWOW64\credssp.dll
2015-10-14 13:05:25 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2015-10-14 13:05:25 ----A---- C:\Windows\system32\wow64win.dll
2015-10-14 13:05:25 ----A---- C:\Windows\system32\wow64cpu.dll
2015-10-14 13:05:25 ----A---- C:\Windows\system32\TSpkg.dll
2015-10-14 13:05:25 ----A---- C:\Windows\system32\sspisrv.dll
2015-10-14 13:05:25 ----A---- C:\Windows\system32\sspicli.dll
2015-10-14 13:05:25 ----A---- C:\Windows\system32\srclient.dll
2015-10-14 13:05:25 ----A---- C:\Windows\system32\smss.exe
2015-10-14 13:05:25 ----A---- C:\Windows\system32\secur32.dll
2015-10-14 13:05:25 ----A---- C:\Windows\system32\ntvdm64.dll
2015-10-14 13:05:25 ----A---- C:\Windows\system32\lsass.exe
2015-10-14 13:05:25 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2015-10-14 13:05:25 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2015-10-14 13:05:25 ----A---- C:\Windows\system32\csrsrv.dll
2015-10-14 13:05:25 ----A---- C:\Windows\system32\cryptbase.dll
2015-10-14 13:05:25 ----A---- C:\Windows\system32\credssp.dll
2015-10-14 13:05:25 ----A---- C:\Windows\system32\auditpol.exe
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-10-14 13:05:24 ----A---- C:\Windows\SYSWOW64\user.exe
2015-10-14 13:05:24 ----A---- C:\Windows\SYSWOW64\instnm.exe
2015-10-14 13:05:24 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2015-10-14 13:05:24 ----A---- C:\Windows\system32\apisetschema.dll
2015-10-14 13:05:23 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2015-10-14 13:05:23 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2015-10-14 13:05:23 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2015-10-14 13:05:23 ----A---- C:\Windows\system32\msobjs.dll
2015-10-14 13:05:23 ----A---- C:\Windows\system32\msaudite.dll
2015-10-14 13:05:23 ----A---- C:\Windows\system32\adtschema.dll
2015-10-14 13:05:06 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2015-10-14 13:05:06 ----A---- C:\Windows\system32\setbcdlocale.dll
2015-10-14 13:05:06 ----A---- C:\Windows\system32\appidsvc.dll
2015-10-14 13:05:06 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2015-10-14 13:05:06 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2015-10-14 13:05:06 ----A---- C:\Windows\system32\appidapi.dll
2015-10-14 13:05:05 ----A---- C:\Windows\system32\drivers\appid.sys
2015-10-14 13:04:52 ----A---- C:\Windows\SYSWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-14 13:04:52 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 13:04:52 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 13:04:52 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 13:04:52 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l2-1-0.dll
2015-10-14 13:04:52 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-timezone-l1-1-0.dll
2015-10-14 13:04:52 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-14 13:04:52 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-2-0.dll
2015-10-14 13:04:52 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-file-l2-1-0.dll
2015-10-14 13:04:52 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-2-0.dll
2015-10-14 13:04:52 ----A---- C:\Windows\system32\ucrtbase.dll
2015-10-14 13:04:52 ----A---- C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-14 13:04:52 ----A---- C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 13:04:52 ----A---- C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 13:04:52 ----A---- C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-10-14 13:04:52 ----A---- C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-10-14 13:04:52 ----A---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-14 13:04:52 ----A---- C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\SYSWOW64\ucrtbase.dll
2015-10-14 13:04:51 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-2-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
======List of files/folders modified in the last 1 month======
2015-10-29 00:13:05 ----D---- C:\Program Files\trend micro
2015-10-28 23:55:51 ----D---- C:\Windows\system32\config
2015-10-28 23:54:58 ----D---- C:\Users\Tomáš\AppData\Roaming\Skype
2015-10-28 23:53:45 ----D---- C:\Windows\Prefetch
2015-10-28 23:02:20 ----D---- C:\Windows\Temp
2015-10-28 23:00:02 ----D---- C:\Windows\System32
2015-10-28 23:00:02 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-10-28 21:00:55 ----D---- C:\ProgramData\OptimizerPro1
2015-10-28 07:30:26 ----SHD---- C:\System Volume Information
2015-10-18 10:22:45 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-17 21:29:40 ----RD---- C:\Program Files (x86)
2015-10-17 18:45:22 ----D---- C:\Windows\SysWOW64
2015-10-17 18:45:17 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-10-16 13:19:37 ----SHD---- C:\Windows\Installer
2015-10-15 20:38:14 ----D---- C:\Windows\winsxs
2015-10-15 20:38:06 ----SD---- C:\Windows\system32\CompatTel
2015-10-15 20:38:05 ----D---- C:\Windows\system32\appraiser
2015-10-15 20:38:04 ----D---- C:\Windows\AppPatch
2015-10-15 19:13:14 ----D---- C:\ProgramData\Skype
2015-10-15 18:53:04 ----D---- C:\Windows\system32\Tasks
2015-10-15 16:40:31 ----D---- C:\Windows\system32\catroot2
2015-10-14 18:13:24 ----D---- C:\Windows\rescache
2015-10-14 15:34:33 ----D---- C:\Windows\SYSWOW64\cs-CZ
2015-10-14 15:34:33 ----D---- C:\Program Files\Internet Explorer
2015-10-14 15:34:32 ----D---- C:\Windows\SYSWOW64\en-US
2015-10-14 15:34:31 ----D---- C:\Windows\system32\en-US
2015-10-14 15:34:31 ----D---- C:\Windows\system32\cs-CZ
2015-10-14 15:34:29 ----D---- C:\Program Files (x86)\Internet Explorer
2015-10-14 15:34:24 ----D---- C:\Windows\system32\drivers
2015-10-14 15:34:22 ----D---- C:\Windows\system32\CodeIntegrity
2015-10-14 15:34:22 ----D---- C:\Windows\system32\Boot
2015-10-14 13:34:49 ----D---- C:\ProgramData\Microsoft Help
2015-10-14 13:34:31 ----D---- C:\Windows\system32\MRT
2015-10-14 13:29:36 ----A---- C:\Windows\system32\MRT.exe
2015-10-14 13:26:53 ----A---- C:\Windows\win.ini
2015-10-09 14:28:55 ----SD---- C:\Windows\system32\GWX
2015-10-08 18:52:59 ----SD---- C:\Windows\SYSWOW64\GWX
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2015-09-21 65224]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2015-09-21 274808]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\Windows\System32\drivers\sfdrv01.sys [2009-02-03 75384]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\Windows\System32\drivers\sfhlp02.sys [2006-06-14 14192]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\Windows\System32\drivers\sfvfs02.sys [2007-02-08 107384]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2015-09-21 93528]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2015-09-21 1049880]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2015-09-21 448968]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2015-09-21 28656]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2015-09-21 90968]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2015-09-21 153744]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2012-06-19 4065296]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-09-29 646248]
S2 WCMVCAM;WebcamMax, WDM Video Capture; C:\Windows\system32\DRIVERS\wcmvcam64.sys [2012-04-15 1071032]
S3 AmUStor;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS [2009-05-26 40448]
S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2011-06-27 2753536]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-07-30 6038016]
S3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1E62x64.sys [2009-08-23 56320]
S3 MOSUMAC;USB-Ethernet Driver; C:\Windows\system32\DRIVERS\USBMAC64.SYS [2012-04-10 48640]
S3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATK64AMD.sys [2007-08-09 13680]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2013-02-12 19968]
S3 WinUsb;WinUsb; C:\Windows\system32\drivers\WinUsb.sys [2010-11-20 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-09-14 82128]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-07-29 203264]
R2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe [2009-06-15 84536]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-09-21 146600]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2015-01-31 878400]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28 144200]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-07-09 327296]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-17 269000]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28 144200]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-09-16 114688]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2013-12-19 30814400]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-10-17 147624]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-08-10 1255736]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-01-03 1259448]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Detekované viry + zpomalené PC
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Detekované viry + zpomalené PC
Zdravím!
Spusťte tuto utilitu:
Spusťte tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Detekované viry + zpomalené PC
# AdwCleaner v5.015 - Logfile created 29/10/2015 at 15:59:52
# Updated 26/10/2015 by Xplode
# Database : 2015-10-29.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Tomáš - DRAGON
# Running from : C:\Users\Tomáš\Desktop\adwcleaner_5.015.exe
# Option : Cleaning
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
[-] Folder Deleted : C:\Program Files (x86)\GreenTree Applications
[-] Folder Deleted : C:\Program Files (x86)\Mobogenie
[-] Folder Deleted : C:\Program Files (x86)\Optimizer Pro
[-] Folder Deleted : C:\ProgramData\Ask
[-] Folder Deleted : C:\ProgramData\BetterSoft
[-] Folder Deleted : C:\ProgramData\continuetosave
[-] Folder Deleted : C:\ProgramData\optimizerpro1
[-] Folder Deleted : C:\ProgramData\Premium
[-] Folder Deleted : C:\ProgramData\SoftSafe
[-] Folder Deleted : C:\ProgramData\ytd video downloader
[!] Folder Not Deleted : C:\ProgramData\continuetosave
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
[-] Folder Deleted : C:\Users\Tomáš\AppData\Local\apn
[-] Folder Deleted : C:\Users\Tomáš\AppData\Local\genienext
[-] Folder Deleted : C:\Users\Tomáš\AppData\Local\Mobogenie
[-] Folder Deleted : C:\Users\Tomáš\AppData\Roaming\newnext.me
[-] Folder Deleted : C:\Users\Tomáš\AppData\Roaming\quickclick
***** [ Files ] *****
[-] File Deleted : C:\Users\Public\Desktop\YTD Video Downloader.lnk
[-] File Deleted : C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_wlogin.icq.com_0.localstorage
[-] File Deleted : C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_wlogin.icq.com_0.localstorage-journal
***** [ DLLs ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-] Key Deleted : HKCU\Software\APN PIP
[-] Key Deleted : HKCU\Software\incredibar.com
[-] Key Deleted : HKLM\SOFTWARE\PIP
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
[!] Key Not Deleted : [x64] HKCU\Software\APN PIP
[!] Key Not Deleted : [x64] HKCU\Software\incredibar.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{76BA8DBB-B30A-4B5F-BAC0-9419321ABB44}
[!] Key Not Deleted : HKU\S-1-5-21-2942648829-1626241122-2352968032-1000\Software\Microsoft\Internet Explorer\SearchScopes\{76BA8DBB-B30A-4B5F-BAC0-9419321ABB44}
***** [ Web browsers ] *****
*************************
:: Winsock settings cleared
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2798 bytes] ##########
# Updated 26/10/2015 by Xplode
# Database : 2015-10-29.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Tomáš - DRAGON
# Running from : C:\Users\Tomáš\Desktop\adwcleaner_5.015.exe
# Option : Cleaning
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
[-] Folder Deleted : C:\Program Files (x86)\GreenTree Applications
[-] Folder Deleted : C:\Program Files (x86)\Mobogenie
[-] Folder Deleted : C:\Program Files (x86)\Optimizer Pro
[-] Folder Deleted : C:\ProgramData\Ask
[-] Folder Deleted : C:\ProgramData\BetterSoft
[-] Folder Deleted : C:\ProgramData\continuetosave
[-] Folder Deleted : C:\ProgramData\optimizerpro1
[-] Folder Deleted : C:\ProgramData\Premium
[-] Folder Deleted : C:\ProgramData\SoftSafe
[-] Folder Deleted : C:\ProgramData\ytd video downloader
[!] Folder Not Deleted : C:\ProgramData\continuetosave
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
[-] Folder Deleted : C:\Users\Tomáš\AppData\Local\apn
[-] Folder Deleted : C:\Users\Tomáš\AppData\Local\genienext
[-] Folder Deleted : C:\Users\Tomáš\AppData\Local\Mobogenie
[-] Folder Deleted : C:\Users\Tomáš\AppData\Roaming\newnext.me
[-] Folder Deleted : C:\Users\Tomáš\AppData\Roaming\quickclick
***** [ Files ] *****
[-] File Deleted : C:\Users\Public\Desktop\YTD Video Downloader.lnk
[-] File Deleted : C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_wlogin.icq.com_0.localstorage
[-] File Deleted : C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_wlogin.icq.com_0.localstorage-journal
***** [ DLLs ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-] Key Deleted : HKCU\Software\APN PIP
[-] Key Deleted : HKCU\Software\incredibar.com
[-] Key Deleted : HKLM\SOFTWARE\PIP
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
[!] Key Not Deleted : [x64] HKCU\Software\APN PIP
[!] Key Not Deleted : [x64] HKCU\Software\incredibar.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{76BA8DBB-B30A-4B5F-BAC0-9419321ABB44}
[!] Key Not Deleted : HKU\S-1-5-21-2942648829-1626241122-2352968032-1000\Software\Microsoft\Internet Explorer\SearchScopes\{76BA8DBB-B30A-4B5F-BAC0-9419321ABB44}
***** [ Web browsers ] *****
*************************
:: Winsock settings cleared
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2798 bytes] ##########
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Detekované viry + zpomalené PC
Dejte nový log RSIT.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Detekované viry + zpomalené PC
Logfile of random's system information tool 1.10 (written by random/random)
Run by Tomáš at 2015-10-29 17:26:01
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 89 GB (55%) free of 160 GB
Total RAM: 4094 MB (64% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:26:20, on 29.10.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18057)
Boot mode: Normal
Running processes:
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Tomáš.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://www.slavoj.cz
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 8088 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
"C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe"
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchIndexer.exe /Embedding
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Windows\system32\GWX\GWX.exe"
"D:\Dokumenty\ONDRA_dokumenty\Karel Gott\KeePass-2.26\KeePass.exe"
C:\Windows\system32\svchost.exe -k SDRSVC
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --incognito
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="3672.0.1187716722\1052263814" --supports-dual-gpus=false --gpu-driver-bug-workarounds=2,12,20,45,55 --disable-accelerated-video-decode --gpu-vendor-id=0x10de --gpu-device-id=0x0140 --gpu-driver-vendor=NVIDIA --gpu-driver-version=9.18.13.908 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AffiliationBasedMatching/Enabled/AppBannerTriggering/Aggressive/AsyncSetAsDefault/Enabled/AudioProcessing48kHzSupport/Default/*AutofillClassifier/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Default/ChromotingQUIC/Disabled/*ClientSideDetectionModel/Model0/*DomRel-Enable/enable/*EmbeddedSearch/Group13 pct:1d stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableGoogleCachedCopyTextExperiment/Button/EnableSessionCrashedBubbleUI/Enabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/Unused_2/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/*PluginPowerSaver/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledMin4/RefreshTokenDeviceId/Enabled/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingReportPhishingErrorLink/Disabled/SafeBrowsingSocialEngineeringStrings/Disabled/*SdchPersistence/Enabled/SessionRestoreBackgroundLoading/Restore/*SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=1 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --channel="3672.2.791964616\167940143" --font-cache-shared-handle=2128 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AffiliationBasedMatching/Enabled/AppBannerTriggering/Aggressive/AsyncSetAsDefault/Enabled/AudioProcessing48kHzSupport/Default/*AutofillClassifier/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Default/ChromotingQUIC/Disabled/*ClientSideDetectionModel/Model0/*DomRel-Enable/enable/*EmbeddedSearch/Group13 pct:1d stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableGoogleCachedCopyTextExperiment/Button/EnableSessionCrashedBubbleUI/Enabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/*NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/Unused_2/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/*PluginPowerSaver/Enabled/*PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledMin4/RefreshTokenDeviceId/Enabled/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingReportPhishingErrorLink/Disabled/SafeBrowsingSocialEngineeringStrings/Disabled/*SdchPersistence/Enabled/SessionRestoreBackgroundLoading/Restore/*SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=1 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --channel="3672.20.1467248387\399685425" --font-cache-shared-handle=3728 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="3672.23.733939720\1019480595" --ppapi-flash-args=enable_hw_video_decode=1 --lang=cs --ignored=" --type=renderer " /prefetch:-632637702
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe7_ Global\UsGthrCtrlFltPipeMssGthrPipe7 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 528 532 540 65536 536
taskeng.exe {9ED97D2D-56BA-4881-BC5A-1D722E467E98}
"C:\Users\Tomáš\Desktop\RSITx64.exe"
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
=========Mozilla firefox=========
ProfilePath - C:\Users\Tomáš\AppData\Roaming\Mozilla\Firefox\Profiles\cdmrwuo1.default
prefs.js - "browser.startup.homepage" - "https://www.google.cz/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 19.0.0.226 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 19.0.0.226 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-12-19 6671064]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-02 655480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 690392]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-02 559624]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -
{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"=C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [2009-04-09 320000]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2012-06-11 12503184]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeePass 2 PreLoad]
C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe --preload []
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"=C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2012-11-05 89184]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2015-09-21 6134544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-12-19 6671064]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"msacm.l3codecp"=l3codecp.acm
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2015-10-29 15:56:32 ----D---- C:\AdwCleaner
2015-10-29 00:13:02 ----D---- C:\rsit
2015-10-17 05:55:45 ----D---- C:\Program Files (x86)\Mozilla Firefox
2015-10-15 16:45:03 ----A---- C:\Windows\system32\invagent.dll
2015-10-15 16:45:03 ----A---- C:\Windows\system32\generaltel.dll
2015-10-15 16:45:03 ----A---- C:\Windows\system32\devinv.dll
2015-10-15 16:45:03 ----A---- C:\Windows\system32\CompatTelRunner.exe
2015-10-15 16:45:03 ----A---- C:\Windows\system32\appraiser.dll
2015-10-15 16:45:03 ----A---- C:\Windows\system32\aeinv.dll
2015-10-15 16:45:03 ----A---- C:\Windows\system32\acmigration.dll
2015-10-14 13:06:53 ----A---- C:\Windows\system32\shell32.dll
2015-10-14 13:06:52 ----A---- C:\Windows\system32\ExplorerFrame.dll
2015-10-14 13:06:51 ----A---- C:\Windows\SYSWOW64\shell32.dll
2015-10-14 13:06:51 ----A---- C:\Windows\SYSWOW64\ExplorerFrame.dll
2015-10-14 13:06:43 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2015-10-14 13:06:42 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2015-10-14 13:06:42 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2015-10-14 13:06:42 ----A---- C:\Windows\system32\ieetwproxystub.dll
2015-10-14 13:06:42 ----A---- C:\Windows\system32\ieetwcollector.exe
2015-10-14 13:06:41 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2015-10-14 13:06:41 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2015-10-14 13:06:41 ----A---- C:\Windows\SYSWOW64\occache.dll
2015-10-14 13:06:41 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2015-10-14 13:06:41 ----A---- C:\Windows\system32\iernonce.dll
2015-10-14 13:06:41 ----A---- C:\Windows\system32\ie4uinit.exe
2015-10-14 13:06:40 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2015-10-14 13:06:40 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2015-10-14 13:06:40 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2015-10-14 13:06:40 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2015-10-14 13:06:40 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-10-14 13:06:38 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2015-10-14 13:06:38 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2015-10-14 13:06:38 ----A---- C:\Windows\system32\urlmon.dll
2015-10-14 13:06:38 ----A---- C:\Windows\system32\occache.dll
2015-10-14 13:06:38 ----A---- C:\Windows\system32\iedkcs32.dll
2015-10-14 13:06:37 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2015-10-14 13:06:37 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2015-10-14 13:06:37 ----A---- C:\Windows\SYSWOW64\jscript.dll
2015-10-14 13:06:37 ----A---- C:\Windows\SYSWOW64\ieui.dll
2015-10-14 13:06:37 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2015-10-14 13:06:37 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2015-10-14 13:06:37 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2015-10-14 13:06:37 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2015-10-14 13:06:37 ----A---- C:\Windows\system32\msfeeds.dll
2015-10-14 13:06:37 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2015-10-14 13:06:37 ----A---- C:\Windows\system32\dxtrans.dll
2015-10-14 13:06:36 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2015-10-14 13:06:36 ----A---- C:\Windows\system32\iesetup.dll
2015-10-14 13:06:36 ----A---- C:\Windows\system32\ieapfltr.dll
2015-10-14 13:06:35 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2015-10-14 13:06:35 ----A---- C:\Windows\system32\iertutil.dll
2015-10-14 13:06:34 ----A---- C:\Windows\SYSWOW64\wininet.dll
2015-10-14 13:06:34 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2015-10-14 13:06:34 ----A---- C:\Windows\SYSWOW64\msrating.dll
2015-10-14 13:06:34 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2015-10-14 13:06:34 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2015-10-14 13:06:34 ----A---- C:\Windows\system32\vbscript.dll
2015-10-14 13:06:34 ----A---- C:\Windows\system32\jsproxy.dll
2015-10-14 13:06:34 ----A---- C:\Windows\system32\dxtmsft.dll
2015-10-14 13:06:33 ----A---- C:\Windows\system32\mshtmlmedia.dll
2015-10-14 13:06:33 ----A---- C:\Windows\system32\mshtmled.dll
2015-10-14 13:06:33 ----A---- C:\Windows\system32\ieui.dll
2015-10-14 13:06:33 ----A---- C:\Windows\system32\ieframe.dll
2015-10-14 13:06:32 ----A---- C:\Windows\system32\wininet.dll
2015-10-14 13:06:32 ----A---- C:\Windows\system32\webcheck.dll
2015-10-14 13:06:32 ----A---- C:\Windows\system32\jscript9diag.dll
2015-10-14 13:06:32 ----A---- C:\Windows\system32\jscript9.dll
2015-10-14 13:06:32 ----A---- C:\Windows\system32\jscript.dll
2015-10-14 13:06:32 ----A---- C:\Windows\system32\ieUnatt.exe
2015-10-14 13:06:31 ----A---- C:\Windows\system32\msrating.dll
2015-10-14 13:06:31 ----A---- C:\Windows\system32\MshtmlDac.dll
2015-10-14 13:06:30 ----A---- C:\Windows\system32\mshtml.dll
2015-10-14 13:05:41 ----A---- C:\Windows\system32\wucltux.dll
2015-10-14 13:05:41 ----A---- C:\Windows\system32\wuaueng.dll
2015-10-14 13:05:40 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2015-10-14 13:05:40 ----A---- C:\Windows\SYSWOW64\wups.dll
2015-10-14 13:05:40 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2015-10-14 13:05:40 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2015-10-14 13:05:40 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2015-10-14 13:05:40 ----A---- C:\Windows\system32\wuwebv.dll
2015-10-14 13:05:40 ----A---- C:\Windows\system32\wups2.dll
2015-10-14 13:05:40 ----A---- C:\Windows\system32\wups.dll
2015-10-14 13:05:40 ----A---- C:\Windows\system32\wudriver.dll
2015-10-14 13:05:40 ----A---- C:\Windows\system32\wuauclt.exe
2015-10-14 13:05:40 ----A---- C:\Windows\system32\wuapp.exe
2015-10-14 13:05:40 ----A---- C:\Windows\system32\wuapi.dll
2015-10-14 13:05:40 ----A---- C:\Windows\system32\wu.upgrade.ps.dll
2015-10-14 13:05:40 ----A---- C:\Windows\system32\WinSetupUI.dll
2015-10-14 13:05:29 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-10-14 13:05:28 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2015-10-14 13:05:28 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2015-10-14 13:05:27 ----A---- C:\Windows\system32\kernel32.dll
2015-10-14 13:05:27 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2015-10-14 13:05:26 ----A---- C:\Windows\SYSWOW64\schannel.dll
2015-10-14 13:05:26 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2015-10-14 13:05:26 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2015-10-14 13:05:26 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2015-10-14 13:05:26 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2015-10-14 13:05:26 ----A---- C:\Windows\system32\wow64.dll
2015-10-14 13:05:26 ----A---- C:\Windows\system32\winsrv.dll
2015-10-14 13:05:26 ----A---- C:\Windows\system32\wdigest.dll
2015-10-14 13:05:26 ----A---- C:\Windows\system32\srcore.dll
2015-10-14 13:05:26 ----A---- C:\Windows\system32\schannel.dll
2015-10-14 13:05:26 ----A---- C:\Windows\system32\rstrui.exe
2015-10-14 13:05:26 ----A---- C:\Windows\system32\rpcrt4.dll
2015-10-14 13:05:26 ----A---- C:\Windows\system32\ntdll.dll
2015-10-14 13:05:26 ----A---- C:\Windows\system32\ncrypt.dll
2015-10-14 13:05:26 ----A---- C:\Windows\system32\msv1_0.dll
2015-10-14 13:05:26 ----A---- C:\Windows\system32\lsasrv.dll
2015-10-14 13:05:26 ----A---- C:\Windows\system32\KernelBase.dll
2015-10-14 13:05:26 ----A---- C:\Windows\system32\kerberos.dll
2015-10-14 13:05:26 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2015-10-14 13:05:26 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2015-10-14 13:05:26 ----A---- C:\Windows\system32\conhost.exe
2015-10-14 13:05:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-10-14 13:05:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2015-10-14 13:05:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-14 13:05:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-14 13:05:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-10-14 13:05:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2015-10-14 13:05:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-14 13:05:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-10-14 13:05:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-14 13:05:25 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-10-14 13:05:25 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-10-14 13:05:25 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-14 13:05:25 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-14 13:05:25 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-10-14 13:05:25 ----A---- C:\Windows\SYSWOW64\wow32.dll
2015-10-14 13:05:25 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2015-10-14 13:05:25 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2015-10-14 13:05:25 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2015-10-14 13:05:25 ----A---- C:\Windows\SYSWOW64\srclient.dll
2015-10-14 13:05:25 ----A---- C:\Windows\SYSWOW64\setup16.exe
2015-10-14 13:05:25 ----A---- C:\Windows\SYSWOW64\secur32.dll
2015-10-14 13:05:25 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2015-10-14 13:05:25 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2015-10-14 13:05:25 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2015-10-14 13:05:25 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2015-10-14 13:05:25 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2015-10-14 13:05:25 ----A---- C:\Windows\SYSWOW64\credssp.dll
2015-10-14 13:05:25 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2015-10-14 13:05:25 ----A---- C:\Windows\system32\wow64win.dll
2015-10-14 13:05:25 ----A---- C:\Windows\system32\wow64cpu.dll
2015-10-14 13:05:25 ----A---- C:\Windows\system32\TSpkg.dll
2015-10-14 13:05:25 ----A---- C:\Windows\system32\sspisrv.dll
2015-10-14 13:05:25 ----A---- C:\Windows\system32\sspicli.dll
2015-10-14 13:05:25 ----A---- C:\Windows\system32\srclient.dll
2015-10-14 13:05:25 ----A---- C:\Windows\system32\smss.exe
2015-10-14 13:05:25 ----A---- C:\Windows\system32\secur32.dll
2015-10-14 13:05:25 ----A---- C:\Windows\system32\ntvdm64.dll
2015-10-14 13:05:25 ----A---- C:\Windows\system32\lsass.exe
2015-10-14 13:05:25 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2015-10-14 13:05:25 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2015-10-14 13:05:25 ----A---- C:\Windows\system32\csrsrv.dll
2015-10-14 13:05:25 ----A---- C:\Windows\system32\cryptbase.dll
2015-10-14 13:05:25 ----A---- C:\Windows\system32\credssp.dll
2015-10-14 13:05:25 ----A---- C:\Windows\system32\auditpol.exe
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-10-14 13:05:24 ----A---- C:\Windows\SYSWOW64\user.exe
2015-10-14 13:05:24 ----A---- C:\Windows\SYSWOW64\instnm.exe
2015-10-14 13:05:24 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2015-10-14 13:05:24 ----A---- C:\Windows\system32\apisetschema.dll
2015-10-14 13:05:23 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2015-10-14 13:05:23 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2015-10-14 13:05:23 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2015-10-14 13:05:23 ----A---- C:\Windows\system32\msobjs.dll
2015-10-14 13:05:23 ----A---- C:\Windows\system32\msaudite.dll
2015-10-14 13:05:23 ----A---- C:\Windows\system32\adtschema.dll
2015-10-14 13:05:06 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2015-10-14 13:05:06 ----A---- C:\Windows\system32\setbcdlocale.dll
2015-10-14 13:05:06 ----A---- C:\Windows\system32\appidsvc.dll
2015-10-14 13:05:06 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2015-10-14 13:05:06 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2015-10-14 13:05:06 ----A---- C:\Windows\system32\appidapi.dll
2015-10-14 13:05:05 ----A---- C:\Windows\system32\drivers\appid.sys
2015-10-14 13:04:52 ----A---- C:\Windows\SYSWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-14 13:04:52 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 13:04:52 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 13:04:52 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 13:04:52 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l2-1-0.dll
2015-10-14 13:04:52 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-timezone-l1-1-0.dll
2015-10-14 13:04:52 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-14 13:04:52 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-2-0.dll
2015-10-14 13:04:52 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-file-l2-1-0.dll
2015-10-14 13:04:52 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-2-0.dll
2015-10-14 13:04:52 ----A---- C:\Windows\system32\ucrtbase.dll
2015-10-14 13:04:52 ----A---- C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-14 13:04:52 ----A---- C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 13:04:52 ----A---- C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 13:04:52 ----A---- C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-10-14 13:04:52 ----A---- C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-10-14 13:04:52 ----A---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-14 13:04:52 ----A---- C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\SYSWOW64\ucrtbase.dll
2015-10-14 13:04:51 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-2-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
======List of files/folders modified in the last 1 month======
2015-10-29 17:26:06 ----D---- C:\Program Files\trend micro
2015-10-29 16:27:13 ----D---- C:\Users\Tomáš\AppData\Roaming\Skype
2015-10-29 16:26:00 ----D---- C:\Windows\Temp
2015-10-29 16:05:47 ----D---- C:\Windows\System32
2015-10-29 16:05:47 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-10-29 16:00:39 ----D---- C:\Windows\system32\config
2015-10-29 15:59:58 ----RD---- C:\Program Files (x86)
2015-10-29 15:59:58 ----HD---- C:\ProgramData
2015-10-28 23:53:45 ----D---- C:\Windows\Prefetch
2015-10-28 07:30:26 ----SHD---- C:\System Volume Information
2015-10-18 10:22:45 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-17 18:45:22 ----D---- C:\Windows\SysWOW64
2015-10-17 18:45:17 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-10-16 13:19:37 ----SHD---- C:\Windows\Installer
2015-10-15 20:38:14 ----D---- C:\Windows\winsxs
2015-10-15 20:38:06 ----SD---- C:\Windows\system32\CompatTel
2015-10-15 20:38:05 ----D---- C:\Windows\system32\appraiser
2015-10-15 20:38:04 ----D---- C:\Windows\AppPatch
2015-10-15 19:13:14 ----D---- C:\ProgramData\Skype
2015-10-15 18:53:04 ----D---- C:\Windows\system32\Tasks
2015-10-15 16:40:31 ----D---- C:\Windows\system32\catroot2
2015-10-14 18:13:24 ----D---- C:\Windows\rescache
2015-10-14 15:34:33 ----D---- C:\Windows\SYSWOW64\cs-CZ
2015-10-14 15:34:33 ----D---- C:\Program Files\Internet Explorer
2015-10-14 15:34:32 ----D---- C:\Windows\SYSWOW64\en-US
2015-10-14 15:34:31 ----D---- C:\Windows\system32\en-US
2015-10-14 15:34:31 ----D---- C:\Windows\system32\cs-CZ
2015-10-14 15:34:29 ----D---- C:\Program Files (x86)\Internet Explorer
2015-10-14 15:34:24 ----D---- C:\Windows\system32\drivers
2015-10-14 15:34:22 ----D---- C:\Windows\system32\CodeIntegrity
2015-10-14 15:34:22 ----D---- C:\Windows\system32\Boot
2015-10-14 13:34:49 ----D---- C:\ProgramData\Microsoft Help
2015-10-14 13:34:31 ----D---- C:\Windows\system32\MRT
2015-10-14 13:29:36 ----A---- C:\Windows\system32\MRT.exe
2015-10-14 13:26:53 ----A---- C:\Windows\win.ini
2015-10-09 14:28:55 ----SD---- C:\Windows\system32\GWX
2015-10-08 18:52:59 ----SD---- C:\Windows\SYSWOW64\GWX
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2015-09-21 65224]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2015-09-21 274808]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\Windows\System32\drivers\sfdrv01.sys [2009-02-03 75384]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\Windows\System32\drivers\sfhlp02.sys [2006-06-14 14192]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\Windows\System32\drivers\sfvfs02.sys [2007-02-08 107384]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2015-09-21 93528]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2015-09-21 1049880]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2015-09-21 448968]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2015-09-21 28656]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2015-09-21 90968]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2015-09-21 153744]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2012-06-19 4065296]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-09-29 646248]
S2 WCMVCAM;WebcamMax, WDM Video Capture; C:\Windows\system32\DRIVERS\wcmvcam64.sys [2012-04-15 1071032]
S3 AmUStor;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS [2009-05-26 40448]
S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2011-06-27 2753536]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-07-30 6038016]
S3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1E62x64.sys [2009-08-23 56320]
S3 MOSUMAC;USB-Ethernet Driver; C:\Windows\system32\DRIVERS\USBMAC64.SYS [2012-04-10 48640]
S3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATK64AMD.sys [2007-08-09 13680]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2013-02-12 19968]
S3 WinUsb;WinUsb; C:\Windows\system32\drivers\WinUsb.sys [2010-11-20 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-09-14 82128]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-07-29 203264]
R2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe [2009-06-15 84536]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-09-21 146600]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2015-01-31 878400]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28 144200]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-07-09 327296]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-17 269000]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28 144200]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-09-16 114688]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2013-12-19 30814400]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-10-17 147624]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-08-10 1255736]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-01-03 1259448]
-----------------EOF-----------------
Run by Tomáš at 2015-10-29 17:26:01
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 89 GB (55%) free of 160 GB
Total RAM: 4094 MB (64% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:26:20, on 29.10.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18057)
Boot mode: Normal
Running processes:
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Tomáš.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://www.slavoj.cz
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 8088 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
"C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe"
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchIndexer.exe /Embedding
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Windows\system32\GWX\GWX.exe"
"D:\Dokumenty\ONDRA_dokumenty\Karel Gott\KeePass-2.26\KeePass.exe"
C:\Windows\system32\svchost.exe -k SDRSVC
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --incognito
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="3672.0.1187716722\1052263814" --supports-dual-gpus=false --gpu-driver-bug-workarounds=2,12,20,45,55 --disable-accelerated-video-decode --gpu-vendor-id=0x10de --gpu-device-id=0x0140 --gpu-driver-vendor=NVIDIA --gpu-driver-version=9.18.13.908 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AffiliationBasedMatching/Enabled/AppBannerTriggering/Aggressive/AsyncSetAsDefault/Enabled/AudioProcessing48kHzSupport/Default/*AutofillClassifier/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Default/ChromotingQUIC/Disabled/*ClientSideDetectionModel/Model0/*DomRel-Enable/enable/*EmbeddedSearch/Group13 pct:1d stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableGoogleCachedCopyTextExperiment/Button/EnableSessionCrashedBubbleUI/Enabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/Unused_2/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/*PluginPowerSaver/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledMin4/RefreshTokenDeviceId/Enabled/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingReportPhishingErrorLink/Disabled/SafeBrowsingSocialEngineeringStrings/Disabled/*SdchPersistence/Enabled/SessionRestoreBackgroundLoading/Restore/*SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=1 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --channel="3672.2.791964616\167940143" --font-cache-shared-handle=2128 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AffiliationBasedMatching/Enabled/AppBannerTriggering/Aggressive/AsyncSetAsDefault/Enabled/AudioProcessing48kHzSupport/Default/*AutofillClassifier/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Default/ChromotingQUIC/Disabled/*ClientSideDetectionModel/Model0/*DomRel-Enable/enable/*EmbeddedSearch/Group13 pct:1d stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableGoogleCachedCopyTextExperiment/Button/EnableSessionCrashedBubbleUI/Enabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/*IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/*NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/Unused_2/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/*PluginPowerSaver/Enabled/*PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledMin4/RefreshTokenDeviceId/Enabled/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingReportPhishingErrorLink/Disabled/SafeBrowsingSocialEngineeringStrings/Disabled/*SdchPersistence/Enabled/SessionRestoreBackgroundLoading/Restore/*SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=1 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --channel="3672.20.1467248387\399685425" --font-cache-shared-handle=3728 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="3672.23.733939720\1019480595" --ppapi-flash-args=enable_hw_video_decode=1 --lang=cs --ignored=" --type=renderer " /prefetch:-632637702
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe7_ Global\UsGthrCtrlFltPipeMssGthrPipe7 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 528 532 540 65536 536
taskeng.exe {9ED97D2D-56BA-4881-BC5A-1D722E467E98}
"C:\Users\Tomáš\Desktop\RSITx64.exe"
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
=========Mozilla firefox=========
ProfilePath - C:\Users\Tomáš\AppData\Roaming\Mozilla\Firefox\Profiles\cdmrwuo1.default
prefs.js - "browser.startup.homepage" - "https://www.google.cz/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 19.0.0.226 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 19.0.0.226 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-12-19 6671064]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-02 655480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 690392]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-02 559624]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -
{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"=C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [2009-04-09 320000]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2012-06-11 12503184]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeePass 2 PreLoad]
C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe --preload []
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"=C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2012-11-05 89184]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2015-09-21 6134544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-12-19 6671064]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"msacm.l3codecp"=l3codecp.acm
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2015-10-29 15:56:32 ----D---- C:\AdwCleaner
2015-10-29 00:13:02 ----D---- C:\rsit
2015-10-17 05:55:45 ----D---- C:\Program Files (x86)\Mozilla Firefox
2015-10-15 16:45:03 ----A---- C:\Windows\system32\invagent.dll
2015-10-15 16:45:03 ----A---- C:\Windows\system32\generaltel.dll
2015-10-15 16:45:03 ----A---- C:\Windows\system32\devinv.dll
2015-10-15 16:45:03 ----A---- C:\Windows\system32\CompatTelRunner.exe
2015-10-15 16:45:03 ----A---- C:\Windows\system32\appraiser.dll
2015-10-15 16:45:03 ----A---- C:\Windows\system32\aeinv.dll
2015-10-15 16:45:03 ----A---- C:\Windows\system32\acmigration.dll
2015-10-14 13:06:53 ----A---- C:\Windows\system32\shell32.dll
2015-10-14 13:06:52 ----A---- C:\Windows\system32\ExplorerFrame.dll
2015-10-14 13:06:51 ----A---- C:\Windows\SYSWOW64\shell32.dll
2015-10-14 13:06:51 ----A---- C:\Windows\SYSWOW64\ExplorerFrame.dll
2015-10-14 13:06:43 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2015-10-14 13:06:42 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2015-10-14 13:06:42 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2015-10-14 13:06:42 ----A---- C:\Windows\system32\ieetwproxystub.dll
2015-10-14 13:06:42 ----A---- C:\Windows\system32\ieetwcollector.exe
2015-10-14 13:06:41 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2015-10-14 13:06:41 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2015-10-14 13:06:41 ----A---- C:\Windows\SYSWOW64\occache.dll
2015-10-14 13:06:41 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2015-10-14 13:06:41 ----A---- C:\Windows\system32\iernonce.dll
2015-10-14 13:06:41 ----A---- C:\Windows\system32\ie4uinit.exe
2015-10-14 13:06:40 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2015-10-14 13:06:40 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2015-10-14 13:06:40 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2015-10-14 13:06:40 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2015-10-14 13:06:40 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-10-14 13:06:38 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2015-10-14 13:06:38 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2015-10-14 13:06:38 ----A---- C:\Windows\system32\urlmon.dll
2015-10-14 13:06:38 ----A---- C:\Windows\system32\occache.dll
2015-10-14 13:06:38 ----A---- C:\Windows\system32\iedkcs32.dll
2015-10-14 13:06:37 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2015-10-14 13:06:37 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2015-10-14 13:06:37 ----A---- C:\Windows\SYSWOW64\jscript.dll
2015-10-14 13:06:37 ----A---- C:\Windows\SYSWOW64\ieui.dll
2015-10-14 13:06:37 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2015-10-14 13:06:37 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2015-10-14 13:06:37 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2015-10-14 13:06:37 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2015-10-14 13:06:37 ----A---- C:\Windows\system32\msfeeds.dll
2015-10-14 13:06:37 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2015-10-14 13:06:37 ----A---- C:\Windows\system32\dxtrans.dll
2015-10-14 13:06:36 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2015-10-14 13:06:36 ----A---- C:\Windows\system32\iesetup.dll
2015-10-14 13:06:36 ----A---- C:\Windows\system32\ieapfltr.dll
2015-10-14 13:06:35 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2015-10-14 13:06:35 ----A---- C:\Windows\system32\iertutil.dll
2015-10-14 13:06:34 ----A---- C:\Windows\SYSWOW64\wininet.dll
2015-10-14 13:06:34 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2015-10-14 13:06:34 ----A---- C:\Windows\SYSWOW64\msrating.dll
2015-10-14 13:06:34 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2015-10-14 13:06:34 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2015-10-14 13:06:34 ----A---- C:\Windows\system32\vbscript.dll
2015-10-14 13:06:34 ----A---- C:\Windows\system32\jsproxy.dll
2015-10-14 13:06:34 ----A---- C:\Windows\system32\dxtmsft.dll
2015-10-14 13:06:33 ----A---- C:\Windows\system32\mshtmlmedia.dll
2015-10-14 13:06:33 ----A---- C:\Windows\system32\mshtmled.dll
2015-10-14 13:06:33 ----A---- C:\Windows\system32\ieui.dll
2015-10-14 13:06:33 ----A---- C:\Windows\system32\ieframe.dll
2015-10-14 13:06:32 ----A---- C:\Windows\system32\wininet.dll
2015-10-14 13:06:32 ----A---- C:\Windows\system32\webcheck.dll
2015-10-14 13:06:32 ----A---- C:\Windows\system32\jscript9diag.dll
2015-10-14 13:06:32 ----A---- C:\Windows\system32\jscript9.dll
2015-10-14 13:06:32 ----A---- C:\Windows\system32\jscript.dll
2015-10-14 13:06:32 ----A---- C:\Windows\system32\ieUnatt.exe
2015-10-14 13:06:31 ----A---- C:\Windows\system32\msrating.dll
2015-10-14 13:06:31 ----A---- C:\Windows\system32\MshtmlDac.dll
2015-10-14 13:06:30 ----A---- C:\Windows\system32\mshtml.dll
2015-10-14 13:05:41 ----A---- C:\Windows\system32\wucltux.dll
2015-10-14 13:05:41 ----A---- C:\Windows\system32\wuaueng.dll
2015-10-14 13:05:40 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2015-10-14 13:05:40 ----A---- C:\Windows\SYSWOW64\wups.dll
2015-10-14 13:05:40 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2015-10-14 13:05:40 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2015-10-14 13:05:40 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2015-10-14 13:05:40 ----A---- C:\Windows\system32\wuwebv.dll
2015-10-14 13:05:40 ----A---- C:\Windows\system32\wups2.dll
2015-10-14 13:05:40 ----A---- C:\Windows\system32\wups.dll
2015-10-14 13:05:40 ----A---- C:\Windows\system32\wudriver.dll
2015-10-14 13:05:40 ----A---- C:\Windows\system32\wuauclt.exe
2015-10-14 13:05:40 ----A---- C:\Windows\system32\wuapp.exe
2015-10-14 13:05:40 ----A---- C:\Windows\system32\wuapi.dll
2015-10-14 13:05:40 ----A---- C:\Windows\system32\wu.upgrade.ps.dll
2015-10-14 13:05:40 ----A---- C:\Windows\system32\WinSetupUI.dll
2015-10-14 13:05:29 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-10-14 13:05:28 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2015-10-14 13:05:28 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2015-10-14 13:05:27 ----A---- C:\Windows\system32\kernel32.dll
2015-10-14 13:05:27 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2015-10-14 13:05:26 ----A---- C:\Windows\SYSWOW64\schannel.dll
2015-10-14 13:05:26 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2015-10-14 13:05:26 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2015-10-14 13:05:26 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2015-10-14 13:05:26 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2015-10-14 13:05:26 ----A---- C:\Windows\system32\wow64.dll
2015-10-14 13:05:26 ----A---- C:\Windows\system32\winsrv.dll
2015-10-14 13:05:26 ----A---- C:\Windows\system32\wdigest.dll
2015-10-14 13:05:26 ----A---- C:\Windows\system32\srcore.dll
2015-10-14 13:05:26 ----A---- C:\Windows\system32\schannel.dll
2015-10-14 13:05:26 ----A---- C:\Windows\system32\rstrui.exe
2015-10-14 13:05:26 ----A---- C:\Windows\system32\rpcrt4.dll
2015-10-14 13:05:26 ----A---- C:\Windows\system32\ntdll.dll
2015-10-14 13:05:26 ----A---- C:\Windows\system32\ncrypt.dll
2015-10-14 13:05:26 ----A---- C:\Windows\system32\msv1_0.dll
2015-10-14 13:05:26 ----A---- C:\Windows\system32\lsasrv.dll
2015-10-14 13:05:26 ----A---- C:\Windows\system32\KernelBase.dll
2015-10-14 13:05:26 ----A---- C:\Windows\system32\kerberos.dll
2015-10-14 13:05:26 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2015-10-14 13:05:26 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2015-10-14 13:05:26 ----A---- C:\Windows\system32\conhost.exe
2015-10-14 13:05:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-10-14 13:05:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2015-10-14 13:05:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-14 13:05:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-14 13:05:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-10-14 13:05:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2015-10-14 13:05:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-14 13:05:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-10-14 13:05:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-14 13:05:25 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-10-14 13:05:25 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-10-14 13:05:25 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-14 13:05:25 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-14 13:05:25 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-10-14 13:05:25 ----A---- C:\Windows\SYSWOW64\wow32.dll
2015-10-14 13:05:25 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2015-10-14 13:05:25 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2015-10-14 13:05:25 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2015-10-14 13:05:25 ----A---- C:\Windows\SYSWOW64\srclient.dll
2015-10-14 13:05:25 ----A---- C:\Windows\SYSWOW64\setup16.exe
2015-10-14 13:05:25 ----A---- C:\Windows\SYSWOW64\secur32.dll
2015-10-14 13:05:25 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2015-10-14 13:05:25 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2015-10-14 13:05:25 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2015-10-14 13:05:25 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2015-10-14 13:05:25 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2015-10-14 13:05:25 ----A---- C:\Windows\SYSWOW64\credssp.dll
2015-10-14 13:05:25 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2015-10-14 13:05:25 ----A---- C:\Windows\system32\wow64win.dll
2015-10-14 13:05:25 ----A---- C:\Windows\system32\wow64cpu.dll
2015-10-14 13:05:25 ----A---- C:\Windows\system32\TSpkg.dll
2015-10-14 13:05:25 ----A---- C:\Windows\system32\sspisrv.dll
2015-10-14 13:05:25 ----A---- C:\Windows\system32\sspicli.dll
2015-10-14 13:05:25 ----A---- C:\Windows\system32\srclient.dll
2015-10-14 13:05:25 ----A---- C:\Windows\system32\smss.exe
2015-10-14 13:05:25 ----A---- C:\Windows\system32\secur32.dll
2015-10-14 13:05:25 ----A---- C:\Windows\system32\ntvdm64.dll
2015-10-14 13:05:25 ----A---- C:\Windows\system32\lsass.exe
2015-10-14 13:05:25 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2015-10-14 13:05:25 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2015-10-14 13:05:25 ----A---- C:\Windows\system32\csrsrv.dll
2015-10-14 13:05:25 ----A---- C:\Windows\system32\cryptbase.dll
2015-10-14 13:05:25 ----A---- C:\Windows\system32\credssp.dll
2015-10-14 13:05:25 ----A---- C:\Windows\system32\auditpol.exe
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-10-14 13:05:24 ----A---- C:\Windows\SYSWOW64\user.exe
2015-10-14 13:05:24 ----A---- C:\Windows\SYSWOW64\instnm.exe
2015-10-14 13:05:24 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2015-10-14 13:05:24 ----A---- C:\Windows\system32\apisetschema.dll
2015-10-14 13:05:23 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2015-10-14 13:05:23 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2015-10-14 13:05:23 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2015-10-14 13:05:23 ----A---- C:\Windows\system32\msobjs.dll
2015-10-14 13:05:23 ----A---- C:\Windows\system32\msaudite.dll
2015-10-14 13:05:23 ----A---- C:\Windows\system32\adtschema.dll
2015-10-14 13:05:06 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2015-10-14 13:05:06 ----A---- C:\Windows\system32\setbcdlocale.dll
2015-10-14 13:05:06 ----A---- C:\Windows\system32\appidsvc.dll
2015-10-14 13:05:06 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2015-10-14 13:05:06 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2015-10-14 13:05:06 ----A---- C:\Windows\system32\appidapi.dll
2015-10-14 13:05:05 ----A---- C:\Windows\system32\drivers\appid.sys
2015-10-14 13:04:52 ----A---- C:\Windows\SYSWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-14 13:04:52 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 13:04:52 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 13:04:52 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 13:04:52 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l2-1-0.dll
2015-10-14 13:04:52 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-timezone-l1-1-0.dll
2015-10-14 13:04:52 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-14 13:04:52 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-2-0.dll
2015-10-14 13:04:52 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-file-l2-1-0.dll
2015-10-14 13:04:52 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-2-0.dll
2015-10-14 13:04:52 ----A---- C:\Windows\system32\ucrtbase.dll
2015-10-14 13:04:52 ----A---- C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-14 13:04:52 ----A---- C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 13:04:52 ----A---- C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 13:04:52 ----A---- C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-10-14 13:04:52 ----A---- C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-10-14 13:04:52 ----A---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-14 13:04:52 ----A---- C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\SYSWOW64\ucrtbase.dll
2015-10-14 13:04:51 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-2-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
======List of files/folders modified in the last 1 month======
2015-10-29 17:26:06 ----D---- C:\Program Files\trend micro
2015-10-29 16:27:13 ----D---- C:\Users\Tomáš\AppData\Roaming\Skype
2015-10-29 16:26:00 ----D---- C:\Windows\Temp
2015-10-29 16:05:47 ----D---- C:\Windows\System32
2015-10-29 16:05:47 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-10-29 16:00:39 ----D---- C:\Windows\system32\config
2015-10-29 15:59:58 ----RD---- C:\Program Files (x86)
2015-10-29 15:59:58 ----HD---- C:\ProgramData
2015-10-28 23:53:45 ----D---- C:\Windows\Prefetch
2015-10-28 07:30:26 ----SHD---- C:\System Volume Information
2015-10-18 10:22:45 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-17 18:45:22 ----D---- C:\Windows\SysWOW64
2015-10-17 18:45:17 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-10-16 13:19:37 ----SHD---- C:\Windows\Installer
2015-10-15 20:38:14 ----D---- C:\Windows\winsxs
2015-10-15 20:38:06 ----SD---- C:\Windows\system32\CompatTel
2015-10-15 20:38:05 ----D---- C:\Windows\system32\appraiser
2015-10-15 20:38:04 ----D---- C:\Windows\AppPatch
2015-10-15 19:13:14 ----D---- C:\ProgramData\Skype
2015-10-15 18:53:04 ----D---- C:\Windows\system32\Tasks
2015-10-15 16:40:31 ----D---- C:\Windows\system32\catroot2
2015-10-14 18:13:24 ----D---- C:\Windows\rescache
2015-10-14 15:34:33 ----D---- C:\Windows\SYSWOW64\cs-CZ
2015-10-14 15:34:33 ----D---- C:\Program Files\Internet Explorer
2015-10-14 15:34:32 ----D---- C:\Windows\SYSWOW64\en-US
2015-10-14 15:34:31 ----D---- C:\Windows\system32\en-US
2015-10-14 15:34:31 ----D---- C:\Windows\system32\cs-CZ
2015-10-14 15:34:29 ----D---- C:\Program Files (x86)\Internet Explorer
2015-10-14 15:34:24 ----D---- C:\Windows\system32\drivers
2015-10-14 15:34:22 ----D---- C:\Windows\system32\CodeIntegrity
2015-10-14 15:34:22 ----D---- C:\Windows\system32\Boot
2015-10-14 13:34:49 ----D---- C:\ProgramData\Microsoft Help
2015-10-14 13:34:31 ----D---- C:\Windows\system32\MRT
2015-10-14 13:29:36 ----A---- C:\Windows\system32\MRT.exe
2015-10-14 13:26:53 ----A---- C:\Windows\win.ini
2015-10-09 14:28:55 ----SD---- C:\Windows\system32\GWX
2015-10-08 18:52:59 ----SD---- C:\Windows\SYSWOW64\GWX
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2015-09-21 65224]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2015-09-21 274808]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\Windows\System32\drivers\sfdrv01.sys [2009-02-03 75384]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\Windows\System32\drivers\sfhlp02.sys [2006-06-14 14192]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\Windows\System32\drivers\sfvfs02.sys [2007-02-08 107384]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2015-09-21 93528]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2015-09-21 1049880]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2015-09-21 448968]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2015-09-21 28656]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2015-09-21 90968]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2015-09-21 153744]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2012-06-19 4065296]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-09-29 646248]
S2 WCMVCAM;WebcamMax, WDM Video Capture; C:\Windows\system32\DRIVERS\wcmvcam64.sys [2012-04-15 1071032]
S3 AmUStor;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS [2009-05-26 40448]
S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2011-06-27 2753536]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-07-30 6038016]
S3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1E62x64.sys [2009-08-23 56320]
S3 MOSUMAC;USB-Ethernet Driver; C:\Windows\system32\DRIVERS\USBMAC64.SYS [2012-04-10 48640]
S3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATK64AMD.sys [2007-08-09 13680]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2013-02-12 19968]
S3 WinUsb;WinUsb; C:\Windows\system32\drivers\WinUsb.sys [2010-11-20 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-09-14 82128]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-07-29 203264]
R2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe [2009-06-15 84536]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-09-21 146600]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2015-01-31 878400]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28 144200]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-07-09 327296]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-17 269000]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28 144200]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-09-16 114688]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2013-12-19 30814400]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-10-17 147624]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-08-10 1255736]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-01-03 1259448]
-----------------EOF-----------------
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Detekované viry + zpomalené PC
Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:
a klikněte na >MoveIt!<. Před skenem vypněte antivir a po něm restartujte PC. Dejte nový log RSIT.:files
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]/64
:commands
[Purity]
[Emptytemp]
[Emptyflash]
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Detekované viry + zpomalené PC
OTM log
All processes killed
========== FILES ==========
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
========== REGISTRY ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: Tomáš
->Temp folder emptied: 26743037 bytes
->Temporary Internet Files folder emptied: 3052490 bytes
->FireFox cache emptied: 371507023 bytes
->Google Chrome cache emptied: 419319830 bytes
->Flash cache emptied: 205818 bytes
User: UpdatusUser
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 419083704 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33428 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 60729 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1 183,00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Public
User: Tomáš
->Flash cache emptied: 0 bytes
User: UpdatusUser
Total Flash Files Cleaned = 0,00 mb
OTM by OldTimer - Version 3.1.21.0 log created on 10292015_201855
Files moved on Reboot...
C:\Users\Tomáš\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.
Registry entries deleted on Reboot...
All processes killed
========== FILES ==========
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
========== REGISTRY ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: Tomáš
->Temp folder emptied: 26743037 bytes
->Temporary Internet Files folder emptied: 3052490 bytes
->FireFox cache emptied: 371507023 bytes
->Google Chrome cache emptied: 419319830 bytes
->Flash cache emptied: 205818 bytes
User: UpdatusUser
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 419083704 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33428 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 60729 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1 183,00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Public
User: Tomáš
->Flash cache emptied: 0 bytes
User: UpdatusUser
Total Flash Files Cleaned = 0,00 mb
OTM by OldTimer - Version 3.1.21.0 log created on 10292015_201855
Files moved on Reboot...
C:\Users\Tomáš\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.
Registry entries deleted on Reboot...
Re: Detekované viry + zpomalené PC
nový RSIT log
Logfile of random's system information tool 1.10 (written by random/random)
Run by Tomáš at 2015-10-29 20:33:35
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 90 GB (56%) free of 160 GB
Total RAM: 4094 MB (65% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:33:52, on 29.10.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18057)
Boot mode: Normal
Running processes:
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Tomáš.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://www.slavoj.cz
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 8027 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
atieclxx
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
"C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe"
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchIndexer.exe /Embedding
taskeng.exe {2D604345-27DE-4927-96F9-522D8B32DDE7}
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Windows\system32\GWX\GWX.exe"
taskeng.exe {F21421C9-0030-49C9-9D72-FB499FAD61BA}
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --incognito
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="3776.0.631146773\574553874" --supports-dual-gpus=false --gpu-driver-bug-workarounds=2,12,20,45,55 --disable-accelerated-video-decode --gpu-vendor-id=0x10de --gpu-device-id=0x0140 --gpu-driver-vendor=NVIDIA --gpu-driver-version=9.18.13.908 --ignored=" --type=renderer " /prefetch:822062411
"D:\Dokumenty\ONDRA_dokumenty\Karel Gott\KeePass-2.26\KeePass.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AffiliationBasedMatching/Enabled/AppBannerTriggering/Aggressive/AsyncSetAsDefault/Enabled/AudioProcessing48kHzSupport/Default/*AutofillClassifier/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Default/ChromotingQUIC/Disabled/*ClientSideDetectionModel/Model0/*DomRel-Enable/enable/*EmbeddedSearch/Group13 pct:1d stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableGoogleCachedCopyTextExperiment/Button/EnableSessionCrashedBubbleUI/Enabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/Unused_2/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/*PluginPowerSaver/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledNoId/RefreshTokenDeviceId/Enabled/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingReportPhishingErrorLink/Disabled/SafeBrowsingSocialEngineeringStrings/Disabled/*SdchPersistence/Enabled/SessionRestoreBackgroundLoading/Restore/*SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=1 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --channel="3776.2.2129605372\1214422904" --font-cache-shared-handle=2300 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --disable-databases --lang=cs --force-fieldtrials="AffiliationBasedMatching/Enabled/AppBannerTriggering/Aggressive/AsyncSetAsDefault/Enabled/AudioProcessing48kHzSupport/Default/*AutofillClassifier/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Default/ChromotingQUIC/Disabled/*ClientSideDetectionModel/Model0/*DomRel-Enable/enable/*EmbeddedSearch/Group13 pct:1d stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableGoogleCachedCopyTextExperiment/Button/EnableSessionCrashedBubbleUI/Enabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/Unused_2/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/*PluginPowerSaver/Enabled/*PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledNoId/RefreshTokenDeviceId/Enabled/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingReportPhishingErrorLink/Disabled/SafeBrowsingSocialEngineeringStrings/Disabled/*SdchPersistence/Enabled/SessionRestoreBackgroundLoading/Restore/*SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=1 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --channel="3776.3.1434363755\440468151" --font-cache-shared-handle=3596 /prefetch:673131151
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 528 532 540 65536 536
"C:\Users\Tomáš\Desktop\RSITx64.exe"
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
=========Mozilla firefox=========
ProfilePath - C:\Users\Tomáš\AppData\Roaming\Mozilla\Firefox\Profiles\cdmrwuo1.default
prefs.js - "browser.startup.homepage" - "https://www.google.cz/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 19.0.0.226 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 19.0.0.226 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-12-19 6671064]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-02 655480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 690392]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-02 559624]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"=C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [2009-04-09 320000]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2012-06-11 12503184]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeePass 2 PreLoad]
C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe --preload []
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"=C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2012-11-05 89184]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2015-09-21 6134544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-12-19 6671064]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"msacm.l3codecp"=l3codecp.acm
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2015-10-29 20:18:55 ----D---- C:\_OTM
2015-10-29 15:56:32 ----D---- C:\AdwCleaner
2015-10-29 00:13:02 ----D---- C:\rsit
2015-10-17 05:55:45 ----D---- C:\Program Files (x86)\Mozilla Firefox
2015-10-15 16:45:03 ----A---- C:\Windows\system32\invagent.dll
2015-10-15 16:45:03 ----A---- C:\Windows\system32\generaltel.dll
2015-10-15 16:45:03 ----A---- C:\Windows\system32\devinv.dll
2015-10-15 16:45:03 ----A---- C:\Windows\system32\CompatTelRunner.exe
2015-10-15 16:45:03 ----A---- C:\Windows\system32\appraiser.dll
2015-10-15 16:45:03 ----A---- C:\Windows\system32\aeinv.dll
2015-10-15 16:45:03 ----A---- C:\Windows\system32\acmigration.dll
2015-10-14 13:06:53 ----A---- C:\Windows\system32\shell32.dll
2015-10-14 13:06:52 ----A---- C:\Windows\system32\ExplorerFrame.dll
2015-10-14 13:06:51 ----A---- C:\Windows\SYSWOW64\shell32.dll
2015-10-14 13:06:51 ----A---- C:\Windows\SYSWOW64\ExplorerFrame.dll
2015-10-14 13:06:43 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2015-10-14 13:06:42 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2015-10-14 13:06:42 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2015-10-14 13:06:42 ----A---- C:\Windows\system32\ieetwproxystub.dll
2015-10-14 13:06:42 ----A---- C:\Windows\system32\ieetwcollector.exe
2015-10-14 13:06:41 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2015-10-14 13:06:41 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2015-10-14 13:06:41 ----A---- C:\Windows\SYSWOW64\occache.dll
2015-10-14 13:06:41 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2015-10-14 13:06:41 ----A---- C:\Windows\system32\iernonce.dll
2015-10-14 13:06:41 ----A---- C:\Windows\system32\ie4uinit.exe
2015-10-14 13:06:40 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2015-10-14 13:06:40 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2015-10-14 13:06:40 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2015-10-14 13:06:40 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2015-10-14 13:06:40 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-10-14 13:06:38 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2015-10-14 13:06:38 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2015-10-14 13:06:38 ----A---- C:\Windows\system32\urlmon.dll
2015-10-14 13:06:38 ----A---- C:\Windows\system32\occache.dll
2015-10-14 13:06:38 ----A---- C:\Windows\system32\iedkcs32.dll
2015-10-14 13:06:37 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2015-10-14 13:06:37 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2015-10-14 13:06:37 ----A---- C:\Windows\SYSWOW64\jscript.dll
2015-10-14 13:06:37 ----A---- C:\Windows\SYSWOW64\ieui.dll
2015-10-14 13:06:37 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2015-10-14 13:06:37 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2015-10-14 13:06:37 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2015-10-14 13:06:37 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2015-10-14 13:06:37 ----A---- C:\Windows\system32\msfeeds.dll
2015-10-14 13:06:37 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2015-10-14 13:06:37 ----A---- C:\Windows\system32\dxtrans.dll
2015-10-14 13:06:36 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2015-10-14 13:06:36 ----A---- C:\Windows\system32\iesetup.dll
2015-10-14 13:06:36 ----A---- C:\Windows\system32\ieapfltr.dll
2015-10-14 13:06:35 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2015-10-14 13:06:35 ----A---- C:\Windows\system32\iertutil.dll
2015-10-14 13:06:34 ----A---- C:\Windows\SYSWOW64\wininet.dll
2015-10-14 13:06:34 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2015-10-14 13:06:34 ----A---- C:\Windows\SYSWOW64\msrating.dll
2015-10-14 13:06:34 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2015-10-14 13:06:34 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2015-10-14 13:06:34 ----A---- C:\Windows\system32\vbscript.dll
2015-10-14 13:06:34 ----A---- C:\Windows\system32\jsproxy.dll
2015-10-14 13:06:34 ----A---- C:\Windows\system32\dxtmsft.dll
2015-10-14 13:06:33 ----A---- C:\Windows\system32\mshtmlmedia.dll
2015-10-14 13:06:33 ----A---- C:\Windows\system32\mshtmled.dll
2015-10-14 13:06:33 ----A---- C:\Windows\system32\ieui.dll
2015-10-14 13:06:33 ----A---- C:\Windows\system32\ieframe.dll
2015-10-14 13:06:32 ----A---- C:\Windows\system32\wininet.dll
2015-10-14 13:06:32 ----A---- C:\Windows\system32\webcheck.dll
2015-10-14 13:06:32 ----A---- C:\Windows\system32\jscript9diag.dll
2015-10-14 13:06:32 ----A---- C:\Windows\system32\jscript9.dll
2015-10-14 13:06:32 ----A---- C:\Windows\system32\jscript.dll
2015-10-14 13:06:32 ----A---- C:\Windows\system32\ieUnatt.exe
2015-10-14 13:06:31 ----A---- C:\Windows\system32\msrating.dll
2015-10-14 13:06:31 ----A---- C:\Windows\system32\MshtmlDac.dll
2015-10-14 13:06:30 ----A---- C:\Windows\system32\mshtml.dll
2015-10-14 13:05:41 ----A---- C:\Windows\system32\wucltux.dll
2015-10-14 13:05:41 ----A---- C:\Windows\system32\wuaueng.dll
2015-10-14 13:05:40 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2015-10-14 13:05:40 ----A---- C:\Windows\SYSWOW64\wups.dll
2015-10-14 13:05:40 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2015-10-14 13:05:40 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2015-10-14 13:05:40 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2015-10-14 13:05:40 ----A---- C:\Windows\system32\wuwebv.dll
2015-10-14 13:05:40 ----A---- C:\Windows\system32\wups2.dll
2015-10-14 13:05:40 ----A---- C:\Windows\system32\wups.dll
2015-10-14 13:05:40 ----A---- C:\Windows\system32\wudriver.dll
2015-10-14 13:05:40 ----A---- C:\Windows\system32\wuauclt.exe
2015-10-14 13:05:40 ----A---- C:\Windows\system32\wuapp.exe
2015-10-14 13:05:40 ----A---- C:\Windows\system32\wuapi.dll
2015-10-14 13:05:40 ----A---- C:\Windows\system32\wu.upgrade.ps.dll
2015-10-14 13:05:40 ----A---- C:\Windows\system32\WinSetupUI.dll
2015-10-14 13:05:29 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-10-14 13:05:28 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2015-10-14 13:05:28 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2015-10-14 13:05:27 ----A---- C:\Windows\system32\kernel32.dll
2015-10-14 13:05:27 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2015-10-14 13:05:26 ----A---- C:\Windows\SYSWOW64\schannel.dll
2015-10-14 13:05:26 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2015-10-14 13:05:26 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2015-10-14 13:05:26 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2015-10-14 13:05:26 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2015-10-14 13:05:26 ----A---- C:\Windows\system32\wow64.dll
2015-10-14 13:05:26 ----A---- C:\Windows\system32\winsrv.dll
2015-10-14 13:05:26 ----A---- C:\Windows\system32\wdigest.dll
2015-10-14 13:05:26 ----A---- C:\Windows\system32\srcore.dll
2015-10-14 13:05:26 ----A---- C:\Windows\system32\schannel.dll
2015-10-14 13:05:26 ----A---- C:\Windows\system32\rstrui.exe
2015-10-14 13:05:26 ----A---- C:\Windows\system32\rpcrt4.dll
2015-10-14 13:05:26 ----A---- C:\Windows\system32\ntdll.dll
2015-10-14 13:05:26 ----A---- C:\Windows\system32\ncrypt.dll
2015-10-14 13:05:26 ----A---- C:\Windows\system32\msv1_0.dll
2015-10-14 13:05:26 ----A---- C:\Windows\system32\lsasrv.dll
2015-10-14 13:05:26 ----A---- C:\Windows\system32\KernelBase.dll
2015-10-14 13:05:26 ----A---- C:\Windows\system32\kerberos.dll
2015-10-14 13:05:26 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2015-10-14 13:05:26 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2015-10-14 13:05:26 ----A---- C:\Windows\system32\conhost.exe
2015-10-14 13:05:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-10-14 13:05:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2015-10-14 13:05:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-14 13:05:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-14 13:05:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-10-14 13:05:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2015-10-14 13:05:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-14 13:05:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-10-14 13:05:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-14 13:05:25 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-10-14 13:05:25 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-10-14 13:05:25 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-14 13:05:25 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-14 13:05:25 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-10-14 13:05:25 ----A---- C:\Windows\SYSWOW64\wow32.dll
2015-10-14 13:05:25 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2015-10-14 13:05:25 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2015-10-14 13:05:25 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2015-10-14 13:05:25 ----A---- C:\Windows\SYSWOW64\srclient.dll
2015-10-14 13:05:25 ----A---- C:\Windows\SYSWOW64\setup16.exe
2015-10-14 13:05:25 ----A---- C:\Windows\SYSWOW64\secur32.dll
2015-10-14 13:05:25 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2015-10-14 13:05:25 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2015-10-14 13:05:25 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2015-10-14 13:05:25 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2015-10-14 13:05:25 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2015-10-14 13:05:25 ----A---- C:\Windows\SYSWOW64\credssp.dll
2015-10-14 13:05:25 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2015-10-14 13:05:25 ----A---- C:\Windows\system32\wow64win.dll
2015-10-14 13:05:25 ----A---- C:\Windows\system32\wow64cpu.dll
2015-10-14 13:05:25 ----A---- C:\Windows\system32\TSpkg.dll
2015-10-14 13:05:25 ----A---- C:\Windows\system32\sspisrv.dll
2015-10-14 13:05:25 ----A---- C:\Windows\system32\sspicli.dll
2015-10-14 13:05:25 ----A---- C:\Windows\system32\srclient.dll
2015-10-14 13:05:25 ----A---- C:\Windows\system32\smss.exe
2015-10-14 13:05:25 ----A---- C:\Windows\system32\secur32.dll
2015-10-14 13:05:25 ----A---- C:\Windows\system32\ntvdm64.dll
2015-10-14 13:05:25 ----A---- C:\Windows\system32\lsass.exe
2015-10-14 13:05:25 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2015-10-14 13:05:25 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2015-10-14 13:05:25 ----A---- C:\Windows\system32\csrsrv.dll
2015-10-14 13:05:25 ----A---- C:\Windows\system32\cryptbase.dll
2015-10-14 13:05:25 ----A---- C:\Windows\system32\credssp.dll
2015-10-14 13:05:25 ----A---- C:\Windows\system32\auditpol.exe
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-10-14 13:05:24 ----A---- C:\Windows\SYSWOW64\user.exe
2015-10-14 13:05:24 ----A---- C:\Windows\SYSWOW64\instnm.exe
2015-10-14 13:05:24 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2015-10-14 13:05:24 ----A---- C:\Windows\system32\apisetschema.dll
2015-10-14 13:05:23 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2015-10-14 13:05:23 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2015-10-14 13:05:23 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2015-10-14 13:05:23 ----A---- C:\Windows\system32\msobjs.dll
2015-10-14 13:05:23 ----A---- C:\Windows\system32\msaudite.dll
2015-10-14 13:05:23 ----A---- C:\Windows\system32\adtschema.dll
2015-10-14 13:05:06 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2015-10-14 13:05:06 ----A---- C:\Windows\system32\setbcdlocale.dll
2015-10-14 13:05:06 ----A---- C:\Windows\system32\appidsvc.dll
2015-10-14 13:05:06 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2015-10-14 13:05:06 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2015-10-14 13:05:06 ----A---- C:\Windows\system32\appidapi.dll
2015-10-14 13:05:05 ----A---- C:\Windows\system32\drivers\appid.sys
2015-10-14 13:04:52 ----A---- C:\Windows\SYSWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-14 13:04:52 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 13:04:52 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 13:04:52 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 13:04:52 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l2-1-0.dll
2015-10-14 13:04:52 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-timezone-l1-1-0.dll
2015-10-14 13:04:52 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-14 13:04:52 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-2-0.dll
2015-10-14 13:04:52 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-file-l2-1-0.dll
2015-10-14 13:04:52 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-2-0.dll
2015-10-14 13:04:52 ----A---- C:\Windows\system32\ucrtbase.dll
2015-10-14 13:04:52 ----A---- C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-14 13:04:52 ----A---- C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 13:04:52 ----A---- C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 13:04:52 ----A---- C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-10-14 13:04:52 ----A---- C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-10-14 13:04:52 ----A---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-14 13:04:52 ----A---- C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\SYSWOW64\ucrtbase.dll
2015-10-14 13:04:51 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-2-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
======List of files/folders modified in the last 1 month======
2015-10-29 20:33:48 ----D---- C:\Windows\Prefetch
2015-10-29 20:33:38 ----D---- C:\Program Files\trend micro
2015-10-29 20:25:28 ----D---- C:\Windows\System32
2015-10-29 20:25:28 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-10-29 20:21:22 ----D---- C:\Windows\Temp
2015-10-29 20:20:18 ----D---- C:\Windows\system32\config
2015-10-29 20:18:56 ----D---- C:\Windows\Tasks
2015-10-29 19:16:31 ----D---- C:\Users\Tomáš\AppData\Roaming\Skype
2015-10-29 15:59:58 ----RD---- C:\Program Files (x86)
2015-10-29 15:59:58 ----HD---- C:\ProgramData
2015-10-28 07:30:26 ----SHD---- C:\System Volume Information
2015-10-18 10:22:45 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-17 18:45:22 ----D---- C:\Windows\SysWOW64
2015-10-17 18:45:17 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-10-16 13:19:37 ----SHD---- C:\Windows\Installer
2015-10-15 20:38:14 ----D---- C:\Windows\winsxs
2015-10-15 20:38:06 ----SD---- C:\Windows\system32\CompatTel
2015-10-15 20:38:05 ----D---- C:\Windows\system32\appraiser
2015-10-15 20:38:04 ----D---- C:\Windows\AppPatch
2015-10-15 19:13:14 ----D---- C:\ProgramData\Skype
2015-10-15 18:53:04 ----D---- C:\Windows\system32\Tasks
2015-10-15 16:40:31 ----D---- C:\Windows\system32\catroot2
2015-10-14 18:13:24 ----D---- C:\Windows\rescache
2015-10-14 15:34:33 ----D---- C:\Windows\SYSWOW64\cs-CZ
2015-10-14 15:34:33 ----D---- C:\Program Files\Internet Explorer
2015-10-14 15:34:32 ----D---- C:\Windows\SYSWOW64\en-US
2015-10-14 15:34:31 ----D---- C:\Windows\system32\en-US
2015-10-14 15:34:31 ----D---- C:\Windows\system32\cs-CZ
2015-10-14 15:34:29 ----D---- C:\Program Files (x86)\Internet Explorer
2015-10-14 15:34:24 ----D---- C:\Windows\system32\drivers
2015-10-14 15:34:22 ----D---- C:\Windows\system32\CodeIntegrity
2015-10-14 15:34:22 ----D---- C:\Windows\system32\Boot
2015-10-14 13:34:49 ----D---- C:\ProgramData\Microsoft Help
2015-10-14 13:34:31 ----D---- C:\Windows\system32\MRT
2015-10-14 13:29:36 ----A---- C:\Windows\system32\MRT.exe
2015-10-14 13:26:53 ----A---- C:\Windows\win.ini
2015-10-09 14:28:55 ----SD---- C:\Windows\system32\GWX
2015-10-08 18:52:59 ----SD---- C:\Windows\SYSWOW64\GWX
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2015-09-21 65224]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2015-09-21 274808]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\Windows\System32\drivers\sfdrv01.sys [2009-02-03 75384]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\Windows\System32\drivers\sfhlp02.sys [2006-06-14 14192]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\Windows\System32\drivers\sfvfs02.sys [2007-02-08 107384]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2015-09-21 93528]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2015-09-21 1049880]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2015-09-21 448968]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2015-09-21 28656]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2015-09-21 90968]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2015-09-21 153744]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2012-06-19 4065296]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-09-29 646248]
S2 WCMVCAM;WebcamMax, WDM Video Capture; C:\Windows\system32\DRIVERS\wcmvcam64.sys [2012-04-15 1071032]
S3 AmUStor;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS [2009-05-26 40448]
S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2011-06-27 2753536]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-07-30 6038016]
S3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1E62x64.sys [2009-08-23 56320]
S3 MOSUMAC;USB-Ethernet Driver; C:\Windows\system32\DRIVERS\USBMAC64.SYS [2012-04-10 48640]
S3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATK64AMD.sys [2007-08-09 13680]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2013-02-12 19968]
S3 WinUsb;WinUsb; C:\Windows\system32\drivers\WinUsb.sys [2010-11-20 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-09-14 82128]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-07-29 203264]
R2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe [2009-06-15 84536]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-09-21 146600]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2015-01-31 878400]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28 144200]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-07-09 327296]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-17 269000]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28 144200]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-09-16 114688]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2013-12-19 30814400]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-10-17 147624]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-08-10 1255736]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-01-03 1259448]
-----------------EOF-----------------
Logfile of random's system information tool 1.10 (written by random/random)
Run by Tomáš at 2015-10-29 20:33:35
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 90 GB (56%) free of 160 GB
Total RAM: 4094 MB (65% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:33:52, on 29.10.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18057)
Boot mode: Normal
Running processes:
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Tomáš.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://www.slavoj.cz
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 8027 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
atieclxx
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
"C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe"
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchIndexer.exe /Embedding
taskeng.exe {2D604345-27DE-4927-96F9-522D8B32DDE7}
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Windows\system32\GWX\GWX.exe"
taskeng.exe {F21421C9-0030-49C9-9D72-FB499FAD61BA}
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --incognito
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="3776.0.631146773\574553874" --supports-dual-gpus=false --gpu-driver-bug-workarounds=2,12,20,45,55 --disable-accelerated-video-decode --gpu-vendor-id=0x10de --gpu-device-id=0x0140 --gpu-driver-vendor=NVIDIA --gpu-driver-version=9.18.13.908 --ignored=" --type=renderer " /prefetch:822062411
"D:\Dokumenty\ONDRA_dokumenty\Karel Gott\KeePass-2.26\KeePass.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AffiliationBasedMatching/Enabled/AppBannerTriggering/Aggressive/AsyncSetAsDefault/Enabled/AudioProcessing48kHzSupport/Default/*AutofillClassifier/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Default/ChromotingQUIC/Disabled/*ClientSideDetectionModel/Model0/*DomRel-Enable/enable/*EmbeddedSearch/Group13 pct:1d stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableGoogleCachedCopyTextExperiment/Button/EnableSessionCrashedBubbleUI/Enabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/Unused_2/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/*PluginPowerSaver/Enabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledNoId/RefreshTokenDeviceId/Enabled/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingReportPhishingErrorLink/Disabled/SafeBrowsingSocialEngineeringStrings/Disabled/*SdchPersistence/Enabled/SessionRestoreBackgroundLoading/Restore/*SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=1 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --channel="3776.2.2129605372\1214422904" --font-cache-shared-handle=2300 /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --disable-databases --lang=cs --force-fieldtrials="AffiliationBasedMatching/Enabled/AppBannerTriggering/Aggressive/AsyncSetAsDefault/Enabled/AudioProcessing48kHzSupport/Default/*AutofillClassifier/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Default/ChromotingQUIC/Disabled/*ClientSideDetectionModel/Model0/*DomRel-Enable/enable/*EmbeddedSearch/Group13 pct:1d stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableGoogleCachedCopyTextExperiment/Button/EnableSessionCrashedBubbleUI/Enabled/*EnhancedBookmarks/Default/*ExtensionContentVerification/Enforce/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled2/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/NewVideoRendererTrial/Enabled/*OmniboxBundledExperimentV1/Unused_2/*PasswordGeneration/Disabled/PasswordLinkInSettings/Enabled/*PluginPowerSaver/Enabled/*PrerenderFromOmnibox/OmniboxPrerenderEnabled/*QUIC/EnabledNoId/RefreshTokenDeviceId/Enabled/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingReportPhishingErrorLink/Disabled/SafeBrowsingSocialEngineeringStrings/Disabled/*SdchPersistence/Enabled/SessionRestoreBackgroundLoading/Restore/*SlimmingPaint/EnableSlimmingPaint/SyncBackingDatabase32K/Enabled/*UMA-Dynamic-Binary-Uniformity-Trial/default/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*VarationsServiceControl/Interval_30min/VoiceTrigger/Install/WebRTC-UDPSocketNonBlockingIO/Default/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=1 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --channel="3776.3.1434363755\440468151" --font-cache-shared-handle=3596 /prefetch:673131151
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 528 532 540 65536 536
"C:\Users\Tomáš\Desktop\RSITx64.exe"
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
=========Mozilla firefox=========
ProfilePath - C:\Users\Tomáš\AppData\Roaming\Mozilla\Firefox\Profiles\cdmrwuo1.default
prefs.js - "browser.startup.homepage" - "https://www.google.cz/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 19.0.0.226 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 19.0.0.226 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-12-19 6671064]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-02 655480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 690392]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-02 559624]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"=C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [2009-04-09 320000]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2012-06-11 12503184]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeePass 2 PreLoad]
C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe --preload []
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"=C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2012-11-05 89184]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2015-09-21 6134544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-12-19 6671064]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"msacm.l3codecp"=l3codecp.acm
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2015-10-29 20:18:55 ----D---- C:\_OTM
2015-10-29 15:56:32 ----D---- C:\AdwCleaner
2015-10-29 00:13:02 ----D---- C:\rsit
2015-10-17 05:55:45 ----D---- C:\Program Files (x86)\Mozilla Firefox
2015-10-15 16:45:03 ----A---- C:\Windows\system32\invagent.dll
2015-10-15 16:45:03 ----A---- C:\Windows\system32\generaltel.dll
2015-10-15 16:45:03 ----A---- C:\Windows\system32\devinv.dll
2015-10-15 16:45:03 ----A---- C:\Windows\system32\CompatTelRunner.exe
2015-10-15 16:45:03 ----A---- C:\Windows\system32\appraiser.dll
2015-10-15 16:45:03 ----A---- C:\Windows\system32\aeinv.dll
2015-10-15 16:45:03 ----A---- C:\Windows\system32\acmigration.dll
2015-10-14 13:06:53 ----A---- C:\Windows\system32\shell32.dll
2015-10-14 13:06:52 ----A---- C:\Windows\system32\ExplorerFrame.dll
2015-10-14 13:06:51 ----A---- C:\Windows\SYSWOW64\shell32.dll
2015-10-14 13:06:51 ----A---- C:\Windows\SYSWOW64\ExplorerFrame.dll
2015-10-14 13:06:43 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2015-10-14 13:06:42 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2015-10-14 13:06:42 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2015-10-14 13:06:42 ----A---- C:\Windows\system32\ieetwproxystub.dll
2015-10-14 13:06:42 ----A---- C:\Windows\system32\ieetwcollector.exe
2015-10-14 13:06:41 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2015-10-14 13:06:41 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2015-10-14 13:06:41 ----A---- C:\Windows\SYSWOW64\occache.dll
2015-10-14 13:06:41 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2015-10-14 13:06:41 ----A---- C:\Windows\system32\iernonce.dll
2015-10-14 13:06:41 ----A---- C:\Windows\system32\ie4uinit.exe
2015-10-14 13:06:40 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2015-10-14 13:06:40 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2015-10-14 13:06:40 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2015-10-14 13:06:40 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2015-10-14 13:06:40 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-10-14 13:06:38 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2015-10-14 13:06:38 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2015-10-14 13:06:38 ----A---- C:\Windows\system32\urlmon.dll
2015-10-14 13:06:38 ----A---- C:\Windows\system32\occache.dll
2015-10-14 13:06:38 ----A---- C:\Windows\system32\iedkcs32.dll
2015-10-14 13:06:37 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2015-10-14 13:06:37 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2015-10-14 13:06:37 ----A---- C:\Windows\SYSWOW64\jscript.dll
2015-10-14 13:06:37 ----A---- C:\Windows\SYSWOW64\ieui.dll
2015-10-14 13:06:37 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2015-10-14 13:06:37 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2015-10-14 13:06:37 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2015-10-14 13:06:37 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2015-10-14 13:06:37 ----A---- C:\Windows\system32\msfeeds.dll
2015-10-14 13:06:37 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2015-10-14 13:06:37 ----A---- C:\Windows\system32\dxtrans.dll
2015-10-14 13:06:36 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2015-10-14 13:06:36 ----A---- C:\Windows\system32\iesetup.dll
2015-10-14 13:06:36 ----A---- C:\Windows\system32\ieapfltr.dll
2015-10-14 13:06:35 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2015-10-14 13:06:35 ----A---- C:\Windows\system32\iertutil.dll
2015-10-14 13:06:34 ----A---- C:\Windows\SYSWOW64\wininet.dll
2015-10-14 13:06:34 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2015-10-14 13:06:34 ----A---- C:\Windows\SYSWOW64\msrating.dll
2015-10-14 13:06:34 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2015-10-14 13:06:34 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2015-10-14 13:06:34 ----A---- C:\Windows\system32\vbscript.dll
2015-10-14 13:06:34 ----A---- C:\Windows\system32\jsproxy.dll
2015-10-14 13:06:34 ----A---- C:\Windows\system32\dxtmsft.dll
2015-10-14 13:06:33 ----A---- C:\Windows\system32\mshtmlmedia.dll
2015-10-14 13:06:33 ----A---- C:\Windows\system32\mshtmled.dll
2015-10-14 13:06:33 ----A---- C:\Windows\system32\ieui.dll
2015-10-14 13:06:33 ----A---- C:\Windows\system32\ieframe.dll
2015-10-14 13:06:32 ----A---- C:\Windows\system32\wininet.dll
2015-10-14 13:06:32 ----A---- C:\Windows\system32\webcheck.dll
2015-10-14 13:06:32 ----A---- C:\Windows\system32\jscript9diag.dll
2015-10-14 13:06:32 ----A---- C:\Windows\system32\jscript9.dll
2015-10-14 13:06:32 ----A---- C:\Windows\system32\jscript.dll
2015-10-14 13:06:32 ----A---- C:\Windows\system32\ieUnatt.exe
2015-10-14 13:06:31 ----A---- C:\Windows\system32\msrating.dll
2015-10-14 13:06:31 ----A---- C:\Windows\system32\MshtmlDac.dll
2015-10-14 13:06:30 ----A---- C:\Windows\system32\mshtml.dll
2015-10-14 13:05:41 ----A---- C:\Windows\system32\wucltux.dll
2015-10-14 13:05:41 ----A---- C:\Windows\system32\wuaueng.dll
2015-10-14 13:05:40 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2015-10-14 13:05:40 ----A---- C:\Windows\SYSWOW64\wups.dll
2015-10-14 13:05:40 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2015-10-14 13:05:40 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2015-10-14 13:05:40 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2015-10-14 13:05:40 ----A---- C:\Windows\system32\wuwebv.dll
2015-10-14 13:05:40 ----A---- C:\Windows\system32\wups2.dll
2015-10-14 13:05:40 ----A---- C:\Windows\system32\wups.dll
2015-10-14 13:05:40 ----A---- C:\Windows\system32\wudriver.dll
2015-10-14 13:05:40 ----A---- C:\Windows\system32\wuauclt.exe
2015-10-14 13:05:40 ----A---- C:\Windows\system32\wuapp.exe
2015-10-14 13:05:40 ----A---- C:\Windows\system32\wuapi.dll
2015-10-14 13:05:40 ----A---- C:\Windows\system32\wu.upgrade.ps.dll
2015-10-14 13:05:40 ----A---- C:\Windows\system32\WinSetupUI.dll
2015-10-14 13:05:29 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-10-14 13:05:28 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2015-10-14 13:05:28 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2015-10-14 13:05:27 ----A---- C:\Windows\system32\kernel32.dll
2015-10-14 13:05:27 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2015-10-14 13:05:26 ----A---- C:\Windows\SYSWOW64\schannel.dll
2015-10-14 13:05:26 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2015-10-14 13:05:26 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2015-10-14 13:05:26 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2015-10-14 13:05:26 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2015-10-14 13:05:26 ----A---- C:\Windows\system32\wow64.dll
2015-10-14 13:05:26 ----A---- C:\Windows\system32\winsrv.dll
2015-10-14 13:05:26 ----A---- C:\Windows\system32\wdigest.dll
2015-10-14 13:05:26 ----A---- C:\Windows\system32\srcore.dll
2015-10-14 13:05:26 ----A---- C:\Windows\system32\schannel.dll
2015-10-14 13:05:26 ----A---- C:\Windows\system32\rstrui.exe
2015-10-14 13:05:26 ----A---- C:\Windows\system32\rpcrt4.dll
2015-10-14 13:05:26 ----A---- C:\Windows\system32\ntdll.dll
2015-10-14 13:05:26 ----A---- C:\Windows\system32\ncrypt.dll
2015-10-14 13:05:26 ----A---- C:\Windows\system32\msv1_0.dll
2015-10-14 13:05:26 ----A---- C:\Windows\system32\lsasrv.dll
2015-10-14 13:05:26 ----A---- C:\Windows\system32\KernelBase.dll
2015-10-14 13:05:26 ----A---- C:\Windows\system32\kerberos.dll
2015-10-14 13:05:26 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2015-10-14 13:05:26 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2015-10-14 13:05:26 ----A---- C:\Windows\system32\conhost.exe
2015-10-14 13:05:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-10-14 13:05:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2015-10-14 13:05:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-14 13:05:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-14 13:05:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-10-14 13:05:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2015-10-14 13:05:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-14 13:05:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-10-14 13:05:25 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-14 13:05:25 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-10-14 13:05:25 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-10-14 13:05:25 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-14 13:05:25 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-14 13:05:25 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-10-14 13:05:25 ----A---- C:\Windows\SYSWOW64\wow32.dll
2015-10-14 13:05:25 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2015-10-14 13:05:25 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2015-10-14 13:05:25 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2015-10-14 13:05:25 ----A---- C:\Windows\SYSWOW64\srclient.dll
2015-10-14 13:05:25 ----A---- C:\Windows\SYSWOW64\setup16.exe
2015-10-14 13:05:25 ----A---- C:\Windows\SYSWOW64\secur32.dll
2015-10-14 13:05:25 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2015-10-14 13:05:25 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2015-10-14 13:05:25 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2015-10-14 13:05:25 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2015-10-14 13:05:25 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2015-10-14 13:05:25 ----A---- C:\Windows\SYSWOW64\credssp.dll
2015-10-14 13:05:25 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2015-10-14 13:05:25 ----A---- C:\Windows\system32\wow64win.dll
2015-10-14 13:05:25 ----A---- C:\Windows\system32\wow64cpu.dll
2015-10-14 13:05:25 ----A---- C:\Windows\system32\TSpkg.dll
2015-10-14 13:05:25 ----A---- C:\Windows\system32\sspisrv.dll
2015-10-14 13:05:25 ----A---- C:\Windows\system32\sspicli.dll
2015-10-14 13:05:25 ----A---- C:\Windows\system32\srclient.dll
2015-10-14 13:05:25 ----A---- C:\Windows\system32\smss.exe
2015-10-14 13:05:25 ----A---- C:\Windows\system32\secur32.dll
2015-10-14 13:05:25 ----A---- C:\Windows\system32\ntvdm64.dll
2015-10-14 13:05:25 ----A---- C:\Windows\system32\lsass.exe
2015-10-14 13:05:25 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2015-10-14 13:05:25 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2015-10-14 13:05:25 ----A---- C:\Windows\system32\csrsrv.dll
2015-10-14 13:05:25 ----A---- C:\Windows\system32\cryptbase.dll
2015-10-14 13:05:25 ----A---- C:\Windows\system32\credssp.dll
2015-10-14 13:05:25 ----A---- C:\Windows\system32\auditpol.exe
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-10-14 13:05:24 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-10-14 13:05:24 ----A---- C:\Windows\SYSWOW64\user.exe
2015-10-14 13:05:24 ----A---- C:\Windows\SYSWOW64\instnm.exe
2015-10-14 13:05:24 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2015-10-14 13:05:24 ----A---- C:\Windows\system32\apisetschema.dll
2015-10-14 13:05:23 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2015-10-14 13:05:23 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2015-10-14 13:05:23 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2015-10-14 13:05:23 ----A---- C:\Windows\system32\msobjs.dll
2015-10-14 13:05:23 ----A---- C:\Windows\system32\msaudite.dll
2015-10-14 13:05:23 ----A---- C:\Windows\system32\adtschema.dll
2015-10-14 13:05:06 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2015-10-14 13:05:06 ----A---- C:\Windows\system32\setbcdlocale.dll
2015-10-14 13:05:06 ----A---- C:\Windows\system32\appidsvc.dll
2015-10-14 13:05:06 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2015-10-14 13:05:06 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2015-10-14 13:05:06 ----A---- C:\Windows\system32\appidapi.dll
2015-10-14 13:05:05 ----A---- C:\Windows\system32\drivers\appid.sys
2015-10-14 13:04:52 ----A---- C:\Windows\SYSWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-14 13:04:52 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 13:04:52 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 13:04:52 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 13:04:52 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l2-1-0.dll
2015-10-14 13:04:52 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-timezone-l1-1-0.dll
2015-10-14 13:04:52 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-14 13:04:52 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-2-0.dll
2015-10-14 13:04:52 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-file-l2-1-0.dll
2015-10-14 13:04:52 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-2-0.dll
2015-10-14 13:04:52 ----A---- C:\Windows\system32\ucrtbase.dll
2015-10-14 13:04:52 ----A---- C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-14 13:04:52 ----A---- C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 13:04:52 ----A---- C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 13:04:52 ----A---- C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-10-14 13:04:52 ----A---- C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-10-14 13:04:52 ----A---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-14 13:04:52 ----A---- C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\SYSWOW64\ucrtbase.dll
2015-10-14 13:04:51 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-2-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-10-14 13:04:51 ----A---- C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
======List of files/folders modified in the last 1 month======
2015-10-29 20:33:48 ----D---- C:\Windows\Prefetch
2015-10-29 20:33:38 ----D---- C:\Program Files\trend micro
2015-10-29 20:25:28 ----D---- C:\Windows\System32
2015-10-29 20:25:28 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-10-29 20:21:22 ----D---- C:\Windows\Temp
2015-10-29 20:20:18 ----D---- C:\Windows\system32\config
2015-10-29 20:18:56 ----D---- C:\Windows\Tasks
2015-10-29 19:16:31 ----D---- C:\Users\Tomáš\AppData\Roaming\Skype
2015-10-29 15:59:58 ----RD---- C:\Program Files (x86)
2015-10-29 15:59:58 ----HD---- C:\ProgramData
2015-10-28 07:30:26 ----SHD---- C:\System Volume Information
2015-10-18 10:22:45 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-17 18:45:22 ----D---- C:\Windows\SysWOW64
2015-10-17 18:45:17 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-10-16 13:19:37 ----SHD---- C:\Windows\Installer
2015-10-15 20:38:14 ----D---- C:\Windows\winsxs
2015-10-15 20:38:06 ----SD---- C:\Windows\system32\CompatTel
2015-10-15 20:38:05 ----D---- C:\Windows\system32\appraiser
2015-10-15 20:38:04 ----D---- C:\Windows\AppPatch
2015-10-15 19:13:14 ----D---- C:\ProgramData\Skype
2015-10-15 18:53:04 ----D---- C:\Windows\system32\Tasks
2015-10-15 16:40:31 ----D---- C:\Windows\system32\catroot2
2015-10-14 18:13:24 ----D---- C:\Windows\rescache
2015-10-14 15:34:33 ----D---- C:\Windows\SYSWOW64\cs-CZ
2015-10-14 15:34:33 ----D---- C:\Program Files\Internet Explorer
2015-10-14 15:34:32 ----D---- C:\Windows\SYSWOW64\en-US
2015-10-14 15:34:31 ----D---- C:\Windows\system32\en-US
2015-10-14 15:34:31 ----D---- C:\Windows\system32\cs-CZ
2015-10-14 15:34:29 ----D---- C:\Program Files (x86)\Internet Explorer
2015-10-14 15:34:24 ----D---- C:\Windows\system32\drivers
2015-10-14 15:34:22 ----D---- C:\Windows\system32\CodeIntegrity
2015-10-14 15:34:22 ----D---- C:\Windows\system32\Boot
2015-10-14 13:34:49 ----D---- C:\ProgramData\Microsoft Help
2015-10-14 13:34:31 ----D---- C:\Windows\system32\MRT
2015-10-14 13:29:36 ----A---- C:\Windows\system32\MRT.exe
2015-10-14 13:26:53 ----A---- C:\Windows\win.ini
2015-10-09 14:28:55 ----SD---- C:\Windows\system32\GWX
2015-10-08 18:52:59 ----SD---- C:\Windows\SYSWOW64\GWX
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2015-09-21 65224]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2015-09-21 274808]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\Windows\System32\drivers\sfdrv01.sys [2009-02-03 75384]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\Windows\System32\drivers\sfhlp02.sys [2006-06-14 14192]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\Windows\System32\drivers\sfvfs02.sys [2007-02-08 107384]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2015-09-21 93528]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2015-09-21 1049880]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2015-09-21 448968]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2015-09-21 28656]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2015-09-21 90968]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2015-09-21 153744]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2012-06-19 4065296]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-09-29 646248]
S2 WCMVCAM;WebcamMax, WDM Video Capture; C:\Windows\system32\DRIVERS\wcmvcam64.sys [2012-04-15 1071032]
S3 AmUStor;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS [2009-05-26 40448]
S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2011-06-27 2753536]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-07-30 6038016]
S3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1E62x64.sys [2009-08-23 56320]
S3 MOSUMAC;USB-Ethernet Driver; C:\Windows\system32\DRIVERS\USBMAC64.SYS [2012-04-10 48640]
S3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATK64AMD.sys [2007-08-09 13680]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2013-02-12 19968]
S3 WinUsb;WinUsb; C:\Windows\system32\drivers\WinUsb.sys [2010-11-20 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-09-14 82128]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-07-29 203264]
R2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe [2009-06-15 84536]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-09-21 146600]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2015-01-31 878400]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28 144200]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-07-09 327296]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-17 269000]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28 144200]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-09-16 114688]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2013-12-19 30814400]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-10-17 147624]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-08-10 1255736]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-01-03 1259448]
-----------------EOF-----------------
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Detekované viry + zpomalené PC
Smazáno. Znovu spusťte OTM a klikněte na >CleanUp!<. OTM po sobě uklidí. Nakonec restartujte PC. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Detekované viry + zpomalené PC
Ano. Ten samý soubor (1 GB) se teď zkopíroval na flashku za 10 minut (předtím 30 minut).
Takže posun rychlosti z 0,5 MB/s na 1,6 MB/s.
Ale netbook s pomalejším HW to zvládnul za necelé 2 minuty (10 MB/s).
Takže posun rychlosti z 0,5 MB/s na 1,6 MB/s.
Ale netbook s pomalejším HW to zvládnul za necelé 2 minuty (10 MB/s).
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Detekované viry + zpomalené PC
Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Detekované viry + zpomalené PC
Malwarebytes Anti-Malware
http://www.malwarebytes.org
Datum skenování: 30.10.2015
Čas skenování: 10:48
Protokol: log.txt
Správce: Ano
Verze: 2.2.0.1024
Databáze malwaru: v2015.10.30.02
Databáze rootkitů: v2015.10.28.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto
OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Tomáš
Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 336385
Uplynulý čas: 8 min, 45 sek
Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 0
(Nenalezeny žádné škodlivé položky)
Moduly: 0
(Nenalezeny žádné škodlivé položky)
Klíče registru: 0
(Nenalezeny žádné škodlivé položky)
Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)
Data registru: 0
(Nenalezeny žádné škodlivé položky)
Složky: 0
(Nenalezeny žádné škodlivé položky)
Soubory: 1
Trojan.Injector.BHO, C:\settings.ini, , [74a65d0047440d29285e6bf9d92bf40c],
Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)
(end)
http://www.malwarebytes.org
Datum skenování: 30.10.2015
Čas skenování: 10:48
Protokol: log.txt
Správce: Ano
Verze: 2.2.0.1024
Databáze malwaru: v2015.10.30.02
Databáze rootkitů: v2015.10.28.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto
OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Tomáš
Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 336385
Uplynulý čas: 8 min, 45 sek
Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 0
(Nenalezeny žádné škodlivé položky)
Moduly: 0
(Nenalezeny žádné škodlivé položky)
Klíče registru: 0
(Nenalezeny žádné škodlivé položky)
Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)
Data registru: 0
(Nenalezeny žádné škodlivé položky)
Složky: 0
(Nenalezeny žádné škodlivé položky)
Soubory: 1
Trojan.Injector.BHO, C:\settings.ini, , [74a65d0047440d29285e6bf9d92bf40c],
Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)
(end)
Re: Detekované viry + zpomalené PC
Mám na Avastu na 1 hodinu pozastavené štíty. Můžu je zapnout, nebo je mám nechat vypnuté?
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Detekované viry + zpomalené PC
Po skenu můžete zapnout a položku nalezenou MBAM smažte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Detekované viry + zpomalené PC
Provedeno.
Přispějete na provoz fóra?