Ransomware

[dokken]

Zdravím
PC byl napaden virem freespeechmail.org, takový ty kočičí oči a přejmenoval všechny fotky
http://sensorstechforum.com/forums/malw ... are-virus/

zatím jsem v nouz.režimu spustil mbam, s tím, že se až se vše vyčistí udělám dekryptování nakonec
PC je pomalé, ale dá se jakžtakž
zde je log RSIT

Logfile of random's system information tool 1.10 (written by random/random)
Run by uzivatel at 2015-11-12 11:09:11
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 398 GB (57%) free of 697 GB
Total RAM: 3767 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:09:23, on 12.11.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18057)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\trend micro\uzivatel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: (no name) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - (no file)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O2 - BHO: (no name) - {C93F72A2-2162-4BBA-A07A-F13663C297A6} - (no file)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: (no name) - {91397D20-1446-11D4-8AF4-0040CA1127B6} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - (no file)
O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [cz.seznam.software.szndesktop] "C:\Windows\system32\config\systemprofile\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [cz.seznam.software.szndesktop] "C:\Windows\system32\config\systemprofile\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q (User 'Default user')
O4 - Startup: 4F1E.tmp
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin_0.5.1.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Ave's 7StartButton Changer - {F791A188-699D-4FD4-955A-EB59E89B1907} - C:\Program Files (x86)\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GamesAppIntegrationService - WildTangent - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HyperDesk's Custom Theme Enabler (HyperDeskCustomThemeEnabler) - Unknown owner - C:\Windows\Installer\MSI488A.tmp
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11345 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs

"C:\Windows\Installer\MSI488A.tmp" -service
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
taskeng.exe {D51CEFA4-7678-4461-ABB2-636A85773CB5}
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe"
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files (x86)\Launch Manager\dsiwmis.exe"
"C:\Program Files (x86)\Launch Manager\LMworker.exe"
"C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe"
"C:\Program Files (x86)\Acer\Registration\GREGsvc.exe"
"C:\Program Files\Acer\Acer Updater\UpdaterService.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Launch Manager\LMutilps32.exe" --system-level-mutex="Local\{B904A927-FE6B-48fd-8C83-6B807BED1F9C}" --enable-wmi-window
"C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE
"C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe"
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe"
taskeng.exe {DDB1D64D-5B35-4D2A-966E-8FBE4E1E0AC4}
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe"
"C:\Windows\system32\GWX\GWX.exe"
"C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\Elantech\ETDCtrl.exe"
"C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe"
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
"C:\Program Files (x86)\Launch Manager\LManager.exe"
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
"C:\Program Files\Elantech\ETDCtrlHelper.exe"
C:\Windows\system32\igfxext.exe -Embedding
C:\Windows\system32\igfxsrvc.exe -Embedding
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe"
"C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe"
"C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE"
C:\Windows\system32\sppsvc.exe
"C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe"
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 512 516 524 65536 520
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-e1dad7f2-e0df-48f4-b2ce-05060d600c9d -SystemEventPortName:HostProcess-e108eb3e-a237-4da1-8334-fbcfa2e726eb -IoCancelEventPortName:HostProcess-718c606c-90ef-4389-99f6-cdf85d867333 -NonStateChangingEventPortName:HostProcess-0d181aa6-68f8-4c00-9d21-782c631be9bd -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:ebb96841-4fc2-4215-8b1e-6eb702a67f89 -DeviceGroupId:WpdFsGroup
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"E:\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3483333757-899328506-4162012953-1003Core.job - C:\Users\uzivatel\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3483333757-899328506-4162012953-1003UA.job - C:\Users\uzivatel\AppData\Local\Facebook\Update\FacebookUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
Bing Bar Helper - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11 1154720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-11-12 885152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-11-12 664184]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C93F72A2-2162-4BBA-A07A-F13663C297A6}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -
{eec0f710-38b5-4aba-99bf-ec87564a4e13} - Bing Bar - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11 1154720]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{91397D20-1446-11D4-8AF4-0040CA1127B6}
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{eec0f710-38b5-4aba-99bf-ec87564a4e13}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-02-18 11779176]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-07-23 161304]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-07-23 386584]
"Persistence"=C:\Windows\system32\igfxpers.exe [2010-07-23 415256]
"ETDCtrl"=C:\Program Files\Elantech\ETDCtrl.exe [2011-04-05 2589992]
"Power Management"=C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [2011-05-10 1831528]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-21 1475584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcadeMovieService]
C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [2011-05-10 177448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupManagerTray]
C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [2011-04-24 297280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
C:\Users\uzivatel\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-26 138096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Online Backup]
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2010-06-01 1155928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce]
C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files (x86)\Skype\Phone\Skype.exe [2015-09-27 57987712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuiteTray]
C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [2011-04-02 340848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"EgisTecPMMUpdate"=C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [2011-03-29 408432]
"EgisUpdate"=C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [2011-03-29 202608]
"LManager"=C:\Program Files (x86)\Launch Manager\LManager.exe [2011-07-01 1103440]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2015-11-12 7004376]

C:\Users\uzivatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
4F1E.tmp

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2010-07-20 271360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Ave's 7StartButton Changer - {F791A188-699D-4FD4-955A-EB59E89B1907} - C:\Program Files (x86)\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll [2010-01-28 104448]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux5"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2015-11-12 11:03:42 ----D---- C:\rsit
2015-11-12 11:03:42 ----D---- C:\Program Files\trend micro
2015-11-12 10:50:03 ----A---- C:\Windows\ntbtlog.txt
2015-11-12 10:42:25 ----A---- C:\Windows\system32\aswBoot.exe
2015-11-12 10:42:15 ----A---- C:\Windows\avastSS.scr
2015-11-12 10:35:23 ----D---- C:\PHOTOS
2015-11-12 10:34:34 ----D---- C:\Users\uzivatel\AppData\Roaming\GHISLER
2015-11-12 10:34:34 ----D---- C:\Program Files\totalcmd
2015-11-12 10:34:34 ----A---- C:\Windows\UC.PIF
2015-11-12 10:34:34 ----A---- C:\Windows\RAR.PIF
2015-11-12 10:34:34 ----A---- C:\Windows\PKZIP.PIF
2015-11-12 10:34:34 ----A---- C:\Windows\PKUNZIP.PIF
2015-11-12 10:34:34 ----A---- C:\Windows\NOCLOSE.PIF
2015-11-12 10:34:34 ----A---- C:\Windows\LHA.PIF
2015-11-12 10:34:34 ----A---- C:\Windows\ARJ.PIF
2015-11-12 01:28:58 ----D---- C:\Users\uzivatel\AppData\Roaming\Enigma Software Group
2015-11-12 01:28:52 ----D---- C:\sh4ldr
2015-11-12 01:28:32 ----A---- C:\Windows\system32\drivers\EsgScanner.sys
2015-11-12 01:28:28 ----D---- C:\Program Files\Enigma Software Group
2015-11-12 00:56:50 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2015-11-12 00:56:33 ----D---- C:\ProgramData\Malwarebytes
2015-11-12 00:56:33 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-12 00:56:33 ----A---- C:\Windows\system32\drivers\mwac.sys
2015-11-12 00:56:33 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2015-11-12 00:56:33 ----A---- C:\Windows\system32\drivers\mbam.sys
2015-10-29 16:01:13 ----HD---- C:\85220f50
2015-10-15 05:25:56 ----A---- C:\Windows\system32\invagent.dll
2015-10-15 05:25:56 ----A---- C:\Windows\system32\generaltel.dll
2015-10-15 05:25:56 ----A---- C:\Windows\system32\devinv.dll
2015-10-15 05:25:56 ----A---- C:\Windows\system32\CompatTelRunner.exe
2015-10-15 05:25:56 ----A---- C:\Windows\system32\appraiser.dll
2015-10-15 05:25:56 ----A---- C:\Windows\system32\aeinv.dll
2015-10-15 05:25:56 ----A---- C:\Windows\system32\acmigration.dll
2015-10-14 07:03:24 ----A---- C:\Windows\system32\ucrtbase.dll
2015-10-14 07:03:23 ----A---- C:\Windows\SYSWOW64\ucrtbase.dll
2015-10-14 07:03:23 ----A---- C:\Windows\SYSWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-14 07:03:23 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 07:03:23 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 07:03:23 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 07:03:23 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 07:03:23 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 07:03:23 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 07:03:23 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 07:03:23 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 07:03:23 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 07:03:23 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 07:03:23 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 07:03:23 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 07:03:23 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 07:03:23 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 07:03:23 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 07:03:23 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l2-1-0.dll
2015-10-14 07:03:23 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-timezone-l1-1-0.dll
2015-10-14 07:03:23 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-2-0.dll
2015-10-14 07:03:23 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-14 07:03:23 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-2-0.dll
2015-10-14 07:03:23 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-file-l2-1-0.dll
2015-10-14 07:03:23 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-2-0.dll
2015-10-14 07:03:23 ----A---- C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-14 07:03:23 ----A---- C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 07:03:23 ----A---- C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 07:03:23 ----A---- C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 07:03:23 ----A---- C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 07:03:23 ----A---- C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 07:03:23 ----A---- C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 07:03:23 ----A---- C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 07:03:23 ----A---- C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 07:03:23 ----A---- C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 07:03:23 ----A---- C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 07:03:23 ----A---- C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 07:03:23 ----A---- C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 07:03:23 ----A---- C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 07:03:23 ----A---- C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 07:03:23 ----A---- C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 07:03:23 ----A---- C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-10-14 07:03:23 ----A---- C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-10-14 07:03:23 ----A---- C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-10-14 07:03:23 ----A---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-14 07:03:23 ----A---- C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-10-14 07:03:23 ----A---- C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-10-14 07:03:23 ----A---- C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2015-10-14 06:59:53 ----A---- C:\Windows\system32\shell32.dll
2015-10-14 06:59:52 ----A---- C:\Windows\system32\ExplorerFrame.dll
2015-10-14 06:59:51 ----A---- C:\Windows\SYSWOW64\shell32.dll
2015-10-14 06:59:51 ----A---- C:\Windows\SYSWOW64\ExplorerFrame.dll
2015-10-14 06:59:37 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2015-10-14 06:59:37 ----A---- C:\Windows\system32\ieetwproxystub.dll
2015-10-14 06:59:37 ----A---- C:\Windows\system32\ieetwcollector.exe
2015-10-14 06:59:36 ----A---- C:\Windows\SYSWOW64\occache.dll
2015-10-14 06:59:36 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2015-10-14 06:59:36 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2015-10-14 06:59:36 ----A---- C:\Windows\system32\iernonce.dll
2015-10-14 06:59:36 ----A---- C:\Windows\system32\ie4uinit.exe
2015-10-14 06:59:35 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2015-10-14 06:59:35 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2015-10-14 06:59:35 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2015-10-14 06:59:35 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2015-10-14 06:59:35 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2015-10-14 06:59:35 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2015-10-14 06:59:35 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2015-10-14 06:59:35 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-10-14 06:59:33 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2015-10-14 06:59:33 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2015-10-14 06:59:33 ----A---- C:\Windows\SYSWOW64\jscript.dll
2015-10-14 06:59:33 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2015-10-14 06:59:33 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2015-10-14 06:59:33 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2015-10-14 06:59:33 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2015-10-14 06:59:33 ----A---- C:\Windows\system32\urlmon.dll
2015-10-14 06:59:33 ----A---- C:\Windows\system32\occache.dll
2015-10-14 06:59:33 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2015-10-14 06:59:33 ----A---- C:\Windows\system32\iedkcs32.dll
2015-10-14 06:59:32 ----A---- C:\Windows\SYSWOW64\ieui.dll
2015-10-14 06:59:32 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2015-10-14 06:59:32 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2015-10-14 06:59:32 ----A---- C:\Windows\system32\msfeeds.dll
2015-10-14 06:59:32 ----A---- C:\Windows\system32\dxtrans.dll
2015-10-14 06:59:31 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2015-10-14 06:59:31 ----A---- C:\Windows\system32\iesetup.dll
2015-10-14 06:59:31 ----A---- C:\Windows\system32\ieapfltr.dll
2015-10-14 06:59:29 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2015-10-14 06:59:29 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2015-10-14 06:59:29 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2015-10-14 06:59:29 ----A---- C:\Windows\system32\vbscript.dll
2015-10-14 06:59:29 ----A---- C:\Windows\system32\iertutil.dll
2015-10-14 06:59:28 ----A---- C:\Windows\SYSWOW64\wininet.dll
2015-10-14 06:59:28 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2015-10-14 06:59:28 ----A---- C:\Windows\system32\jsproxy.dll
2015-10-14 06:59:27 ----A---- C:\Windows\SYSWOW64\msrating.dll
2015-10-14 06:59:27 ----A---- C:\Windows\system32\ieui.dll
2015-10-14 06:59:27 ----A---- C:\Windows\system32\dxtmsft.dll
2015-10-14 06:59:26 ----A---- C:\Windows\system32\mshtmlmedia.dll
2015-10-14 06:59:26 ----A---- C:\Windows\system32\mshtmled.dll
2015-10-14 06:59:26 ----A---- C:\Windows\system32\ieframe.dll
2015-10-14 06:59:25 ----A---- C:\Windows\system32\webcheck.dll
2015-10-14 06:59:25 ----A---- C:\Windows\system32\jscript9diag.dll
2015-10-14 06:59:25 ----A---- C:\Windows\system32\jscript9.dll
2015-10-14 06:59:25 ----A---- C:\Windows\system32\jscript.dll
2015-10-14 06:59:25 ----A---- C:\Windows\system32\ieUnatt.exe
2015-10-14 06:59:24 ----A---- C:\Windows\system32\wininet.dll
2015-10-14 06:59:24 ----A---- C:\Windows\system32\MshtmlDac.dll
2015-10-14 06:59:23 ----A---- C:\Windows\system32\msrating.dll
2015-10-14 06:59:23 ----A---- C:\Windows\system32\mshtml.dll
2015-10-14 06:58:56 ----A---- C:\Windows\system32\wuaueng.dll
2015-10-14 06:58:55 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2015-10-14 06:58:55 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2015-10-14 06:58:55 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2015-10-14 06:58:55 ----A---- C:\Windows\system32\wuwebv.dll
2015-10-14 06:58:55 ----A---- C:\Windows\system32\wudriver.dll
2015-10-14 06:58:55 ----A---- C:\Windows\system32\wucltux.dll
2015-10-14 06:58:55 ----A---- C:\Windows\system32\wuauclt.exe
2015-10-14 06:58:55 ----A---- C:\Windows\system32\wuapi.dll
2015-10-14 06:58:54 ----A---- C:\Windows\SYSWOW64\wups.dll
2015-10-14 06:58:54 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2015-10-14 06:58:54 ----A---- C:\Windows\system32\wups2.dll
2015-10-14 06:58:54 ----A---- C:\Windows\system32\wups.dll
2015-10-14 06:58:54 ----A---- C:\Windows\system32\wuapp.exe
2015-10-14 06:58:54 ----A---- C:\Windows\system32\wu.upgrade.ps.dll
2015-10-14 06:58:54 ----A---- C:\Windows\system32\WinSetupUI.dll
2015-10-14 06:58:22 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-10-14 06:58:21 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2015-10-14 06:58:20 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2015-10-14 06:58:19 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2015-10-14 06:58:19 ----A---- C:\Windows\system32\lsasrv.dll
2015-10-14 06:58:19 ----A---- C:\Windows\system32\kernel32.dll
2015-10-14 06:58:19 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2015-10-14 06:58:19 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2015-10-14 06:58:18 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2015-10-14 06:58:16 ----A---- C:\Windows\system32\ntdll.dll
2015-10-14 06:58:14 ----A---- C:\Windows\system32\KernelBase.dll
2015-10-14 06:58:13 ----A---- C:\Windows\system32\wow64.dll
2015-10-14 06:58:12 ----A---- C:\Windows\SYSWOW64\schannel.dll
2015-10-14 06:58:12 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2015-10-14 06:58:12 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2015-10-14 06:58:12 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2015-10-14 06:58:12 ----A---- C:\Windows\system32\winsrv.dll
2015-10-14 06:58:12 ----A---- C:\Windows\system32\srcore.dll
2015-10-14 06:58:12 ----A---- C:\Windows\system32\schannel.dll
2015-10-14 06:58:12 ----A---- C:\Windows\system32\rstrui.exe
2015-10-14 06:58:12 ----A---- C:\Windows\system32\rpcrt4.dll
2015-10-14 06:58:12 ----A---- C:\Windows\system32\kerberos.dll
2015-10-14 06:58:12 ----A---- C:\Windows\system32\conhost.exe
2015-10-14 06:58:11 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2015-10-14 06:58:11 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2015-10-14 06:58:11 ----A---- C:\Windows\system32\wdigest.dll
2015-10-14 06:58:11 ----A---- C:\Windows\system32\TSpkg.dll
2015-10-14 06:58:11 ----A---- C:\Windows\system32\ncrypt.dll
2015-10-14 06:58:11 ----A---- C:\Windows\system32\msv1_0.dll
2015-10-14 06:58:10 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2015-10-14 06:58:10 ----A---- C:\Windows\SYSWOW64\setup16.exe
2015-10-14 06:58:10 ----A---- C:\Windows\system32\sspicli.dll
2015-10-14 06:58:10 ----A---- C:\Windows\system32\smss.exe
2015-10-14 06:58:10 ----A---- C:\Windows\system32\lsass.exe
2015-10-14 06:58:10 ----A---- C:\Windows\system32\auditpol.exe
2015-10-14 06:58:09 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2015-10-14 06:58:09 ----A---- C:\Windows\system32\srclient.dll
2015-10-14 06:58:08 ----A---- C:\Windows\SYSWOW64\srclient.dll
2015-10-14 06:58:08 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2015-10-14 06:58:08 ----A---- C:\Windows\system32\sspisrv.dll
2015-10-14 06:58:08 ----A---- C:\Windows\system32\ntvdm64.dll
2015-10-14 06:58:08 ----A---- C:\Windows\system32\csrsrv.dll
2015-10-14 06:58:08 ----A---- C:\Windows\system32\cryptbase.dll
2015-10-14 06:58:07 ----A---- C:\Windows\SYSWOW64\secur32.dll
2015-10-14 06:58:07 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2015-10-14 06:58:07 ----A---- C:\Windows\SYSWOW64\credssp.dll
2015-10-14 06:58:07 ----A---- C:\Windows\system32\wow64win.dll
2015-10-14 06:58:07 ----A---- C:\Windows\system32\wow64cpu.dll
2015-10-14 06:58:07 ----A---- C:\Windows\system32\secur32.dll
2015-10-14 06:58:07 ----A---- C:\Windows\system32\credssp.dll
2015-10-14 06:58:06 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2015-10-14 06:58:06 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2015-10-14 06:58:06 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2015-10-14 06:58:06 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2015-10-14 06:58:05 ----A---- C:\Windows\SYSWOW64\wow32.dll
2015-10-14 06:58:05 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2015-10-14 06:58:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2015-10-14 06:58:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-10-14 06:58:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2015-10-14 06:58:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-14 06:58:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-14 06:58:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-10-14 06:58:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2015-10-14 06:58:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-14 06:58:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-10-14 06:58:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-14 06:58:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-14 06:58:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-14 06:58:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-10-14 06:58:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-10-14 06:58:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-14 06:58:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-14 06:58:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2015-10-14 06:58:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-14 06:58:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-10-14 06:58:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-10-14 06:58:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2015-10-14 06:58:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-10-14 06:58:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-14 06:58:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-10-14 06:58:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-10-14 06:58:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-10-14 06:58:04 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-10-14 06:58:04 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-10-14 06:58:04 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-10-14 06:58:04 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-14 06:58:04 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-14 06:58:04 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-10-14 06:58:04 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-10-14 06:58:04 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-14 06:58:04 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-10-14 06:58:04 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-14 06:58:04 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-14 06:58:04 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-14 06:58:04 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-10-14 06:58:04 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-10-14 06:58:04 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-14 06:58:04 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-14 06:58:04 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-10-14 06:58:04 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-14 06:58:04 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-10-14 06:58:04 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-10-14 06:58:04 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-10-14 06:58:04 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-10-14 06:58:04 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-14 06:58:04 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-10-14 06:58:04 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-10-14 06:58:04 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-10-14 06:58:04 ----A---- C:\Windows\SYSWOW64\instnm.exe
2015-10-14 06:58:03 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2015-10-14 06:58:03 ----A---- C:\Windows\system32\apisetschema.dll
2015-10-14 06:58:00 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-10-14 06:58:00 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2015-10-14 06:58:00 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-10-14 06:58:00 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-10-14 06:58:00 ----A---- C:\Windows\SYSWOW64\user.exe
2015-10-14 06:58:00 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2015-10-14 06:58:00 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2015-10-14 06:58:00 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2015-10-14 06:58:00 ----A---- C:\Windows\system32\msobjs.dll
2015-10-14 06:58:00 ----A---- C:\Windows\system32\msaudite.dll
2015-10-14 06:58:00 ----A---- C:\Windows\system32\adtschema.dll
2015-10-14 06:56:20 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2015-10-14 06:56:19 ----A---- C:\Windows\system32\appidpolicyconverter.exe
2015-10-14 06:56:18 ----A---- C:\Windows\system32\appidsvc.dll
2015-10-14 06:56:18 ----A---- C:\Windows\system32\appidapi.dll
2015-10-14 06:56:14 ----A---- C:\Windows\system32\setbcdlocale.dll
2015-10-14 06:56:13 ----A---- C:\Windows\system32\appidcertstorecheck.exe
2015-10-14 06:56:09 ----A---- C:\Windows\system32\drivers\appid.sys

======List of files/folders modified in the last 1 month======

2015-11-12 11:08:06 ----D---- C:\ProgramData\clear.fi
2015-11-12 11:08:03 ----D---- C:\Windows\Temp
2015-11-12 11:07:52 ----D---- C:\Windows\system32\config
2015-11-12 11:07:05 ----A---- C:\Windows\SYSWOW64\log.txt
2015-11-12 11:03:42 ----D---- C:\Program Files
2015-11-12 10:50:03 ----D---- C:\Windows
2015-11-12 10:45:54 ----D---- C:\Users\uzivatel\AppData\Roaming\Skype
2015-11-12 10:43:40 ----D---- C:\Windows\system32\drivers
2015-11-12 10:43:37 ----D---- C:\Program Files (x86)\Google
2015-11-12 10:42:38 ----D---- C:\Windows\system32\Tasks
2015-11-12 10:42:25 ----D---- C:\Windows\System32
2015-11-12 10:33:13 ----D---- C:\ProgramData\Google
2015-11-12 10:33:12 ----SHD---- C:\Windows\Installer
2015-11-12 10:32:43 ----D---- C:\Windows\inf
2015-11-12 10:32:43 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-11-12 10:32:26 ----D---- C:\Program Files (x86)\Yahoo!
2015-11-12 10:32:25 ----D---- C:\ProgramData\Yahoo! Companion
2015-11-12 10:30:08 ----D---- C:\Windows\Prefetch
2015-11-12 01:26:57 ----D---- C:\Windows\ShellNew
2015-11-12 01:26:00 ----RD---- C:\Program Files (x86)
2015-11-12 00:56:33 ----HD---- C:\ProgramData
2015-11-11 12:24:50 ----D---- C:\Windows\system32\wbem
2015-11-11 12:24:05 ----D---- C:\Windows\registration
2015-11-10 11:44:51 ----D---- C:\Windows\system32\drivers\UMDF
2015-11-10 11:44:51 ----D---- C:\Users\uzivatel\AppData\Roaming\Seznam.cz
2015-11-10 11:44:36 ----D---- C:\ProgramData\Symantec
2015-11-10 11:44:35 ----SD---- C:\ProgramData\Microsoft
2015-11-10 11:44:35 ----D---- C:\ProgramData\CyberLink
2015-11-10 11:44:34 ----D---- C:\ProgramData\Acer
2015-11-10 11:44:01 ----SHD---- C:\$Recycle.Bin
2015-11-10 11:44:01 ----HD---- C:\OEM
2015-11-10 10:13:56 ----D---- C:\Windows\system32\NDF
2015-11-10 10:03:15 ----SHD---- C:\System Volume Information
2015-11-09 12:46:04 ----D---- C:\ProgramData\WildTangent
2015-11-09 12:45:56 ----D---- C:\ProgramData\Wild Tangent
2015-11-09 12:45:56 ----D---- C:\ProgramData\tmp
2015-11-09 12:45:29 ----D---- C:\ProgramData\oem
2015-11-09 12:45:28 ----D---- C:\ProgramData\NortonInstaller
2015-11-09 12:45:25 ----D---- C:\ProgramData\Motive
2015-11-09 12:44:57 ----D---- C:\ProgramData\EgisTec IPS
2015-11-09 12:44:53 ----D---- C:\ProgramData\AVAST Software
2015-11-09 12:41:10 ----A---- C:\log.txt.id-5903603701_helpme@freespeechmail.org
2015-11-09 12:39:39 ----D---- C:\Filmy
2015-11-09 12:39:39 ----AD---- C:\book
2015-11-09 12:39:37 ----D---- C:\Users\uzivatel\AppData\Roaming\.minecraft
2015-11-09 12:39:18 ----HD---- C:\$Windows.~BT
2015-11-08 08:06:41 ----D---- C:\Windows\SoftwareDistribution
2015-11-08 08:06:41 ----D---- C:\Windows\debug
2015-10-30 09:48:48 ----D---- C:\Users\uzivatel\AppData\Roaming\Vso
2015-10-29 16:28:44 ----D---- C:\Windows\system32\catroot2
2015-10-21 18:06:21 ----D---- C:\Windows\SysWOW64
2015-10-21 18:06:21 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2015-10-15 07:47:17 ----D---- C:\Windows\rescache
2015-10-15 05:28:26 ----D---- C:\Windows\winsxs
2015-10-15 05:28:11 ----SD---- C:\Windows\system32\CompatTel
2015-10-15 05:28:09 ----D---- C:\Windows\system32\appraiser
2015-10-15 05:28:09 ----D---- C:\Windows\AppPatch
2015-10-15 05:05:56 ----D---- C:\Program Files\Internet Explorer
2015-10-15 05:05:54 ----D---- C:\Windows\SYSWOW64\en-US
2015-10-15 05:05:54 ----D---- C:\Windows\SYSWOW64\cs-CZ
2015-10-15 05:05:51 ----D---- C:\Windows\system32\en-US
2015-10-15 05:05:51 ----D---- C:\Windows\system32\cs-CZ
2015-10-15 05:05:48 ----D---- C:\Program Files (x86)\Internet Explorer
2015-10-15 05:05:26 ----D---- C:\Windows\system32\CodeIntegrity
2015-10-15 05:05:26 ----D---- C:\Windows\system32\Boot
2015-10-14 18:05:49 ----D---- C:\Windows\system32\MRT
2015-10-14 17:59:30 ----A---- C:\Windows\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2015-11-12 65224]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2015-11-12 273784]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iaStor.sys [2010-04-13 540696]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2015-11-12 93528]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2015-11-12 1059656]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2015-11-12 449992]
R1 mwlPSDFilter;mwlPSDFilter; C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [2011-07-20 22648]
R1 mwlPSDNServ;mwlPSDNServ; C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [2011-07-20 20520]
R1 mwlPSDVDisk;mwlPSDVDisk; C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [2011-07-20 62776]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2015-11-12 28656]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2015-11-12 97648]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2015-11-12 154256]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2011-06-02 2750464]
R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2011-04-05 142632]
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\drivers\HECIx64.sys [2009-09-17 56344]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2010-07-20 10603904]
R3 Impcd;Impcd; C:\Windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-02-22 2750312]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60a.sys [2011-01-17 412712]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2015-10-05 25816]
R3 NTIDrvr;NTIDrvr; \??\C:\Windows\system32\drivers\NTIDrvr.sys [2011-03-10 18432]
R3 Sftfs;Sftfs; C:\Windows\system32\DRIVERS\Sftfslh.sys [2009-12-02 721768]
R3 Sftplay;Sftplay; C:\Windows\system32\DRIVERS\Sftplaylh.sys [2009-12-02 269672]
R3 Sftredir;Sftredir; C:\Windows\system32\DRIVERS\Sftredirlh.sys [2009-12-02 25960]
R3 Sftvol;Sftvol; C:\Windows\system32\DRIVERS\Sftvollh.sys [2009-12-02 22376]
R3 UBHelper;UBHelper; \??\C:\Windows\system32\drivers\UBHelper.sys [2011-03-10 17408]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl664.sys [2011-06-08 4729408]
S3 EsgScanner;EsgScanner; C:\Windows\system32\DRIVERS\EsgScanner.sys [2015-11-12 22704]
S3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [2015-10-05 63704]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2011-08-17 19968]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys [2011-08-17 27136]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2010-09-22 243712]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2011-08-17 9216]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2013-08-29 33280]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2011-08-17 9216]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-10-28 82128]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-11-12 174416]
R2 BBSvc;BingBar Service; C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe [2014-03-11 193696]
R2 cvhsvc;Client Virtualization Handler; C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DsiWMIService;Dritek WMI Service; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-07-01 353360]
R2 ePowerSvc;Acer ePower Service; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-05-10 872552]
R2 GREGService;GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-05-26 29696]
R2 HyperDeskCustomThemeEnabler;HyperDesk's Custom Theme Enabler; C:\Windows\Installer\MSI488A.tmp [2012-01-20 102400]
R2 Live Updater Service;Live Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-04-22 244624]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-03-18 268824]
R2 NOBU;Norton Online Backup; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-06-01 2804568]
R2 NTI IScheduleSvc;NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-04-24 256832]
R2 sftlist;Application Virtualization Client; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-02 483688]
R2 SpyHunter 4 Service;SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [2015-11-12 1026944]
R3 sftvsa;Application Virtualization Service Agent; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-02 209768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31 144200]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
S2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-10-05 1135416]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-07-09 327296]
S2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05 267440]
S3 BBUpdate;BBUpdate; C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe [2014-03-11 247968]
S3 EgisTec Ticket Service;EgisTec Ticket Service; C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-04-02 173424]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-09-24 655624]
S3 GamesAppIntegrationService;GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2014-04-28 227904]
S3 GamesAppService;GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2014-04-28 203344]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31 144200]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-09-16 114688]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-11-19 4925184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-12-21 1255736]
S3 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

-----------------EOF-----------------

[JaRon]

ahoj
hajzlik sa ukryva este tu:
C:\Users\uzivatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
4F1E.tmp
drzim palce v dekryptovani - niektore typy sa daju, ale uspesnost je stale nizka
prip. skus neslape.cz

[dokken]

díky!
soubor jsem smazal v nouzáku
a ted k tomu dekryptování, je nějaký návod jak na to?
Rakhnidecryptor nebo je ještě něco jinýho?
stále PC není nejsvižnější, Ccleaner nepomohl

[JaRon]

pozri toto http://www.itnews.sk/spravy/bezpecnost/ ... it-zadarmo
alebo utility od Kasperskyho
- na rychlost skus ADWCleaner - su tam nejake smeti

[dokken]

už to maká
Rakhni ten zasifrovanej soubor vubec neviděl, nebylo možný určit cestu
Rector už scanuje ale bejvalou fotku s připonou např. "2-15.jpg.id-5903603701_helpme@freespeechmail.org"
to nezachytí...tak nevím..rád bych dekryptoval ale nefunguje jaksi
http://support.kaspersky.com/viruses/utility

[JaRon]

ved prave preto som s Tebou nezdielal optimizmus typu "potom to dekryptujem"
osobne som prisiel do kontaktu s 3-mi typmi a ani jeden nebol uspesne odvsiveny
obrat sa neslape.cz - kolegom tam preslo rukami viac vzorkov ,,, uspesnost je podla DrWeb cca 15%

[dokken]

technická
na konci píšou dát normálně bod obnovení
?
http://howtoremove.guide/remove-helpme- ... org-virus/

[JaRon]

no skusit mozes dost casto virus body obnovy zmaze ,,,

[dokken]

http://www.bleepingcomputer.com/news/se ... -for-free/
vtip je v tom, že tahle příponu není v seznamu a musí se do pole zadat *.*
už to maká...uff

[stell]

Zdravim
Ak si sa spustil sam bez potrebnej znalosti problemu do desifrovania, tak ti prajem vela stastia.
Moj nazor je taky, ze ak aj najde Rakni heslo v .jpg a desifrujes subory, tak vsetky subory budu poskodene a necitatelne.
A ak si nastavil Rakni na zmazanie zasifrovanych suborov,tak mas smolu.
Dovod:
Neznalost problemu.
Pekny den
Neslape.cz