VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Prosím o kontrolu logu - reklamy a vyskakovací okna

https://forum.viry.cz:443/viewtopic.php?t=136591

Stránka 1 z 1

Prosím o kontrolu logu - reklamy a vyskakovací okna

Napsal: 03 bře 2014 13:48
od Mattel
Pěkný den,
prosím o kontrolu logu. Zobrazují se mi v prohlížečích reklamy a vyskakují okna s reklamou... Jako antivir běžně používám Aviru, projel jsem Online Scannerm Esetu, spustil jsem ADWCleaner, vše něco odstranilo, ale nic neřeší výše popsaný problém...
Děkuji za pomoc!

Logfile of random's system information tool 1.08 (written by random/random)
Run by Mattel at 2014-03-03 13:49:17
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 33 GB (33%) free of 100 GB
Total RAM: 4063 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:49:23, on 3.3.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16518)
Boot mode: Normal

Running processes:
C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTray.exe
C:\Users\Mattel\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
C:\Program Files (x86)\Opera Next\20.0.1387.59\opera.exe
C:\Program Files (x86)\Opera Next\20.0.1387.59\opera_crashreporter.exe
C:\Program Files (x86)\Opera Next\20.0.1387.59\opera.exe
C:\Program Files (x86)\Opera Next\20.0.1387.59\opera.exe
C:\Program Files (x86)\Opera Next\20.0.1387.59\opera.exe
C:\Program Files (x86)\Opera Next\20.0.1387.59\opera.exe
C:\Program Files (x86)\Opera Next\20.0.1387.59\opera.exe
C:\Program Files (x86)\Opera Next\20.0.1387.59\opera.exe
C:\Program Files (x86)\Opera Next\20.0.1387.59\opera.exe
C:\Program Files (x86)\Opera Next\20.0.1387.59\opera.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\Program Files\trend micro\Mattel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://expresradio.idnes.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://127.0.0.1:9880
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 127.94.0.1 client.openvpn.net
O1 - Hosts: 127.94.0.2 openvpn-client.otik.fnplzen.cz
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Pomocná služba pro přihlášení k účtu Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~2\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
O4 - HKCU\..\Run: [Copy] "C:\Users\Mattel\AppData\Roaming\Copy\CopyAgent.exe"
O4 - HKCU\..\Run: [Zoner Photo Studio Autoupdate] "C:\PROGRAM FILES\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Startup: Dropbox.lnk = Mattel\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
O8 - Extra context menu item: Nová poznámka - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{487A3504-D17D-4056-AA7D-551A77A821D3}: NameServer = 91.221.2.254,91.221.2.253
O17 - HKLM\System\CS1\Services\Tcpip\..\{487A3504-D17D-4056-AA7D-551A77A821D3}: NameServer = 91.221.2.254,91.221.2.253
O17 - HKLM\System\CS2\Services\Tcpip\..\{487A3504-D17D-4056-AA7D-551A77A821D3}: NameServer = 91.221.2.254,91.221.2.253
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Služba Acronis Scheduler2 (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Acronis Nonstop Backup Service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Service Host (Avira.OE.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 x64 (PSI_SVC_2_x64) - arvato digital services llc - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Acronis Sync Agent Service (syncagentsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WinRST - Unknown owner - C:\Program Files (x86)\WinRST\WinRST.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 11936 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
winlogon.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
atieclxx
"C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe"
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe 4082016
\??\C:\Windows\system32\conhost.exe "595445974-73286611-1095538636-173113832364450283415988083721418259271755444189
C:\Windows\System32\spoolsv.exe
"C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe"
"C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe"
"C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe"
"C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe"
"C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe"
"C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe"
"C:\Program Files\Sony\VAIO Power Management\SPMService.exe"
"C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe"
"C:\Program Files (x86)\WinRST\WinRST.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe"
WLIDSvcM.exe 2684
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe" avshadowcontrol0_00000778
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" /Start
"C:\Program Files\Apoint\Apoint.exe"
"C:\Users\Mattel\AppData\Roaming\Copy\CopyAgent.exe"
"C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTray.exe"
"C:\Users\Mattel\AppData\Roaming\Dropbox\bin\Dropbox.exe" /systemstartup
"C:\Program Files\Apoint\ApMsgFwd.exe" -s{05FA8492-C047-4207-BE65-780D8591C113}
"C:\Program Files\Apoint\Apvfb.exe"
"Apntex.exe"
\??\C:\Windows\system32\conhost.exe "-1333545346-1186133116-1449601647463780493657223171056617415-969273212137581354
"C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
"C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-c322c633-5c7f-4b76-9d29-b96cf90a2b2d -SystemEventPortName:HostProcess-46bdf082-2755-4b72-80c0-1d68b4e53db4 -IoCancelEventPortName:HostProcess-d3173541-18fa-4853-b98c-152c31398f22 -NonStateChangingEventPortName:HostProcess-756892ef-e931-4d59-832d-751d54f68f37 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:a16a7c5c-7515-4be2-b2eb-b21108f13593 -DeviceGroupId:WpdFsGroup
"C:\Program Files (x86)\Opera Next\20.0.1387.59\opera.exe" --ran-launcher
"C:\Program Files (x86)\Opera Next\20.0.1387.59\opera.exe" --ran-launcher /crash-reporter-parent-id=5092
"C:\Program Files (x86)\Opera Next\20.0.1387.59\opera.exe" --type=gpu-process --channel="5092.0.386742222\906254902" --crash-reporter-pid=5100 --disable-image-transport-surface --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,1,14,27 --gpu-vendor-id=0x1002 --gpu-device-id=0x9553 --gpu-driver-vendor="Advanced Micro Devices, Inc." --gpu-driver-version=8.970.100.7000 --crash-reporter-pid=5100 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Opera Next\20.0.1387.59\opera.exe" --type=renderer --disable-direct-npapi-requests --lang=cs --enable-threaded-compositing --enable-deadline-scheduling --disable-client-side-phishing-detection --disable-delegated-renderer --crash-reporter-pid=5100 --channel="5092.3.1876620626\505254418" /prefetch:673131151
"C:\Program Files (x86)\Opera Next\20.0.1387.59\opera.exe" --type=renderer --disable-direct-npapi-requests --lang=cs --enable-threaded-compositing --enable-deadline-scheduling --disable-client-side-phishing-detection --disable-delegated-renderer --crash-reporter-pid=5100 --channel="5092.4.1115644726\2002634471" /prefetch:673131151
"C:\Program Files (x86)\Opera Next\20.0.1387.59\opera.exe" --type=renderer --disable-direct-npapi-requests --lang=cs --enable-threaded-compositing --enable-deadline-scheduling --disable-client-side-phishing-detection --disable-delegated-renderer --crash-reporter-pid=5100 --channel="5092.5.568698871\116596360" /prefetch:673131151
"C:\Program Files (x86)\Opera Next\20.0.1387.59\opera.exe" --type=renderer --disable-direct-npapi-requests --lang=cs --enable-threaded-compositing --enable-deadline-scheduling --disable-client-side-phishing-detection --disable-delegated-renderer --crash-reporter-pid=5100 --channel="5092.6.1500568894\1802321678" /prefetch:673131151
"C:\Program Files (x86)\Opera Next\20.0.1387.59\opera.exe" --type=renderer --disable-direct-npapi-requests --lang=cs --enable-threaded-compositing --enable-deadline-scheduling --disable-client-side-phishing-detection --disable-delegated-renderer --crash-reporter-pid=5100 --channel="5092.7.130932514\1684567230" /prefetch:673131151
"C:\Program Files (x86)\Opera Next\20.0.1387.59\opera.exe" --type=renderer --disable-direct-npapi-requests --lang=cs --enable-threaded-compositing --enable-deadline-scheduling --disable-client-side-phishing-detection --disable-delegated-renderer --crash-reporter-pid=5100 --channel="5092.8.1528824711\146998087" /prefetch:673131151
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\sppsvc.exe
"C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe"
"C:\Program Files (x86)\Opera Next\20.0.1387.59\opera.exe" --type=plugin --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll" --lang=cs --channel="5092.16.641582657\1846947418" --crash-reporter-pid=5100 /prefetch:-390060480
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\SearchFilterHost.exe" 0 512 516 524 65536 520
"C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe" lng=1029
"C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe" "/base-dir=C:\Program Files (x86)\ESET\ESET Online Scanner" /lang=1029 /as
\??\C:\Windows\system32\conhost.exe "477430262-805421-1813988790-7842829261192832108243683251-1615662370842009349
"C:\Users\Mattel\Desktop\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 529664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office15\URLREDIR.DLL [2013-09-13 878296]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-09-10 461216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení k účtu Microsoft - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 441592]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92EF2EAD-A7CE-4424-B0DB-499CF856608E}]
Evernote extension - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-01-28 583520]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~2\Office15\URLREDIR.DLL [2013-09-13 705240]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~2\MICROS~2\Office15\GROOVEEX.DLL [2013-11-02 1727176]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-09-10 170912]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2009-09-25 208384]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2009-09-24 7938080]
"Skytel"=C:\Program Files\Realtek\Audio\HDA\Skytel.exe [2009-09-24 1833504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Copy"=C:\Users\Mattel\AppData\Roaming\Copy\CopyAgent.exe [2014-02-08 15501968]
"Zoner Photo Studio Autoupdate"=C:\PROGRAM FILES\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE [2013-12-13 831488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTibMounterMonitor]
C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [2013-01-10 1105328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMD AVT]
Cmd.exe /c start AMD Accelerated Video Transcoding device initialization /min C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe aml []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CNAP2 Launcher]
C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE [2010-10-15 226784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CorelDRAW Graphics Suite 11b]
C:\Program Files (x86)\Corel\Corel Graphics 12\Languages\CZ\Programs\Registration.exe [2004-06-23 729088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-07-03 3673184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DIMProbíhá stahování aktualizace...1338924290338]
C:\Program Files\Corel\CorelDRAW Graphics Suite X6\Draw\DIM.EXE [2012-02-23 237944]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-06-16 221184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [2004-06-16 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Služba Acronis Scheduler2]
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [2013-02-15 516928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
C:\Users\Mattel\AppData\Roaming\Spotify\Spotify.exe [2014-02-02 6118400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
C:\Users\Mattel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [2014-02-02 1171968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [2013-04-18 6391960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
C:\Users\Mattel\AppData\Roaming\uTorrent\uTorrent.exe [2014-02-06 905296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zoner Photo Studio Autoupdate]
C:\PROGRAM FILES\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE [2013-12-13 831488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zoner Photo Studio Service 16]
C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXE [2013-12-13 831488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Mersite Presence 3 Virtuální terminál.lnk]
C:\PROGRA~2\MERSIT~1\VIRTUA~1\PRESEN~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Mattel^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk]
C:\PROGRA~2\Evernote\Evernote\EVERNO~2.EXE [2014-01-28 1104736]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-11-16 641704]
"avgnt"=C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2013-12-09 684600]
"Avira Systray"=C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [2014-01-29 172600]

C:\Users\Mattel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\Mattel\AppData\Roaming\Dropbox\bin\Dropbox.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2014-03-03 13:49:17 ----D---- C:\rsit
2014-03-03 13:49:17 ----D---- C:\Program Files\trend micro
2014-03-03 13:40:09 ----D---- C:\AdwCleaner
2014-03-03 13:15:04 ----A---- C:\Windows\ntbtlog.txt
2014-03-03 09:10:14 ----D---- C:\Program Files (x86)\ESET
2014-03-02 20:14:43 ----D---- C:\Program Files (x86)\EASEUS
2014-03-02 20:11:12 ----D---- C:\ProgramData\TEMP
2014-03-02 20:10:24 ----D---- C:\Program Files (x86)\WinRST
2014-02-26 14:57:30 ----D---- C:\Program Files (x86)\Activision
2014-02-26 14:54:30 ----SHD---- C:\Windows\ftpcache
2014-02-26 14:15:58 ----D---- C:\Users\Mattel\AppData\Roaming\Poedit
2014-02-26 10:46:20 ----D---- C:\Program Files (x86)\OpenVPN Technologies
2014-02-26 08:34:37 ----A---- C:\Windows\SYSWOW64\mstscax.dll
2014-02-26 08:34:37 ----A---- C:\Windows\system32\mstscax.dll
2014-02-25 09:48:00 ----D---- C:\Users\Mattel\AppData\Roaming\Syncfusion
2014-02-25 09:47:00 ----D---- C:\Program Files (x86)\Syncfusion
2014-02-17 09:14:20 ----D---- C:\Program Files\Microsoft.NET
2014-02-17 09:11:14 ----A---- C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-02-17 09:11:12 ----A---- C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-02-17 09:11:12 ----A---- C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-02-17 09:11:12 ----A---- C:\Windows\system32\drivers\TsUsbFlt.sys
2014-02-17 09:11:11 ----A---- C:\Windows\SYSWOW64\wksprtPS.dll
2014-02-17 09:11:11 ----A---- C:\Windows\SYSWOW64\tsgqec.dll
2014-02-17 09:11:11 ----A---- C:\Windows\SYSWOW64\mstsc.exe
2014-02-17 09:11:11 ----A---- C:\Windows\SYSWOW64\MsRdpWebAccess.dll
2014-02-17 09:11:11 ----A---- C:\Windows\system32\wksprtPS.dll
2014-02-17 09:11:11 ----A---- C:\Windows\system32\wksprt.exe
2014-02-17 09:11:11 ----A---- C:\Windows\system32\TSWbPrxy.exe
2014-02-17 09:11:11 ----A---- C:\Windows\system32\tsgqec.dll
2014-02-17 09:11:11 ----A---- C:\Windows\system32\mstsc.exe
2014-02-17 09:11:11 ----A---- C:\Windows\system32\MsRdpWebAccess.dll
2014-02-17 09:11:10 ----A---- C:\Windows\SYSWOW64\rdvidcrl.dll
2014-02-17 09:11:10 ----A---- C:\Windows\system32\rdvidcrl.dll
2014-02-17 09:09:01 ----A---- C:\Windows\system32\TSWorkspace.dll
2014-02-17 09:09:00 ----A---- C:\Windows\SYSWOW64\TSWorkspace.dll
2014-02-13 19:13:06 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2014-02-13 19:13:06 ----A---- C:\Windows\system32\vbscript.dll
2014-02-13 18:32:22 ----A---- C:\Windows\SYSWOW64\msrating.dll
2014-02-13 18:32:22 ----A---- C:\Windows\system32\msrating.dll
2014-02-13 18:32:21 ----A---- C:\Windows\SYSWOW64\ieui.dll
2014-02-13 18:32:21 ----A---- C:\Windows\system32\ieui.dll
2014-02-13 18:32:20 ----A---- C:\Windows\system32\jsproxy.dll
2014-02-13 18:32:20 ----A---- C:\Windows\system32\iernonce.dll
2014-02-13 18:32:20 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-02-13 18:32:20 ----A---- C:\Windows\system32\ie4uinit.exe
2014-02-13 18:32:19 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2014-02-13 18:32:19 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2014-02-13 18:32:19 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2014-02-13 18:32:19 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2014-02-13 18:32:19 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2014-02-13 18:32:19 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2014-02-13 18:32:19 ----A---- C:\Windows\system32\msfeeds.dll
2014-02-13 18:32:19 ----A---- C:\Windows\system32\ieUnatt.exe
2014-02-13 18:32:19 ----A---- C:\Windows\system32\iesetup.dll
2014-02-13 18:32:17 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2014-02-13 18:32:17 ----A---- C:\Windows\system32\mshtml.dll
2014-02-13 18:32:17 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-02-13 18:32:17 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-02-13 18:32:16 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2014-02-13 18:32:16 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2014-02-13 18:32:16 ----A---- C:\Windows\system32\jscript9diag.dll
2014-02-13 18:32:16 ----A---- C:\Windows\system32\ieapfltr.dll
2014-02-13 18:32:15 ----A---- C:\Windows\SYSWOW64\wininet.dll
2014-02-13 18:32:15 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2014-02-13 18:32:15 ----A---- C:\Windows\system32\wininet.dll
2014-02-13 18:32:15 ----A---- C:\Windows\system32\urlmon.dll
2014-02-13 18:32:15 ----A---- C:\Windows\system32\iertutil.dll
2014-02-13 18:32:14 ----A---- C:\Windows\system32\ieframe.dll
2014-02-13 18:32:13 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2014-02-13 18:32:12 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-02-13 18:32:11 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2014-02-13 18:32:11 ----A---- C:\Windows\system32\jscript9.dll
2014-02-13 08:14:41 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
2014-02-13 08:14:41 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2014-02-13 08:14:41 ----A---- C:\Windows\system32\msxml3r.dll
2014-02-13 08:14:41 ----A---- C:\Windows\system32\msxml3.dll
2014-02-13 08:14:12 ----A---- C:\Windows\SYSWOW64\secproc_ssp_isv.dll
2014-02-13 08:14:12 ----A---- C:\Windows\SYSWOW64\secproc_ssp.dll
2014-02-13 08:14:12 ----A---- C:\Windows\SYSWOW64\secproc_isv.dll
2014-02-13 08:14:12 ----A---- C:\Windows\SYSWOW64\secproc.dll
2014-02-13 08:14:12 ----A---- C:\Windows\SYSWOW64\RMActivate_ssp_isv.exe
2014-02-13 08:14:12 ----A---- C:\Windows\SYSWOW64\RMActivate_ssp.exe
2014-02-13 08:14:12 ----A---- C:\Windows\SYSWOW64\RMActivate_isv.exe
2014-02-13 08:14:12 ----A---- C:\Windows\SYSWOW64\RMActivate.exe
2014-02-13 08:14:12 ----A---- C:\Windows\SYSWOW64\msdrm.dll
2014-02-13 08:14:12 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2014-02-13 08:14:12 ----A---- C:\Windows\system32\secproc_ssp.dll
2014-02-13 08:14:12 ----A---- C:\Windows\system32\secproc_isv.dll
2014-02-13 08:14:12 ----A---- C:\Windows\system32\secproc.dll
2014-02-13 08:14:12 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-13 08:14:12 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2014-02-13 08:14:12 ----A---- C:\Windows\system32\RMActivate_isv.exe
2014-02-13 08:14:12 ----A---- C:\Windows\system32\RMActivate.exe
2014-02-13 08:14:12 ----A---- C:\Windows\system32\msdrm.dll
2014-02-13 08:14:08 ----A---- C:\Windows\SYSWOW64\d3d10warp.dll
2014-02-13 08:14:08 ----A---- C:\Windows\SYSWOW64\d2d1.dll
2014-02-13 08:14:08 ----A---- C:\Windows\system32\d3d10warp.dll
2014-02-13 08:14:08 ----A---- C:\Windows\system32\d2d1.dll
2014-02-11 16:47:42 ----D---- C:\Windows\en
2014-02-11 16:47:30 ----D---- C:\Windows\cs
2014-02-11 16:46:54 ----D---- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-02-11 16:45:54 ----D---- C:\Program Files (x86)\Windows Live
2014-02-11 16:44:59 ----A---- C:\Windows\SYSWOW64\XAudio2_7.dll
2014-02-11 16:44:59 ----A---- C:\Windows\SYSWOW64\XAPOFX1_5.dll
2014-02-11 16:44:59 ----A---- C:\Windows\system32\XAudio2_7.dll
2014-02-11 16:44:59 ----A---- C:\Windows\system32\XAPOFX1_5.dll
2014-02-11 16:44:58 ----A---- C:\Windows\SYSWOW64\D3DCompiler_43.dll
2014-02-11 16:44:58 ----A---- C:\Windows\system32\D3DCompiler_43.dll
2014-02-11 16:44:57 ----A---- C:\Windows\SYSWOW64\d3dx11_43.dll
2014-02-11 16:44:57 ----A---- C:\Windows\system32\d3dx11_43.dll
2014-02-11 16:43:47 ----A---- C:\Windows\SYSWOW64\d3dx10_42.dll
2014-02-11 16:43:47 ----A---- C:\Windows\system32\d3dx10_42.dll
2014-02-11 16:43:08 ----A---- C:\Windows\SYSWOW64\d3dx9_32.dll
2014-02-11 16:43:08 ----A---- C:\Windows\system32\d3dx9_32.dll
2014-02-11 16:24:48 ----D---- C:\Users\Mattel\AppData\Roaming\FastStone
2014-02-11 16:23:21 ----D---- C:\Program Files (x86)\FastStone Capture
2014-02-11 13:54:12 ----D---- C:\Users\Mattel\AppData\Roaming\Mozilla
2014-02-10 14:55:44 ----D---- C:\ProgramData\regid.1986-12.com.adobe

======List of files/folders modified in the last 1 months======

2014-03-03 13:49:23 ----D---- C:\Windows\Temp
2014-03-03 13:49:17 ----RD---- C:\Program Files
2014-03-03 13:47:34 ----D---- C:\Users\Mattel\AppData\Roaming\Dropbox
2014-03-03 13:45:57 ----D---- C:\Users\Mattel\AppData\Roaming\Copy
2014-03-03 13:41:42 ----D---- C:\Windows\system32\config
2014-03-03 13:41:19 ----D---- C:\Windows\System32
2014-03-03 13:41:18 ----D---- C:\Windows\SysWOW64
2014-03-03 13:39:57 ----D---- C:\Users\Mattel\AppData\Roaming\Skype
2014-03-03 13:21:38 ----RD---- C:\Program Files (x86)
2014-03-03 13:15:04 ----D---- C:\Windows
2014-03-03 09:04:41 ----D---- C:\Windows\system32\Tasks
2014-03-03 09:04:37 ----D---- C:\Windows\Tasks
2014-03-03 09:03:46 ----SHD---- C:\System Volume Information
2014-03-02 20:14:43 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2014-03-02 20:11:12 ----HD---- C:\ProgramData
2014-03-02 20:09:31 ----D---- C:\Windows\inf
2014-03-02 20:09:31 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-03-02 20:03:08 ----D---- C:\Windows\system32\drivers
2014-03-02 15:57:14 ----D---- C:\Windows\rescache
2014-03-02 15:56:19 ----D---- C:\Windows\system32\catroot2
2014-02-28 14:35:38 ----D---- C:\Users\Mattel\AppData\Roaming\TeamViewer
2014-02-28 10:44:43 ----RSD---- C:\Windows\Fonts
2014-02-28 10:44:31 ----D---- C:\Program Files (x86)\TeamViewer
2014-02-28 09:31:47 ----D---- C:\Program Files (x86)\Opera Next
2014-02-27 19:05:29 ----D---- C:\Users\Mattel\AppData\Roaming\uTorrent
2014-02-26 14:31:14 ----SHD---- C:\Windows\Installer
2014-02-26 11:44:15 ----D---- C:\Windows\winsxs
2014-02-26 11:44:10 ----D---- C:\Windows\SYSWOW64\cs-CZ
2014-02-26 11:44:10 ----D---- C:\Windows\system32\cs-CZ
2014-02-26 10:46:30 ----D---- C:\Windows\system32\catroot
2014-02-26 10:46:29 ----D---- C:\Windows\system32\DriverStore
2014-02-26 08:39:51 ----D---- C:\Windows\Prefetch
2014-02-25 21:52:57 ----D---- C:\Program Files (x86)\Common Files
2014-02-23 17:18:34 ----D---- C:\Program Files (x86)\Opera Developer
2014-02-21 18:15:23 ----D---- C:\Program Files (x86)\SharePod
2014-02-20 14:50:00 ----SD---- C:\Users\Mattel\AppData\Roaming\Microsoft
2014-02-17 11:35:21 ----D---- C:\Windows\SYSWOW64\wbem
2014-02-17 11:35:21 ----D---- C:\Windows\system32\wbem
2014-02-17 11:35:21 ----D---- C:\Windows\system32\drivers\en-US
2014-02-17 09:14:54 ----RSD---- C:\Windows\assembly
2014-02-17 09:14:20 ----D---- C:\Program Files (x86)\Microsoft.NET
2014-02-17 09:11:02 ----D---- C:\ProgramData\Microsoft Help
2014-02-15 10:28:16 ----D---- C:\Users\Mattel\AppData\Roaming\Spotify
2014-02-15 03:05:57 ----D---- C:\Windows\Microsoft.NET
2014-02-15 03:03:22 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2014-02-13 19:30:04 ----D---- C:\Program Files\Internet Explorer
2014-02-13 19:30:04 ----D---- C:\Program Files (x86)\Internet Explorer
2014-02-13 19:22:51 ----A---- C:\Windows\win.ini
2014-02-11 16:46:18 ----SD---- C:\ProgramData\Microsoft
2014-02-11 16:45:37 ----D---- C:\Program Files\Common Files\Microsoft Shared
2014-02-11 16:44:14 ----D---- C:\ProgramData\Corel
2014-02-10 14:06:20 ----D---- C:\Windows\system32\drivers\UMDF

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 fltsrv;Acronis Storage Filter Management; C:\Windows\system32\DRIVERS\fltsrv.sys [2013-09-10 108832]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 snapman;Acronis Snapshots Manager; C:\Windows\system32\DRIVERS\snapman.sys [2013-09-10 233760]
R0 tib;Acronis TIB Manager; C:\Windows\system32\DRIVERS\tib.sys [2013-09-10 1120032]
R0 tib_mounter;Acronis TIB Mounter; C:\Windows\system32\DRIVERS\tib_mounter.sys [2013-09-10 183224]
R0 vididr;Acronis Virtual Disk; C:\Windows\system32\DRIVERS\vididr.sys [2013-09-10 161568]
R0 vidsflt;Acronis Disk Storage Filter; C:\Windows\system32\DRIVERS\vidsflt.sys [2013-09-10 117024]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2013-12-09 131576]
R1 avkmgr;avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [2013-12-09 28600]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-09-10 283064]
R1 truecrypt;truecrypt; C:\Windows\System32\drivers\truecrypt.sys [2013-09-10 231376]
R1 VBoxDrv;VirtualBox Service; C:\Windows\system32\DRIVERS\VBoxDrv.sys [2013-12-18 252688]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [2013-12-18 126736]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2013-12-09 108440]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimssn64.sys [2009-09-24 86528]
R3 afcdp;afcdp; C:\Windows\system32\DRIVERS\afcdp.sys [2013-09-10 367200]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-11-16 11922944]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-11-16 359936]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2009-09-25 250928]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2009-09-24 1822112]
R3 NETw5s64;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows 7 64 Bit; C:\Windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]
R3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIVX.sys [2009-09-25 201472]
R3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys [2010-11-20 109056]
R3 SFEP;Sony Firmware Extension Parser; C:\Windows\system32\DRIVERS\SFEP.sys [2007-08-03 11392]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2013-12-18 140560]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [2013-12-18 154896]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-11-16 11922944]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 64bitový systém Windows Vista; C:\Windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 tapoas;TAP-Win32 Adapter OAS; C:\Windows\system32\DRIVERS\tapoas.sys [2011-08-19 30720]
S3 tdrpman;Acronis Try&Decide and Restore Points filter; C:\Windows\system32\DRIVERS\tdrpman.sys [2013-09-10 1462560]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 VBoxUSB;VirtualBox USB; C:\Windows\System32\Drivers\VBoxUSB.sys [2013-12-18 113936]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcrSch2Svc;Služba Acronis Scheduler2; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [2013-02-15 1143720]
R2 afcdpsrv;Acronis Nonstop Backup Service; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2013-09-10 3779576]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-11-16 238080]
R2 AntiVirService;Avira Real-Time Protection; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-12-09 440376]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-12-09 440376]
R2 Avira.OE.ServiceHost;Avira Service Host; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [2014-01-29 109112]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2009-09-21 1420560]
R2 PSI_SVC_2_x64;Protexis Licensing V2 x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-11-30 336824]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2009-09-21 831760]
R2 RtkAudioService;Realtek Audio Service; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-09-24 189984]
R2 syncagentsrv;Acronis Sync Agent Service; C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2013-03-26 7091584]
R2 TeamViewer9;TeamViewer 9; C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-02-17 4915040]
R2 VAIO Event Service;VAIO Event Service; C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe [2009-07-01 204648]
R2 VAIO Power Management;VAIO Power Management; C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2009-08-22 411496]
R2 WinRST;WinRST; C:\Program Files (x86)\WinRST\WinRST.exe [2014-02-21 59904]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2012-07-17 2292480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-10 116648]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-10 116648]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-02-06 111616]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-12-08 178760]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2012-10-01 5132888]
S3 VsEtwService120;Visual Studio ETW Event Collection Service; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [2013-10-04 87728]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-09-10 1255736]
S4 AntiVirWebService;Avira Web Protection; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [2013-12-09 1011768]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

Re: Prosím o kontrolu logu - reklamy a vyskakovací okna

Napsal: 03 bře 2014 13:57
od vyosek
Zdravim :)

:arrow: Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu
  • Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
  • Do okna vlozte skript nize

  • Kód: Vybrat vše

    autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;
  • Nasledne kliknete na Run Script
  • PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

Re: Prosím o kontrolu logu - reklamy a vyskakovací okna

Napsal: 03 bře 2014 14:27
od Mattel
Díky za reakci! Výsledný log:


Zoek.exe v5.0.0.0 Updated 15-February-2014
Tool run by Mattel on po 03.03.2014 at 14:15:31,53.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Mattel\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

3.3.2014 14:18:16 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\ProgramData\rebootpending.txt deleted
C:\ProgramData\Package Cache deleted
"C:\Users\Mattel\AppData\Roaming\Poedit" deleted

==== Chrome Look ======================


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://expresradio.idnes.cz/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://expresradio.idnes.cz/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE11SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchT ... {startPage}"

==== Reset Google Chrome ======================

C:\Users\Mattel\AppData\Local\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Users\Mattel\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMD AVT deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Mattel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Mattel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Mattel\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=43 folders=66 130244959 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Users\Mattel\AppData\Local\Temp will be emptied at reboot
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Mattel\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found

==== EOF on po 03.03.2014 at 14:30:50,41 ======================

Re: Prosím o kontrolu logu - reklamy a vyskakovací okna

Napsal: 03 bře 2014 14:30
od vyosek
Dejte log dle tohoto http://forum.viry.cz/viewtopic.php?f=13&t=133100

Re: Prosím o kontrolu logu - reklamy a vyskakovací okna

Napsal: 03 bře 2014 14:38
od Mattel
Snad jsem pochopil návod správně :)

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-03-2014
Ran by Mattel (administrator) on MATTEL-VAIO on 03-03-2014 14:41:01
Running from C:\Users\Mattel\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(arvato digital services llc) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
() C:\Program Files (x86)\WinRST\WinRST.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(Barracuda Networks, Inc.) C:\Users\Mattel\AppData\Roaming\Copy\CopyAgent.exe
(ZONER software) C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTray.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apntex.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(Dropbox, Inc.) C:\Users\Mattel\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Opera Software) C:\Program Files (x86)\Opera Next\20.0.1387.59\opera.exe
() C:\Program Files (x86)\Opera Next\20.0.1387.59\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera Next\20.0.1387.59\opera.exe
(Opera Software) C:\Program Files (x86)\Opera Next\20.0.1387.59\opera.exe
(Opera Software) C:\Program Files (x86)\Opera Next\20.0.1387.59\opera.exe
(Opera Software) C:\Program Files (x86)\Opera Next\20.0.1387.59\opera.exe
(Opera Software) C:\Program Files (x86)\Opera Next\20.0.1387.59\opera.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Opera Software) C:\Program Files (x86)\Opera Next\20.0.1387.59\opera.exe
(Opera Software) C:\Program Files (x86)\Opera Next\20.0.1387.59\opera.exe
(Opera Software) C:\Program Files (x86)\Opera Next\20.0.1387.59\opera.exe
(forum.viry.cz) C:\Users\Mattel\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [208384 2009-09-25] (Alps Electric Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7938080 2009-09-24] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] - C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-09-24] (Realtek Semiconductor Corp.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-11-16] (Advanced Micro Devices, Inc.)
Winlogon\Notify\VESWinlogon-x32: VESWinlogon.dll [X]
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2014-01-27] (Microsoft Corporation)
HKU\S-1-5-19\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-1494506514-219362276-2470973743-1001\...\Run: [Copy] - C:\Users\Mattel\AppData\Roaming\Copy\CopyAgent.exe [15501968 2014-02-08] (Barracuda Networks, Inc.)
HKU\S-1-5-21-1494506514-219362276-2470973743-1001\...\Run: [Zoner Photo Studio Autoupdate] - C:\PROGRAM FILES\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE [831488 2013-12-13] (ZONER software)
HKU\S-1-5-21-1494506514-219362276-2470973743-1001\...\MountPoints2: {6606f454-19e4-11e3-b41c-0024be783304} - F:\Setup\rsrc\autorun.exe
Startup: C:\Users\Mattel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Mattel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

ProxyServer: http=http://127.0.0.1:9880
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchT ... {startPage}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchT ... {startPage}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Pomocná služba pro přihlášení k účtu Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{487A3504-D17D-4056-AA7D-551A77A821D3}: [NameServer]91.221.2.254,91.221.2.253

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.13.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.13.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppluginrichmediaplayer.dll ()
FF Extension: Pirrit Suggestor - C:\Users\Mattel\AppData\Roaming\Mozilla\Firefox\profiles\extensions\suggestor@suggestor.pirrit.com.xpi [2014-03-02]

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (Google Docs) - C:\Users\Mattel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-03]
CHR Extension: (Google Drive) - C:\Users\Mattel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-03]
CHR Extension: (YouTube) - C:\Users\Mattel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-03]
CHR Extension: (Google Search) - C:\Users\Mattel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-03]
CHR Extension: (Google Wallet) - C:\Users\Mattel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-10]
CHR Extension: (Gmail) - C:\Users\Mattel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-03]

==================== Services (Whitelisted) =================

R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [189984 2009-09-24] (Realtek Semiconductor)
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-04] (Microsoft Corporation)
R2 WinRST; C:\Program Files (x86)\WinRST\WinRST.exe [59904 2014-02-21] ()

==================== Drivers (Whitelisted) ====================

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-09-10] (Disc Soft Ltd)
S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2011-08-19] (The OpenVPN Project)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2013-09-10] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2013-09-10] (Acronis)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [113936 2013-12-18] (Oracle Corporation)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2013-09-10] (Acronis International GmbH)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-03 14:41 - 2014-03-03 14:41 - 00012012 _____ () C:\Users\Mattel\Desktop\FRST.txt
2014-03-03 14:40 - 2014-03-03 14:41 - 00000000 ____D () C:\FRST
2014-03-03 14:40 - 2014-03-03 14:40 - 00112640 _____ (forum.viry.cz) C:\Users\Mattel\Desktop\FRSTLauncher.exe
2014-03-03 14:39 - 2014-03-03 14:39 - 02156544 _____ (Farbar) C:\Users\Mattel\Desktop\FRST64.exe
2014-03-03 14:35 - 2014-03-03 14:35 - 01581384 _____ (ESET) C:\Users\Mattel\Desktop\eset_smart_security_live_installer_.exe
2014-03-03 14:28 - 2014-03-03 14:15 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-03-03 14:17 - 2014-03-03 14:30 - 00005714 _____ () C:\zoek-results.log
2014-03-03 14:17 - 2014-03-03 14:17 - 00832273 _____ () C:\Users\Mattel\Desktop\RSITx64 (1).exe
2014-03-03 14:10 - 2014-03-03 14:26 - 00000000 ____D () C:\zoek_backup
2014-03-03 14:08 - 2014-03-03 14:08 - 01284608 _____ () C:\Users\Mattel\Desktop\zoek.exe
2014-03-03 13:49 - 2014-03-03 13:49 - 00832273 _____ () C:\Users\Mattel\Desktop\RSITx64.exe
2014-03-03 13:49 - 2014-03-03 13:49 - 00000000 ____D () C:\rsit
2014-03-03 13:49 - 2014-03-03 13:49 - 00000000 ____D () C:\Program Files\trend micro
2014-03-03 13:40 - 2014-03-03 13:46 - 00000000 ____D () C:\AdwCleaner
2014-03-03 13:38 - 2014-03-03 13:38 - 01244192 _____ () C:\Users\Mattel\Desktop\adwcleaner (1).exe
2014-03-03 09:10 - 2014-03-03 09:10 - 02347384 _____ (ESET) C:\Users\Mattel\Desktop\esetsmartinstaller_csy.exe
2014-03-03 09:10 - 2014-03-03 09:10 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-03-02 20:14 - 2014-03-02 20:14 - 00000000 ____D () C:\Program Files (x86)\EASEUS
2014-03-02 20:10 - 2014-03-02 20:10 - 00000000 ____D () C:\Users\Mattel\AppData\Local\WinRST
2014-03-02 20:10 - 2014-03-02 20:10 - 00000000 ____D () C:\Program Files (x86)\WinRST
2014-02-26 14:57 - 2014-02-26 14:57 - 00000000 ____D () C:\Program Files (x86)\Activision
2014-02-26 14:54 - 2014-02-26 14:54 - 00000000 __SHD () C:\Windows\ftpcache
2014-02-26 14:49 - 2014-02-26 15:02 - 00000000 ____D () C:\Users\Mattel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-02-26 10:46 - 2014-02-26 10:46 - 00000000 ____D () C:\Program Files (x86)\OpenVPN Technologies
2014-02-26 08:34 - 2014-01-09 03:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-02-26 08:34 - 2014-01-03 23:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-02-25 15:55 - 2014-02-25 15:55 - 00000000 ____D () C:\Users\Mattel\AppData\OICE_15_974FA576_32C1D314_E43
2014-02-25 09:48 - 2014-02-25 09:48 - 00000000 ____D () C:\Users\Mattel\AppData\Roaming\Syncfusion
2014-02-25 09:47 - 2014-02-25 09:47 - 00000000 ____D () C:\Users\Mattel\AppData\Local\Syncfusion
2014-02-25 09:47 - 2014-02-25 09:47 - 00000000 ____D () C:\Program Files (x86)\Syncfusion
2014-02-17 09:35 - 2014-02-17 09:35 - 00052730 _____ () C:\Windows\FontData.fdb
2014-02-17 09:11 - 2013-10-02 03:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-02-17 09:11 - 2013-10-02 03:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-02-17 09:11 - 2013-10-02 03:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-02-17 09:11 - 2013-10-02 02:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-02-17 09:11 - 2013-10-02 02:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-02-17 09:11 - 2013-10-02 02:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-02-17 09:11 - 2013-10-02 02:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-02-17 09:11 - 2013-10-02 01:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-02-17 09:11 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-02-17 09:11 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-02-17 09:11 - 2013-10-02 01:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-02-17 09:11 - 2013-10-02 01:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-02-17 09:11 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-02-17 09:11 - 2013-10-02 00:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-02-17 09:11 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-02-17 09:11 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-02-17 09:09 - 2013-09-25 03:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-02-17 09:09 - 2013-09-25 02:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-02-13 19:13 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-13 19:13 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-13 18:32 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-13 18:32 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-13 18:32 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-13 18:32 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-13 18:32 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-13 18:32 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-13 18:32 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-13 18:32 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-13 18:32 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-13 18:32 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-13 18:32 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-13 18:32 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-13 18:32 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-13 18:32 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-13 18:32 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-13 18:32 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-13 18:32 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-13 18:32 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-13 18:32 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-13 18:32 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-13 18:32 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-13 18:32 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-13 18:32 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-13 18:32 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-13 18:32 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-13 18:32 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-13 18:32 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-13 18:32 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-13 18:32 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-13 18:32 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-13 18:32 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-13 18:32 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-13 18:32 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-13 18:32 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-13 18:32 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-13 18:32 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-13 18:32 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-13 18:32 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-13 18:32 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-13 08:14 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-13 08:14 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-13 08:14 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-13 08:14 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-13 08:14 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-13 08:14 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-13 08:14 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-13 08:14 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-13 08:14 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-13 08:14 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-13 08:14 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-13 08:14 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-13 08:14 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-13 08:14 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-13 08:14 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-13 08:14 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-13 08:14 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-13 08:14 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-13 08:14 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-13 08:14 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-13 08:14 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-13 08:14 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-13 08:14 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-13 08:14 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-13 08:14 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-13 08:14 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-13 08:14 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-13 08:14 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-12 09:15 - 2014-02-12 09:15 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-02-12 09:15 - 2014-02-12 09:15 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-02-11 16:47 - 2014-02-11 16:47 - 00000000 ____D () C:\Windows\en
2014-02-11 16:47 - 2014-02-11 16:47 - 00000000 ____D () C:\Windows\cs
2014-02-11 16:46 - 2014-02-11 16:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-02-11 16:45 - 2014-02-11 16:46 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-02-11 16:44 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2014-02-11 16:44 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2014-02-11 16:44 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2014-02-11 16:44 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2014-02-11 16:44 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2014-02-11 16:44 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2014-02-11 16:44 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2014-02-11 16:44 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2014-02-11 16:43 - 2014-02-11 16:43 - 00000197 _____ () C:\Windows\DirectX.log
2014-02-11 16:43 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2014-02-11 16:43 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2014-02-11 16:43 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2014-02-11 16:43 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2014-02-11 16:41 - 2014-02-11 16:52 - 00000000 ____D () C:\Users\Mattel\AppData\Local\Windows Live
2014-02-11 16:24 - 2014-02-11 16:24 - 00000000 ____D () C:\Users\Mattel\AppData\Roaming\FastStone
2014-02-11 16:24 - 2014-02-11 16:24 - 00000000 ____D () C:\Users\Mattel\AppData\Local\FastStone
2014-02-11 16:23 - 2014-02-11 16:23 - 00000000 ____D () C:\Program Files (x86)\FastStone Capture
2014-02-11 13:54 - 2014-03-02 20:10 - 00000000 ____D () C:\Users\Mattel\AppData\Roaming\Mozilla
2014-02-11 13:53 - 2014-02-11 13:53 - 00000000 ____D () C:\Users\Mattel\AppData\Local\Light
2014-02-10 15:01 - 2014-02-25 18:06 - 00000132 _____ () C:\Users\Mattel\AppData\Roaming\Adobe Formát PNG CS5 – předvolby
2014-02-10 14:55 - 2014-02-10 14:55 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-02-10 14:06 - 2014-02-10 14:06 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-02-10 09:51 - 2014-02-10 09:51 - 00000000 ____D () C:\Users\Mattel\Documents\Corel User Files
2014-02-09 21:36 - 2014-02-09 21:36 - 00000000 ____D () C:\Users\Mattel\Desktop\12
2014-02-07 10:53 - 2014-02-28 11:42 - 00002314 ____H () C:\Users\Mattel\Documents\Default.rdp
2014-02-06 17:39 - 2014-02-20 19:35 - 00000000 ____D () C:\Users\Mattel\AppData\Local\CutePDF Writer
2014-02-03 08:55 - 2014-02-28 15:39 - 00000000 ____D () C:\Users\Mattel\AppData\Local\CrashDumps
2014-02-02 11:25 - 2014-02-14 21:19 - 00000000 ____D () C:\Users\Mattel\AppData\Local\Spotify
2014-02-02 11:25 - 2014-02-02 11:25 - 00001807 _____ () C:\Users\Mattel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-02-02 11:23 - 2014-02-15 10:28 - 00000000 ____D () C:\Users\Mattel\AppData\Roaming\Spotify

==================== One Month Modified Files and Folders =======

2014-03-03 14:41 - 2014-03-03 14:41 - 00012012 _____ () C:\Users\Mattel\Desktop\FRST.txt
2014-03-03 14:41 - 2014-03-03 14:40 - 00000000 ____D () C:\FRST
2014-03-03 14:40 - 2014-03-03 14:40 - 00112640 _____ (forum.viry.cz) C:\Users\Mattel\Desktop\FRSTLauncher.exe
2014-03-03 14:39 - 2014-03-03 14:39 - 02156544 _____ (Farbar) C:\Users\Mattel\Desktop\FRST64.exe
2014-03-03 14:38 - 2009-07-14 05:45 - 00015504 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-03 14:38 - 2009-07-14 05:45 - 00015504 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-03 14:35 - 2014-03-03 14:35 - 01581384 _____ (ESET) C:\Users\Mattel\Desktop\eset_smart_security_live_installer_.exe
2014-03-03 14:35 - 2013-09-09 22:09 - 01136761 _____ () C:\Windows\WindowsUpdate.log
2014-03-03 14:32 - 2014-01-27 11:55 - 00000000 ____D () C:\Users\Mattel\AppData\Roaming\Copy
2014-03-03 14:32 - 2013-09-10 08:04 - 00000000 ____D () C:\Users\Mattel\AppData\Roaming\Dropbox
2014-03-03 14:30 - 2014-03-03 14:17 - 00005714 _____ () C:\zoek-results.log
2014-03-03 14:30 - 2013-09-10 00:27 - 00000948 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-03 14:29 - 2013-09-10 06:09 - 00331142 _____ () C:\Windows\PFRO.log
2014-03-03 14:29 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-03 14:29 - 2009-07-14 05:51 - 00031139 _____ () C:\Windows\setupact.log
2014-03-03 14:26 - 2014-03-03 14:10 - 00000000 ____D () C:\zoek_backup
2014-03-03 14:17 - 2014-03-03 14:17 - 00832273 _____ () C:\Users\Mattel\Desktop\RSITx64 (1).exe
2014-03-03 14:15 - 2014-03-03 14:28 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-03-03 14:10 - 2013-09-10 00:27 - 00000952 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-03 14:08 - 2014-03-03 14:08 - 01284608 _____ () C:\Users\Mattel\Desktop\zoek.exe
2014-03-03 13:49 - 2014-03-03 13:49 - 00832273 _____ () C:\Users\Mattel\Desktop\RSITx64.exe
2014-03-03 13:49 - 2014-03-03 13:49 - 00000000 ____D () C:\rsit
2014-03-03 13:49 - 2014-03-03 13:49 - 00000000 ____D () C:\Program Files\trend micro
2014-03-03 13:46 - 2014-03-03 13:40 - 00000000 ____D () C:\AdwCleaner
2014-03-03 13:39 - 2013-09-10 08:33 - 00000000 ____D () C:\Users\Mattel\AppData\Roaming\Skype
2014-03-03 13:38 - 2014-03-03 13:38 - 01244192 _____ () C:\Users\Mattel\Desktop\adwcleaner (1).exe
2014-03-03 09:10 - 2014-03-03 09:10 - 02347384 _____ (ESET) C:\Users\Mattel\Desktop\esetsmartinstaller_csy.exe
2014-03-03 09:10 - 2014-03-03 09:10 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-03-02 20:14 - 2014-03-02 20:14 - 00000000 ____D () C:\Program Files (x86)\EASEUS
2014-03-02 20:14 - 2013-09-09 22:42 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-02 20:10 - 2014-03-02 20:10 - 00000000 ____D () C:\Users\Mattel\AppData\Local\WinRST
2014-03-02 20:10 - 2014-03-02 20:10 - 00000000 ____D () C:\Program Files (x86)\WinRST
2014-03-02 20:10 - 2014-02-11 13:54 - 00000000 ____D () C:\Users\Mattel\AppData\Roaming\Mozilla
2014-03-02 20:09 - 2014-01-27 13:45 - 00000000 ____D () C:\Users\Mattel\.VirtualBox
2014-03-02 20:09 - 2009-07-14 16:18 - 00672372 _____ () C:\Windows\system32\perfh005.dat
2014-03-02 20:09 - 2009-07-14 16:18 - 00143028 _____ () C:\Windows\system32\perfc005.dat
2014-03-02 20:09 - 2009-07-14 06:13 - 01593258 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-02 15:57 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-03-01 11:42 - 2013-09-09 22:14 - 00000000 ____D () C:\Users\Mattel
2014-02-28 18:10 - 2014-01-31 09:27 - 00000000 ____D () C:\Users\Mattel\Documents\Visual Studio 2013
2014-02-28 15:39 - 2014-02-03 08:55 - 00000000 ____D () C:\Users\Mattel\AppData\Local\CrashDumps
2014-02-28 15:36 - 2009-07-14 05:45 - 00562672 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-28 14:35 - 2014-01-31 18:29 - 00000000 ____D () C:\Users\Mattel\AppData\Roaming\TeamViewer
2014-02-28 11:56 - 2013-09-09 22:35 - 00114592 _____ () C:\Users\Mattel\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-28 11:42 - 2014-02-07 10:53 - 00002314 ____H () C:\Users\Mattel\Documents\Default.rdp
2014-02-28 10:44 - 2013-09-09 23:29 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-02-28 09:31 - 2013-09-09 22:45 - 00000000 ____D () C:\Program Files (x86)\Opera Next
2014-02-27 19:05 - 2013-09-09 23:27 - 00000000 ____D () C:\Users\Mattel\AppData\Roaming\uTorrent
2014-02-27 11:00 - 2013-09-09 22:27 - 00000000 ____D () C:\Users\Mattel\AppData\Local\GHISLER
2014-02-26 15:02 - 2014-02-26 14:49 - 00000000 ____D () C:\Users\Mattel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-02-26 14:57 - 2014-02-26 14:57 - 00000000 ____D () C:\Program Files (x86)\Activision
2014-02-26 14:54 - 2014-02-26 14:54 - 00000000 __SHD () C:\Windows\ftpcache
2014-02-26 10:46 - 2014-02-26 10:46 - 00000000 ____D () C:\Program Files (x86)\OpenVPN Technologies
2014-02-25 18:06 - 2014-02-10 15:01 - 00000132 _____ () C:\Users\Mattel\AppData\Roaming\Adobe Formát PNG CS5 – předvolby
2014-02-25 15:55 - 2014-02-25 15:55 - 00000000 ____D () C:\Users\Mattel\AppData\OICE_15_974FA576_32C1D314_E43
2014-02-25 09:48 - 2014-02-25 09:48 - 00000000 ____D () C:\Users\Mattel\AppData\Roaming\Syncfusion
2014-02-25 09:47 - 2014-02-25 09:47 - 00000000 ____D () C:\Users\Mattel\AppData\Local\Syncfusion
2014-02-25 09:47 - 2014-02-25 09:47 - 00000000 ____D () C:\Program Files (x86)\Syncfusion
2014-02-23 17:18 - 2013-09-10 08:30 - 00000000 ____D () C:\Program Files (x86)\Opera Developer
2014-02-21 18:15 - 2014-01-27 08:40 - 00000000 ____D () C:\Program Files (x86)\SharePod
2014-02-20 19:35 - 2014-02-06 17:39 - 00000000 ____D () C:\Users\Mattel\AppData\Local\CutePDF Writer
2014-02-17 09:35 - 2014-02-17 09:35 - 00052730 _____ () C:\Windows\FontData.fdb
2014-02-17 09:11 - 2013-09-10 09:45 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-15 10:28 - 2014-02-02 11:23 - 00000000 ____D () C:\Users\Mattel\AppData\Roaming\Spotify
2014-02-15 03:03 - 2013-09-10 09:49 - 01568908 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-14 21:19 - 2014-02-02 11:25 - 00000000 ____D () C:\Users\Mattel\AppData\Local\Spotify
2014-02-14 21:05 - 2013-09-10 00:27 - 00003948 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-14 21:05 - 2013-09-10 00:27 - 00003696 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-13 19:22 - 2009-07-14 03:34 - 00000478 _____ () C:\Windows\win.ini
2014-02-12 09:15 - 2014-02-12 09:15 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-02-12 09:15 - 2014-02-12 09:15 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-02-11 16:52 - 2014-02-11 16:41 - 00000000 ____D () C:\Users\Mattel\AppData\Local\Windows Live
2014-02-11 16:47 - 2014-02-11 16:47 - 00000000 ____D () C:\Windows\en
2014-02-11 16:47 - 2014-02-11 16:47 - 00000000 ____D () C:\Windows\cs
2014-02-11 16:46 - 2014-02-11 16:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-02-11 16:46 - 2014-02-11 16:45 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-02-11 16:45 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-02-11 16:44 - 2013-09-10 12:28 - 00000000 ____D () C:\ProgramData\Corel
2014-02-11 16:43 - 2014-02-11 16:43 - 00000197 _____ () C:\Windows\DirectX.log
2014-02-11 16:24 - 2014-02-11 16:24 - 00000000 ____D () C:\Users\Mattel\AppData\Roaming\FastStone
2014-02-11 16:24 - 2014-02-11 16:24 - 00000000 ____D () C:\Users\Mattel\AppData\Local\FastStone
2014-02-11 16:23 - 2014-02-11 16:23 - 00000000 ____D () C:\Program Files (x86)\FastStone Capture
2014-02-11 13:53 - 2014-02-11 13:53 - 00000000 ____D () C:\Users\Mattel\AppData\Local\Light
2014-02-10 14:55 - 2014-02-10 14:55 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-02-10 14:06 - 2014-02-10 14:06 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-02-10 09:51 - 2014-02-10 09:51 - 00000000 ____D () C:\Users\Mattel\Documents\Corel User Files
2014-02-09 21:36 - 2014-02-09 21:36 - 00000000 ____D () C:\Users\Mattel\Desktop\12
2014-02-07 14:06 - 2013-09-10 12:31 - 00000000 ____D () C:\Users\Mattel\Documents\Corel
2014-02-06 13:16 - 2014-02-13 18:32 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 12:30 - 2014-02-13 18:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 12:30 - 2014-02-13 18:32 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 12:12 - 2014-02-13 18:32 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 12:07 - 2014-02-13 18:32 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 12:06 - 2014-02-13 18:32 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 11:57 - 2014-02-13 18:32 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 11:56 - 2014-02-13 18:32 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 11:52 - 2014-02-13 18:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 11:49 - 2014-02-13 18:32 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 11:48 - 2014-02-13 18:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 11:48 - 2014-02-13 18:32 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 11:38 - 2014-02-13 18:32 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 11:32 - 2014-02-13 18:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 11:20 - 2014-02-13 18:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 11:17 - 2014-02-13 18:32 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 11:11 - 2014-02-13 18:32 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 11:01 - 2014-02-13 18:32 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 11:00 - 2014-02-13 18:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-13 18:32 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 10:57 - 2014-02-13 18:32 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 10:52 - 2014-02-13 18:32 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 10:52 - 2014-02-13 18:32 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 10:50 - 2014-02-13 18:32 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 10:49 - 2014-02-13 18:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 10:47 - 2014-02-13 18:32 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 10:46 - 2014-02-13 18:32 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 10:25 - 2014-02-13 18:32 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 10:25 - 2014-02-13 18:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 10:24 - 2014-02-13 18:32 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 10:22 - 2014-02-13 18:32 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 10:13 - 2014-02-13 18:32 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 10:09 - 2014-02-13 18:32 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 10:03 - 2014-02-13 18:32 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 09:55 - 2014-02-13 18:32 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 09:41 - 2014-02-13 18:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 09:40 - 2014-02-13 18:32 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 09:36 - 2014-02-13 18:32 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 09:34 - 2014-02-13 18:32 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-02 11:25 - 2014-02-02 11:25 - 00001807 _____ () C:\Users\Mattel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-02 15:48




===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: (SYSTEM) (Fixed) (Total:97.56 GB) (Free:35.88 GB) NTFS
Drive d: (DATA) (Fixed) (Total:368.1 GB) (Free:108.9 GB) NTFS
Drive g: (READYBOOST) (Removable) (Total:7.19 GB) (Free:3.19 GB) FAT32

Available physical RAM: 2291.16 MB
Total physical RAM: 4063.03 MB
Percentage of memory in use: 43%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: CF36C47E)
Disk: 2 (Size: 7 GB) (Disk ID: C8946CFA)

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Mattel\Desktop" je 1666 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTibMounterMonitor
C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CNAP2 Launcher
C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CorelDRAW Graphics Suite 11b
C:\Program Files (x86)\Corel\Corel Graphics 12\Languages\CZ\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=021114 serial=DR12CNC-8301292-WBN lang=CZ [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DIMProb�h� stahov�n� aktualizace...1338924290338
"C:\Program Files\Corel\CorelDRAW Graphics Suite X6\Draw\DIM.EXE" "c:\programdata\corel\downloads\540240626_310002\1338924290338\dim_params.xml" -Launch=3 -uibase="c:\users\mattel\appdata\roaming\corel\messages\540240626_310002\cz\messagecache2\workflow" [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup
C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler
"C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Slu�ba Acronis Scheduler2
"C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify
"C:\Users\Mattel\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper
"C:\Users\Mattel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe
"C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent
"C:\Users\Mattel\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zoner Photo Studio Autoupdate
"C:\PROGRAM FILES\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zoner Photo Studio Service 16
"C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXEC:\Program Files\Zoner\Photo Studio 16\Program32\ZPSService.exe" [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Mersite Presence 3 Virtu�ln� termin�l.lnk
C:\PROGRA~2\MERSIT~1\VIRTUA~1\PRESEN~1.EXE [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Mattel^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk
C:\PROGRA~2\Evernote\Evernote\EVERNO~2.EXE


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
DoNotAllowExceptions REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
DoNotAllowExceptions REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Re: Prosím o kontrolu logu - reklamy a vyskakovací okna

Napsal: 06 bře 2014 00:07
od vyosek
:arrow: Tvorba fixlistu pro FRST
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    Start
HKU\S-1-5-21-1494506514-219362276-2470973743-1001\...\Run: [Zoner Photo Studio Autoupdate] - C:\PROGRAM FILES\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE [831488 2013-12-13] (ZONER software)
HKU\S-1-5-21-1494506514-219362276-2470973743-1001\...\MountPoints2: {6606f454-19e4-11e3-b41c-0024be783304} - F:\Setup\rsrc\autorun.exe

ProxyServer: http=http://127.0.0.1:9880
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}

FF Extension: Pirrit Suggestor - C:\Users\Mattel\AppData\Roaming\Mozilla\Firefox\profiles\extensions\suggestor@suggestor.pirrit.com.xpi [2014-03-02]

2014-03-03 14:35 - 2014-03-03 14:35 - 01581384 _____ (ESET) C:\Users\Mattel\Desktop\eset_smart_security_live_installer_.exe
2014-03-03 14:28 - 2014-03-03 14:15 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-03-03 14:17 - 2014-03-03 14:30 - 00005714 _____ () C:\zoek-results.log
2014-03-03 14:17 - 2014-03-03 14:17 - 00832273 _____ () C:\Users\Mattel\Desktop\RSITx64 (1).exe
2014-03-03 14:10 - 2014-03-03 14:26 - 00000000 ____D () C:\zoek_backup
2014-03-03 14:08 - 2014-03-03 14:08 - 01284608 _____ () C:\Users\Mattel\Desktop\zoek.exe
2014-03-03 13:49 - 2014-03-03 13:49 - 00832273 _____ () C:\Users\Mattel\Desktop\RSITx64.exe
2014-03-03 13:38 - 2014-03-03 13:38 - 01244192 _____ () C:\Users\Mattel\Desktop\adwcleaner (1).exe
2014-03-03 09:10 - 2014-03-03 09:10 - 02347384 _____ (ESET) C:\Users\Mattel\Desktop\esetsmartinstaller_csy.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CorelDRAW Graphics Suite 11b" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DIMProb�h� stahov�n� aktualizace...1338924290338" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zoner Photo Studio Autoupdate" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zoner Photo Studio Service 16" /f

Hosts:
CMD: shutdown /r /f /t 2

End
  • Ulozte vytvoreny TXT jako fixlist.txt
  • Presunte vytvoreny fixlist vedle FRST
:arrow: Spustte znovu FRST.exe
  • Kliknete na Fix
  • Probehne oprava a vytvori log Fixlog.txt
:arrow: Restart PC a dejte mi sem fixlog.txt
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz