NTB chvíli po zapnutí zatuhá, v nouzovém režimu jede.
Napsal: 05 zář 2014 17:48
Dobrý den,
prosím o radu. Můj druhý NTB se pár minut po startu zpomalí až do stavu, kdy je zcela nepoužitelný. Kurzor po obrazovce běhá, ale lišta windows nereaguje, ikony na ploše se sice zvýrazní ale nic víc se neděje. Pokud se mi podaří ještě před zámrzem něco zpustit, pouští se to tak 3 minuty. V nouzovém režimu ale vše funguje bez viditelnějších problémů.
Zkoušel jsem CCleaner, ComboFix, ADWcleaner ale nic se nezměnilo. Spybot nic nenašel. Přikládám logy a prosím o pomoc...
ComboFix:
ADWcleaner:
RSIT:
prosím o radu. Můj druhý NTB se pár minut po startu zpomalí až do stavu, kdy je zcela nepoužitelný. Kurzor po obrazovce běhá, ale lišta windows nereaguje, ikony na ploše se sice zvýrazní ale nic víc se neděje. Pokud se mi podaří ještě před zámrzem něco zpustit, pouští se to tak 3 minuty. V nouzovém režimu ale vše funguje bez viditelnějších problémů.
Zkoušel jsem CCleaner, ComboFix, ADWcleaner ale nic se nezměnilo. Spybot nic nenašel. Přikládám logy a prosím o pomoc...
ComboFix:
Kód: Vybrat vše
ComboFix 14-08-31.01 - Giel 03.09.2014 20:55:56.3.4 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4010.2994 [GMT 2:00]
Spuštěný z: F:\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-08-03 do 2014-09-03 )))))))))))))))))))))))))))))))
.
.
2014-09-03 19:01 . 2014-09-03 19:01 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-09-03 19:01 . 2014-09-03 19:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-03 18:00 . 2014-09-03 18:22 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-09-03 17:09 . 2014-09-03 17:09 -------- d-----w- c:\users\Giel\AppData\Local\Avg2013
2014-09-03 14:46 . 2014-09-03 14:46 -------- d-----w- C:\found.000
2014-08-29 15:56 . 2014-08-29 15:56 50976 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2014-08-29 07:14 . 2014-08-29 07:14 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-08-28 09:05 . 2014-08-23 00:59 3163648 ----a-w- c:\windows\system32\win32k.sys
2014-08-28 09:05 . 2014-08-23 02:07 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-28 09:05 . 2014-08-23 01:45 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-14 05:37 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-14 05:37 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-08-14 05:37 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-08-14 05:37 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-08-14 05:37 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-14 05:37 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-08-14 05:36 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-08-14 05:36 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-13 21:40 . 2014-06-16 02:10 985536 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-08-13 21:38 . 2014-07-14 02:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-08-13 21:38 . 2014-07-14 01:40 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-08-13 21:38 . 2014-08-07 02:06 529920 ----a-w- c:\windows\system32\aepdu.dll
2014-08-13 21:38 . 2014-08-07 02:01 424448 ----a-w- c:\windows\system32\aeinv.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-03 14:50 . 2012-06-20 15:37 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-14 07:17 . 2012-04-18 15:42 99218768 ----a-w- c:\windows\system32\MRT.exe
2014-07-09 14:24 . 2012-05-04 09:40 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-09 14:24 . 2012-05-04 09:40 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-06-18 02:18 . 2014-07-10 07:40 692736 ----a-w- c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-10 07:40 646144 ----a-w- c:\windows\SysWow64\osk.exe
2014-06-06 10:10 . 2014-07-10 07:40 624128 ----a-w- c:\windows\system32\qedit.dll
2014-06-06 09:44 . 2014-07-10 07:40 509440 ----a-w- c:\windows\SysWow64\qedit.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-11 3672384]
"HP Officejet 6700 (NET)"="c:\program files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe" [2011-09-09 2676584]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-07-24 21653096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"RemoteControl10"="c:\program files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe" [2010-09-20 87336]
.
c:\users\Giel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Sledovat výstrahy inkoustu - HP Officejet 6700 (Síť).lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Officejet 6700\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN2BE9QGVN05RQ;CONNECTION=NW;MONITOR=1; [2009-7-14 45568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]
R2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
R2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
R2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R3 AMPPAL;Virtuální adaptér Intel(R) Centrino(R) Bluetooth 3.0 + High Speed;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
R3 AMPPALP;Protokol Intel(R) Centrino(R) Bluetooth 3.0 + High Speed;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 SGDrv;SGDrv;c:\windows\system32\DRIVERS\SGdrv64.sys;c:\windows\SYSNATIVE\DRIVERS\SGdrv64.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-15 06:18 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-09-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 14:24]
.
2014-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-27 17:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-12 12558440]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-03-30 10372368]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-07-18 391960]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-07-18 168216]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-07-18 418584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2014-09-03 21:03:59
ComboFix-quarantined-files.txt 2014-09-03 19:03
.
Před spuštěním: Volných bajtů: 231 275 634 688
Po spuštění: Volných bajtů: 230 996 205 568
.
- - End Of File - - 769C714E70D75FE9D5E4B24D92CE5FAE
Kód: Vybrat vše
# AdwCleaner v3.308 - Report created 04/09/2014 at 21:42:58
# Updated 20/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Giel - GIEL-PC
# Running from : C:\Users\Giel\Desktop\adwcleaner_3.308.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17239
-\\ Google Chrome v36.0.1985.143
[ File : C:\Users\Giel\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [1706 octets] - [04/09/2014 21:40:20]
AdwCleaner[S0].txt - [1631 octets] - [04/09/2014 21:42:58]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1691 octets] ##########
Kód: Vybrat vše
Logfile of random's system information tool 1.10 (written by random/random)
Run by Giel at 2014-09-05 18:24:23
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 220 GB (79%) free of 278 GB
Total RAM: 4010 MB (86% free)
HijackThis download failed
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\Explorer.EXE
ctfmon.exe
C:\windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
"F:\RSITx64.exe"
C:\windows\system32\wbem\wmiprvse.exe
======Scheduled tasks folder======
C:\windows\tasks\Adobe Flash Player Updater.job - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14 2117216]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14 1709152]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-07-12 12558440]
"BTMTrayAgent"=C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [2011-03-30 10372368]
"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2011-07-18 391960]
"IgfxTray"=C:\windows\system32\igfxtray.exe [2011-07-18 168216]
"Persistence"=C:\windows\system32\igfxpers.exe [2011-07-18 418584]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2012-04-11 3672384]
"HP Officejet 6700 (NET)"=C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2011-09-09 2676584]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-07-24 21653096]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Report"=C:\AdwCleaner\AdwCleaner[S0].txt [2014-09-04 1787]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-04-03 1840720]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [2007-05-14 644696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ETDCtrl]
C:\Program Files\Elantech\ETDCtrl.exe [2011-06-17 2721576]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]
"HP Software Update"=C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2011-03-24 49208]
""= []
"CLMLServer"=C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2009-11-02 103720]
"Norton Online Backup"=C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2010-06-01 1155928]
"RemoteControl10"=C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe [2010-09-20 87336]
C:\Users\Giel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Sledovat výstrahy inkoustu - HP Officejet 6700 (Síť).lnk - C:\windows\system32\RunDll32.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\Windows\System32\nvinitx.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2010-12-16 384000]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MSIServer]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 month======
2014-09-05 18:24:24 ----D---- C:\Program Files\trend micro
2014-09-05 18:24:23 ----D---- C:\rsit
2014-09-04 21:46:51 ----A---- C:\AdwCleaner[S0].txt
2014-09-04 21:40:16 ----D---- C:\AdwCleaner
2014-09-03 21:04:03 ----SHD---- C:\$RECYCLE.BIN
2014-09-03 21:04:00 ----A---- C:\ComboFix.txt
2014-09-03 20:54:01 ----D---- C:\Qoobox
2014-09-03 20:51:16 ----A---- C:\windows\ntbtlog.txt
2014-09-03 20:00:16 ----D---- C:\ProgramData\Spybot - Search & Destroy
2014-09-03 19:12:01 ----A---- C:\windows\zip.exe
2014-09-03 19:12:01 ----A---- C:\windows\SWSC.exe
2014-09-03 19:12:01 ----A---- C:\windows\SWREG.exe
2014-09-03 19:12:01 ----A---- C:\windows\sed.exe
2014-09-03 19:12:01 ----A---- C:\windows\PEV.exe
2014-09-03 19:12:01 ----A---- C:\windows\NIRCMD.exe
2014-09-03 19:12:01 ----A---- C:\windows\MBR.exe
2014-09-03 19:12:01 ----A---- C:\windows\grep.exe
2014-09-03 17:24:42 ----A---- C:\windows\system32\avgrep.txt
2014-09-03 17:06:27 ----D---- C:\windows\erdnt
2014-09-03 16:48:10 ----N---- C:\bootsqm.dat
2014-09-03 16:46:44 ----D---- C:\found.000
2014-08-29 17:56:19 ----A---- C:\windows\system32\drivers\avgtpx64.sys
2014-08-28 11:05:16 ----A---- C:\windows\system32\win32k.sys
2014-08-28 11:05:15 ----A---- C:\windows\SYSWOW64\gdi32.dll
2014-08-28 11:05:15 ----A---- C:\windows\system32\gdi32.dll
2014-08-14 07:37:11 ----A---- C:\windows\SYSWOW64\infocardapi.dll
2014-08-14 07:37:11 ----A---- C:\windows\SYSWOW64\icardagt.exe
2014-08-14 07:37:11 ----A---- C:\windows\system32\infocardapi.dll
2014-08-14 07:37:11 ----A---- C:\windows\system32\icardagt.exe
2014-08-14 07:37:10 ----A---- C:\windows\SYSWOW64\icardres.dll
2014-08-14 07:37:10 ----A---- C:\windows\system32\icardres.dll
2014-08-14 07:36:40 ----A---- C:\windows\SYSWOW64\TsWpfWrp.exe
2014-08-14 07:36:40 ----A---- C:\windows\system32\TsWpfWrp.exe
2014-08-13 23:41:10 ----A---- C:\windows\SYSWOW64\KBDYAK.DLL
2014-08-13 23:41:10 ----A---- C:\windows\SYSWOW64\KBDTAT.DLL
2014-08-13 23:41:10 ----A---- C:\windows\SYSWOW64\KBDRU1.DLL
2014-08-13 23:41:10 ----A---- C:\windows\SYSWOW64\KBDRU.DLL
2014-08-13 23:41:10 ----A---- C:\windows\SYSWOW64\KBDBASH.DLL
2014-08-13 23:41:10 ----A---- C:\windows\system32\KBDYAK.DLL
2014-08-13 23:41:10 ----A---- C:\windows\system32\KBDTAT.DLL
2014-08-13 23:41:10 ----A---- C:\windows\system32\KBDRU1.DLL
2014-08-13 23:41:10 ----A---- C:\windows\system32\KBDRU.DLL
2014-08-13 23:41:10 ----A---- C:\windows\system32\KBDBASH.DLL
2014-08-13 23:41:06 ----A---- C:\windows\SYSWOW64\tzres.dll
2014-08-13 23:41:06 ----A---- C:\windows\system32\tzres.dll
2014-08-13 23:41:04 ----A---- C:\windows\system32\msi.dll
2014-08-13 23:41:03 ----A---- C:\windows\SYSWOW64\msi.dll
2014-08-13 23:41:03 ----A---- C:\windows\SYSWOW64\authui.dll
2014-08-13 23:41:03 ----A---- C:\windows\system32\authui.dll
2014-08-13 23:41:02 ----A---- C:\windows\SYSWOW64\msihnd.dll
2014-08-13 23:41:02 ----A---- C:\windows\system32\msihnd.dll
2014-08-13 23:41:02 ----A---- C:\windows\system32\consent.exe
2014-08-13 23:40:58 ----A---- C:\windows\system32\drivers\dxgkrnl.sys
2014-08-13 23:40:57 ----A---- C:\windows\system32\shell32.dll
2014-08-13 23:40:56 ----A---- C:\windows\SYSWOW64\shell32.dll
2014-08-13 23:40:50 ----A---- C:\windows\SYSWOW64\urlmon.dll
2014-08-13 23:40:50 ----A---- C:\windows\SYSWOW64\mshtmled.dll
2014-08-13 23:40:50 ----A---- C:\windows\SYSWOW64\jscript9diag.dll
2014-08-13 23:40:50 ----A---- C:\windows\SYSWOW64\JavaScriptCollectionAgent.dll
2014-08-13 23:40:50 ----A---- C:\windows\SYSWOW64\iernonce.dll
2014-08-13 23:40:50 ----A---- C:\windows\SYSWOW64\ieetwproxystub.dll
2014-08-13 23:40:50 ----A---- C:\windows\SYSWOW64\dxtmsft.dll
2014-08-13 23:40:50 ----A---- C:\windows\system32\JavaScriptCollectionAgent.dll
2014-08-13 23:40:50 ----A---- C:\windows\system32\ieetwproxystub.dll
2014-08-13 23:40:49 ----A---- C:\windows\SYSWOW64\mshtml.dll
2014-08-13 23:40:49 ----A---- C:\windows\SYSWOW64\msfeeds.dll
2014-08-13 23:40:48 ----A---- C:\windows\SYSWOW64\jsproxy.dll
2014-08-13 23:40:48 ----A---- C:\windows\SYSWOW64\iesetup.dll
2014-08-13 23:40:48 ----A---- C:\windows\SYSWOW64\iertutil.dll
2014-08-13 23:40:48 ----A---- C:\windows\SYSWOW64\iedkcs32.dll
2014-08-13 23:40:48 ----A---- C:\windows\system32\urlmon.dll
2014-08-13 23:40:48 ----A---- C:\windows\system32\iernonce.dll
2014-08-13 23:40:48 ----A---- C:\windows\system32\ieetwcollectorres.dll
2014-08-13 23:40:48 ----A---- C:\windows\system32\ie4uinit.exe
2014-08-13 23:40:47 ----A---- C:\windows\SYSWOW64\ieui.dll
2014-08-13 23:40:47 ----A---- C:\windows\SYSWOW64\dxtrans.dll
2014-08-13 23:40:47 ----A---- C:\windows\system32\msfeeds.dll
2014-08-13 23:40:47 ----A---- C:\windows\system32\ieetwcollector.exe
2014-08-13 23:40:47 ----A---- C:\windows\system32\dxtmsft.dll
2014-08-13 23:40:46 ----A---- C:\windows\SYSWOW64\ieframe.dll
2014-08-13 23:40:46 ----A---- C:\windows\system32\iesetup.dll
2014-08-13 23:40:46 ----A---- C:\windows\system32\iedkcs32.dll
2014-08-13 23:40:44 ----A---- C:\windows\SYSWOW64\vbscript.dll
2014-08-13 23:40:44 ----A---- C:\windows\SYSWOW64\mshtmlmedia.dll
2014-08-13 23:40:44 ----A---- C:\windows\SYSWOW64\jscript9.dll
2014-08-13 23:40:44 ----A---- C:\windows\SYSWOW64\ieUnatt.exe
2014-08-13 23:40:44 ----A---- C:\windows\SYSWOW64\ieapfltr.dll
2014-08-13 23:40:44 ----A---- C:\windows\system32\iertutil.dll
2014-08-13 23:40:43 ----A---- C:\windows\SYSWOW64\wininet.dll
2014-08-13 23:40:43 ----A---- C:\windows\SYSWOW64\MshtmlDac.dll
2014-08-13 23:40:43 ----A---- C:\windows\system32\jsproxy.dll
2014-08-13 23:40:42 ----A---- C:\windows\SYSWOW64\msrating.dll
2014-08-13 23:40:41 ----A---- C:\windows\system32\ieui.dll
2014-08-13 23:40:41 ----A---- C:\windows\system32\ieframe.dll
2014-08-13 23:40:41 ----A---- C:\windows\system32\dxtrans.dll
2014-08-13 23:40:40 ----A---- C:\windows\system32\mshtmlmedia.dll
2014-08-13 23:40:40 ----A---- C:\windows\system32\mshtmled.dll
2014-08-13 23:40:40 ----A---- C:\windows\system32\jscript9diag.dll
2014-08-13 23:40:40 ----A---- C:\windows\system32\jscript9.dll
2014-08-13 23:40:40 ----A---- C:\windows\system32\ieUnatt.exe
2014-08-13 23:40:39 ----A---- C:\windows\system32\wininet.dll
2014-08-13 23:40:39 ----A---- C:\windows\system32\vbscript.dll
2014-08-13 23:40:39 ----A---- C:\windows\system32\ieapfltr.dll
2014-08-13 23:40:38 ----A---- C:\windows\system32\MsSpellCheckingFacility.exe
2014-08-13 23:40:38 ----A---- C:\windows\system32\msrating.dll
2014-08-13 23:40:38 ----A---- C:\windows\system32\MshtmlDac.dll
2014-08-13 23:40:38 ----A---- C:\windows\system32\mshtml.dll
2014-08-13 23:38:47 ----A---- C:\windows\SYSWOW64\rpcrt4.dll
2014-08-13 23:38:47 ----A---- C:\windows\system32\rpcrt4.dll
2014-08-13 23:38:45 ----A---- C:\windows\system32\aepdu.dll
2014-08-13 23:38:45 ----A---- C:\windows\system32\aeinv.dll
======List of files/folders modified in the last 1 month======
2014-09-05 18:24:24 ----RD---- C:\Program Files
2014-09-05 18:24:24 ----D---- C:\windows\Temp
2014-09-04 21:50:18 ----D---- C:\windows\Prefetch
2014-09-04 21:45:56 ----D---- C:\Users\Giel\AppData\Roaming\Skype
2014-09-03 21:14:24 ----D---- C:\Windows
2014-09-03 21:04:02 ----D---- C:\windows\system32\drivers
2014-09-03 21:02:57 ----D---- C:\windows\Tasks
2014-09-03 21:01:28 ----A---- C:\windows\system.ini
2014-09-03 20:59:41 ----D---- C:\windows\SYSWOW64\drivers
2014-09-03 20:59:41 ----D---- C:\windows\SysWOW64
2014-09-03 20:59:41 ----D---- C:\windows\AppPatch
2014-09-03 20:59:40 ----D---- C:\Program Files (x86)\Common Files
2014-09-03 20:36:13 ----D---- C:\windows\inf
2014-09-03 20:25:54 ----D---- C:\windows\system32\config
2014-09-03 20:23:41 ----D---- C:\Config.Msi
2014-09-03 20:22:31 ----D---- C:\windows\SoftwareDistribution
2014-09-03 20:18:48 ----D---- C:\ProgramData
2014-09-03 20:16:14 ----D---- C:\Program Files (x86)
2014-09-03 20:14:13 ----SHD---- C:\windows\Installer
2014-09-03 20:14:13 ----D---- C:\Program Files (x86)\Windows Live
2014-09-03 20:13:47 ----D---- C:\Program Files (x86)\Samsung
2014-09-03 20:12:43 ----RSD---- C:\windows\assembly
2014-09-03 20:10:32 ----D---- C:\Program Files\Windows Live
2014-09-03 20:05:40 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2014-09-03 20:04:02 ----D---- C:\windows\system32\Tasks
2014-09-03 19:19:29 ----D---- C:\windows\system32\drivers\etc
2014-09-03 19:09:58 ----D---- C:\ProgramData\MFAData
2014-09-03 17:34:20 ----SD---- C:\ProgramData\Microsoft
2014-09-03 17:24:42 ----D---- C:\windows\System32
2014-09-03 17:13:01 ----D---- C:\Program Files\Google
2014-09-03 17:13:01 ----D---- C:\Program Files (x86)\Google
2014-09-03 17:07:57 ----A---- C:\windows\system32\PerfStringBackup.INI
2014-09-03 17:01:35 ----D---- C:\windows\debug
2014-08-31 13:37:44 ----A---- C:\windows\SYSWOW64\log.txt
2014-08-29 09:14:19 ----D---- C:\ProgramData\Skype
2014-08-29 09:11:50 ----D---- C:\windows\winsxs
2014-08-29 07:58:18 ----SHD---- C:\System Volume Information
2014-08-28 11:00:29 ----D---- C:\windows\system32\catroot
2014-08-23 22:04:10 ----D---- C:\Users\Giel\AppData\Roaming\HpUpdate
2014-08-22 11:19:13 ----D---- C:\windows\system32\catroot2
2014-08-15 08:18:41 ----D---- C:\windows\ehome
2014-08-14 14:19:47 ----D---- C:\windows\rescache
2014-08-14 10:21:50 ----D---- C:\windows\Microsoft.NET
2014-08-14 09:52:57 ----RSD---- C:\windows\Fonts
2014-08-14 09:52:55 ----D---- C:\windows\SYSWOW64\cs-CZ
2014-08-14 09:52:55 ----D---- C:\windows\system32\cs-CZ
2014-08-14 09:52:54 ----D---- C:\Program Files\Internet Explorer
2014-08-14 09:52:53 ----D---- C:\windows\SYSWOW64\en-US
2014-08-14 09:52:53 ----D---- C:\windows\system32\en-US
2014-08-14 09:52:53 ----D---- C:\windows\PolicyDefinitions
2014-08-14 09:52:52 ----D---- C:\Program Files (x86)\Internet Explorer
2014-08-14 09:36:24 ----D---- C:\ProgramData\Microsoft Help
2014-08-14 09:23:01 ----D---- C:\windows\system32\MRT
2014-08-14 09:17:29 ----A---- C:\windows\system32\MRT.exe
2014-08-14 07:35:53 ----SD---- C:\windows\system32\CompatTel
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2011-02-18 439320]
R0 nvpciflt;nvpciflt; C:\windows\system32\DRIVERS\nvpciflt.sys [2012-10-08 30056]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 avgtp;avgtp; \??\C:\windows\system32\drivers\avgtpx64.sys [2014-08-29 50976]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-04-17 283200]
R2 SGDrv;SGDrv; C:\windows\system32\DRIVERS\SGdrv64.sys [2011-04-11 7680]
R3 ETD;ELAN PS/2 Port Input Device; C:\windows\system32\DRIVERS\ETD.sys [2011-06-17 186152]
R3 MEIx64;Intel(R) Management Engine Interface; C:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S1 SABI;SAMSUNG Kernel Driver For Windows 7; \??\C:\windows\system32\Drivers\SABI.sys [2011-07-30 13824]
S1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2011-01-25 60416]
S3 AMPPAL;Virtuální adaptér Intel(R) Centrino(R) Bluetooth 3.0 + High Speed; C:\windows\system32\DRIVERS\AMPPAL.sys [2011-04-21 294912]
S3 AMPPALP;Protokol Intel(R) Centrino(R) Bluetooth 3.0 + High Speed; C:\windows\system32\DRIVERS\amppal.sys [2011-04-21 294912]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 btmaux;Intel Bluetooth Auxiliary Service; C:\windows\system32\DRIVERS\btmaux.sys [2011-03-08 51712]
S3 btmhsf;btmhsf; C:\windows\system32\DRIVERS\btmhsf.sys [2011-03-08 274944]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 clwvd;CyberLink WebCam Virtual Driver; C:\windows\system32\DRIVERS\clwvd.sys [2011-08-17 31216]
S3 iBtFltCoex;iBtFltCoex; C:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-03-22 59904]
S3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2010-12-16 12256512]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RTKVHD64.sys [2011-07-12 2917096]
S3 IntcDAud;Intel(R) Display Audio; C:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\windows\system32\DRIVERS\NETwNs64.sys [2011-05-01 8593920]
S3 pciide;pciide; C:\windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt64win7.sys [2011-04-22 471144]
S3 rtport;rtport; \??\C:\windows\SysWOW64\drivers\rtport.sys [2011-10-20 15144]
S3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\windows\system32\drivers\serscan.sys [2009-07-14 12288]
S3 TsUsbFlt;TsUsbFlt; C:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 usbscan;Ovladač skeneru USB; C:\windows\system32\drivers\usbscan.sys [2013-07-03 42496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys [2011-01-25 18432]
S3 WinUsb;WinUsb; C:\windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
S2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-18 65432]
S2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service; C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-04-21 1136640]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-03-30 923984]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-03-30 1001808]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service; C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-04-21 134928]
S2 c2cautoupdatesvc;Skype Click to Call Updater; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-07-14 1390176]
S2 c2cpnrsvc;Skype Click to Call PNR Service; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-07-14 1767520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-27 136176]
S2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2011-05-05 326424]
S2 NOBU;Norton Online Backup; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-06-01 2804568]
S2 NVSvc;NVIDIA Display Driver Service; C:\windows\system32\nvvsvc.exe [2012-10-02 891240]
S2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-10-08 1258856]
S2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [2009-12-01 244904]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S2 TeamViewer7;TeamViewer 7; C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-31 2754984]
S2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-05-05 2656536]
S2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09 262320]
S3 Bluetooth Media Service;Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-03-30 1321296]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-27 136176]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\windows\system32\IEEtwCollector.exe [2014-07-25 111616]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2012-04-18 1255736]
S4 aspnet_state;Stavová služba ASP.NET; C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S4 NetMsmqActivator;@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
-----------------EOF-----------------
