VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Zpomalení internetu (střídavé) podezření na trojana.

https://forum.viry.cz:443/viewtopic.php?t=141286

Stránka 1 z 2

Zpomalení internetu (střídavé) podezření na trojana.

Napsal: 15 lis 2014 13:06
od Pepathepig
Zdravím, asi před týdnem se mi začal zpomalovat internet a využití RAM a CPU vzrostlo o 5%. Zpomalení internetu se projevovalo masivně sníženou upload rychlostí (z 45Mb/s na 10 Mb/s a velice pomalým načítáním stránek jak v IE, tak v Chromu. Mám podezření, že se mi podařilo stáhnout nějaký virus, co z mého počítače buď odesílá data, nebo např.těží bitcoiny. Předem děkuji za pomoc.

Logfile of random's system information tool 1.10 (written by random/random)
Run by Petr at 2014-11-15 12:49:59
Microsoft Windows 8.1
System drive C: has 519 GB (57%) free of 905 GB
Total RAM: 16178 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:50:09, on 15. 11. 2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17416)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\ROCCAT\Isku Keyboard\IskuMonitor.exe
C:\Program Files (x86)\ROCCAT\Talk\TalkMonitor.exe
C:\Program Files (x86)\ROCCAT\Pyra Mouse\PyraMonitor.exe
C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\KoneXTDMonitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
C:\Program Files (x86)\Battle.net\Battle.net.5191\Battle.net.exe
C:\Program Files (x86)\Steam\GameOverlayUI.exe
C:\Windows\SysWOW64\prevhost.exe
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files\trend micro\Petr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s
O4 - HKLM\..\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
O4 - HKLM\..\Run: [RoccatIsku] "C:\Program Files (x86)\ROCCAT\Isku Keyboard\IskuMonitor.EXE"
O4 - HKLM\..\Run: [ROCCATTalk] "C:\Program Files (x86)\ROCCAT\Talk\TalkMonitor.EXE"
O4 - HKLM\..\Run: [ROCCAT Pyra Mouse] "C:\Program Files (x86)\ROCCAT\Pyra Mouse\PyraMonitor.EXE"
O4 - HKLM\..\Run: [RoccatKoneXTD] "C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\KoneXTDMonitor.EXE"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [SteelSeries Engine] C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
O4 - HKCU\..\Run: [Sony PC Companion] "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat do Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: Odeslat do Bluetooth - {2F56DCAA-153B-4479-B4E2-547405B34FB9} - C:\Program Files (x86)\Intel\Bluetooth\btSendToPage.htm (HKCU)
O9 - Extra 'Tools' menuitem: Odeslat do Bluetooth - {2F56DCAA-153B-4479-B4E2-547405B34FB9} - C:\Program Files (x86)\Intel\Bluetooth\btSendToPage.htm (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: ?????
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Intel® Centrino® Wireless Bluetooth® + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: Bluetooth Device Monitor - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth OBEX Service - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\WINDOWS\system32\EasyAntiCheat.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: ExpressCache - Condusiv Technologies - C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Update Manager (iumsvc) - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

--
End of file - 12838 bytes

======Listing Processes======





wininit.exe

C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
"C:\WINDOWS\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\WLANExt.exe 1073653188112
\??\C:\WINDOWS\system32\conhost.exe 0x4
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe" /service
"C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
dashost.exe {6dd0ec8f-c78e-4e11-890d0ed14b0b853b}
"C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe"
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe"
"C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe"

"C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe"
C:\WINDOWS\system32\wbem\unsecapp.exe -Embedding
C:\WINDOWS\system32\wbem\wmiprvse.exe
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" nss 29613163-519b-4816-9d41-c923ba175214 1
\??\C:\WINDOWS\system32\conhost.exe 0x4
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-10279afd-9979-4e2a-aaf1-1731d064a14e -SystemEventPortName:HostProcess-58f1d2a8-2466-4980-aefa-7124e648c2ea -IoCancelEventPortName:HostProcess-3e72d3fa-9e56-40cb-bc45-f6047e217840 -NonStateChangingEventPortName:HostProcess-41b45b49-8799-4156-83af-e1696ef819dd -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:e5d9c82e-43a5-45be-a367-5f4c36946143 -DeviceGroupId:WudfDefaultDevicePool
C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe"
"C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe"
"C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe"
"C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe"
"C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\WINDOWS\System32\WinLogon.exe -SpecialSession
-hiberboot
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\WINDOWS\system32\nvvsvc.exe -session
C:\WINDOWS\Explorer.EXE
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
taskhostex.exe
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" serviceapp
\??\C:\WINDOWS\system32\conhost.exe 0x4
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"C:\Windows\RTFTrack.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4
"C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe" /m
"C:\WINDOWS\System32\Macromed\Flash\FlashUtil_ActiveX.exe" -Embedding
"C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe" -start
"C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe"
"C:\Program Files (x86)\Lenovo\Energy Management\utility.exe"
"C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe"
"C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe"
"C:\Program Files (x86)\ROCCAT\Isku Keyboard\IskuMonitor.exe"
"C:\Program Files (x86)\ROCCAT\Talk\TalkMonitor.exe"
"C:\Program Files (x86)\ROCCAT\Pyra Mouse\PyraMonitor.exe"
"C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\KoneXTDMonitor.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17044_x64__8wekyb3d8bbwe\glcnd.exe" -ServerName:Microsoft.Reader.AppXtszmc7avrx02s7n8gch63tzwg517wd9k.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files (x86)\Steam\Steam.exe"
"C:\Program Files (x86)\Steam\bin\steamwebhelper.exe" -cefhost -cachedir "C:\Program Files (x86)\Steam\config\htmlcache" -cookiepath "C:\Program Files (x86)\Steam\config\cookies" -steampid 9332 --blacklist-accelerated-compositing --process-per-tab --disable-accelerated-video-decode --enable-direct-write
"C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService
"C:\Program Files (x86)\Steam\bin\steamwebhelper.exe" --type=renderer --disable-accelerated-video-decode --disable-delegated-renderer --disable-gpu-compositing --disable-threaded-compositing --enable-pinch --enable-software-compositing --no-sandbox --enable-direct-write --lang=en-US --lang=en-US --product-version="Valve Steam Client" --enable-pinch --disable-accelerated-compositing --disable-gpu-compositing --channel="6704.1.410258696\1182646659" /prefetch:673131151
C:/ProgramData/Battle.net/Agent/Agent.3526/Agent.exe --locale=enGB --session=10211586868883837456
C:\WINDOWS\system32\wbem\wmiprvse.exe
"C:/Program Files (x86)/Battle.net/Battle.net.5191/Battle.net.exe" "--gamepath=C:\Program Files (x86)\Hearthstone" --game=hs_beta
C:\Program Files (x86)\Steam\GameOverlayUI.exe -pid 2516 -manuallyclearframes 0
C:\WINDOWS\system32\prevhost.exe {914FEED8-267A-4BAA-B8AA-21E233792679} -Embedding
C:\Windows\SysWOW64\prevhost.exe {DC6EFB56-9CFA-464D-8880-44885D7DC193} -Embedding
"C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe" /b /id 16060_2743 /if pdfshell_prevd168caff-2141-40fe-b987-8169fa732239
"C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe" --channel=13692.0.1209833414 --type=renderer /b /id 16060_2743 /if pdfshell_prevd168caff-2141-40fe-b987-8169fa732239
"C:\Users\Petr\AppData\Local\Microsoft\Windows\INetCache\IE\M95FLLIF\msert.exe"
"C:\Users\Petr\AppData\Local\Microsoft\Windows\INetCache\IE\M95FLLIF\msert.exe" /RE
C:\WINDOWS\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:60
\??\C:\WINDOWS\system32\conhost.exe 0x4
"C:\Program Files\Internet Explorer\iexplore.exe"
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:11124 CREDAT:267521 /prefetch:2
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:11124 CREDAT:3413261 /prefetch:2
"C:\WINDOWS\System32\perfmon.exe" /res
"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-733613913-2694496044-2789402938-100280_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-733613913-2694496044-2789402938-100280 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"
"C:\WINDOWS\system32\SearchFilterHost.exe" 0 572 576 584 65536 580

"C:\Users\Petr\AppData\Local\Microsoft\Windows\INetCache\IE\X3BE6D8G\RSITx64.exe"

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\WINDOWS\tasks\Synaptics TouchPad Enhancements.job - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2014-10-14 218776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2014-10-14 2334928]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2014-10-14 153248]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-10-21 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2014-10-14 1729752]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-10-21 171944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtsFT"=C:\WINDOWS\RTFTrack.exe [2013-03-15 6346312]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-01-29 13267016]
"RtHDVBg_Dolby"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2013-01-18 1276488]
"IAStorIcon"=C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe [2013-01-31 36352]
"BTMTrayAgent"=C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [2012-09-30 11582848]
"SynLenovoGestureMgr"=C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [2013-03-08 677104]
"UMonit64"=C:\windows\SysWOW64\UMonit64.exe [2013-03-14 40960]
"OnekeyStudio"=C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [2012-09-14 4196432]
"Energy Management"=C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [2013-05-29 17080376]
"EnergyUtility"=C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [2013-05-29 191544]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-03-08 3041520]
"Nvtmru"=C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe []
"ShadowPlay"=C:\WINDOWS\system32\nvspcap64.dll [2014-05-30 1279480]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2014-05-30 2352072]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SteelSeries Engine"=C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe [2013-11-05 242688]
"Sony PC Companion"=C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [2014-05-23 466656]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"YouCam Tray"=C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [2012-10-31 168464]
"UpdateP2GShortCut"=C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [2012-04-19 217088]
"RemoteControl10"=C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [2012-03-29 91432]
"Intel AppUp(SM) center"=C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [2012-07-12 155488]
"RoccatIsku"=C:\Program Files (x86)\ROCCAT\Isku Keyboard\IskuMonitor.EXE [2012-11-09 542560]
"ROCCATTalk"=C:\Program Files (x86)\ROCCAT\Talk\TalkMonitor.EXE [2011-07-12 2154496]
"ROCCAT Pyra Mouse"=C:\Program Files (x86)\ROCCAT\Pyra Mouse\PyraMonitor.EXE [2010-09-07 532480]
"RoccatKoneXTD"=C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\KoneXTDMonitor.EXE [2013-10-25 552960]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-09-26 271744]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21 959176]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-11-15 12:49:59 ----D---- C:\rsit
2014-11-15 12:49:59 ----D---- C:\Program Files\trend micro
2014-11-14 17:16:50 ----A---- C:\WINDOWS\SYSWOW64\EasyAntiCheat.exe
2014-11-12 18:19:20 ----A---- C:\WINDOWS\system32\user32.dll
2014-11-12 18:19:19 ----A---- C:\WINDOWS\SYSWOW64\user32.dll
2014-11-12 18:19:19 ----A---- C:\WINDOWS\system32\drivers\WdNisDrv.sys
2014-11-12 18:19:19 ----A---- C:\WINDOWS\system32\drivers\WdFilter.sys
2014-11-12 18:19:18 ----A---- C:\WINDOWS\system32\drivers\WdBoot.sys
2014-11-12 18:19:16 ----A---- C:\WINDOWS\SYSWOW64\winshfhc.dll
2014-11-12 18:19:15 ----A---- C:\WINDOWS\system32\winshfhc.dll
2014-11-12 18:16:14 ----A---- C:\WINDOWS\SYSWOW64\msi.dll
2014-11-12 18:16:13 ----A---- C:\WINDOWS\system32\msi.dll
2014-11-12 18:16:13 ----A---- C:\WINDOWS\system32\authui.dll
2014-11-12 18:16:12 ----A---- C:\WINDOWS\SYSWOW64\authui.dll
2014-11-12 18:16:10 ----A---- C:\WINDOWS\SYSWOW64\msihnd.dll
2014-11-12 18:16:10 ----A---- C:\WINDOWS\system32\msihnd.dll
2014-11-12 18:16:10 ----A---- C:\WINDOWS\system32\consent.exe
2014-11-12 18:16:10 ----A---- C:\WINDOWS\system32\appinfo.dll
2014-11-12 08:38:15 ----A---- C:\WINDOWS\system32\mshtml.dll
2014-11-12 08:38:12 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll
2014-11-12 08:37:45 ----A---- C:\WINDOWS\system32\ieframe.dll
2014-11-12 08:37:39 ----A---- C:\WINDOWS\SYSWOW64\ieframe.dll
2014-11-12 08:37:36 ----A---- C:\WINDOWS\system32\jscript9.dll
2014-11-12 08:37:34 ----A---- C:\WINDOWS\SYSWOW64\jscript9.dll
2014-11-12 08:37:33 ----A---- C:\WINDOWS\system32\wininet.dll
2014-11-12 08:37:32 ----A---- C:\WINDOWS\SYSWOW64\wininet.dll
2014-11-12 08:37:32 ----A---- C:\WINDOWS\SYSWOW64\urlmon.dll
2014-11-12 08:37:32 ----A---- C:\WINDOWS\system32\urlmon.dll
2014-11-12 08:37:32 ----A---- C:\WINDOWS\system32\iertutil.dll
2014-11-12 08:37:31 ----A---- C:\WINDOWS\SYSWOW64\inetcomm.dll
2014-11-12 08:37:31 ----A---- C:\WINDOWS\SYSWOW64\iertutil.dll
2014-11-12 08:37:31 ----A---- C:\WINDOWS\system32\inetcomm.dll
2014-11-12 08:37:31 ----A---- C:\WINDOWS\system32\actxprxy.dll
2014-11-12 08:37:30 ----A---- C:\WINDOWS\SYSWOW64\jscript.dll
2014-11-12 08:37:30 ----A---- C:\WINDOWS\system32\jscript9diag.dll
2014-11-12 08:37:30 ----A---- C:\WINDOWS\system32\jscript.dll
2014-11-12 08:37:29 ----A---- C:\WINDOWS\system32\msfeeds.dll
2014-11-12 08:37:29 ----A---- C:\WINDOWS\system32\ieui.dll
2014-11-12 08:37:28 ----A---- C:\WINDOWS\SYSWOW64\vbscript.dll
2014-11-12 08:37:28 ----A---- C:\WINDOWS\SYSWOW64\msfeeds.dll
2014-11-12 08:37:28 ----A---- C:\WINDOWS\SYSWOW64\jscript9diag.dll
2014-11-12 08:37:28 ----A---- C:\WINDOWS\SYSWOW64\ieui.dll
2014-11-12 08:37:28 ----A---- C:\WINDOWS\system32\vbscript.dll
2014-11-12 08:37:27 ----A---- C:\WINDOWS\SYSWOW64\ieapfltr.dll
2014-11-12 08:37:26 ----A---- C:\WINDOWS\SYSWOW64\dxtrans.dll
2014-11-12 08:37:26 ----A---- C:\WINDOWS\SYSWOW64\dxtmsft.dll
2014-11-12 08:37:26 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2014-11-12 08:37:26 ----A---- C:\WINDOWS\system32\dxtrans.dll
2014-11-12 08:37:26 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2014-11-12 08:37:25 ----A---- C:\WINDOWS\system32\ieetwproxystub.dll
2014-11-12 08:37:24 ----A---- C:\WINDOWS\SYSWOW64\webcheck.dll
2014-11-12 08:37:24 ----A---- C:\WINDOWS\SYSWOW64\iedkcs32.dll
2014-11-12 08:37:24 ----A---- C:\WINDOWS\system32\webcheck.dll
2014-11-12 08:37:23 ----A---- C:\WINDOWS\SYSWOW64\msrating.dll
2014-11-12 08:37:23 ----A---- C:\WINDOWS\SYSWOW64\hlink.dll
2014-11-12 08:37:23 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2014-11-12 08:37:22 ----A---- C:\WINDOWS\SYSWOW64\iesysprep.dll
2014-11-12 08:37:22 ----A---- C:\WINDOWS\system32\msrating.dll
2014-11-12 08:37:22 ----A---- C:\WINDOWS\system32\ieUnatt.exe
2014-11-12 08:37:22 ----A---- C:\WINDOWS\system32\iesysprep.dll
2014-11-12 08:37:22 ----A---- C:\WINDOWS\system32\iepeers.dll
2014-11-12 08:37:22 ----A---- C:\WINDOWS\system32\ieetwcollector.exe
2014-11-12 08:37:22 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2014-11-12 08:37:22 ----A---- C:\WINDOWS\system32\hlink.dll
2014-11-12 08:37:21 ----A---- C:\WINDOWS\SYSWOW64\inseng.dll
2014-11-12 08:37:21 ----A---- C:\WINDOWS\SYSWOW64\ieUnatt.exe
2014-11-12 08:37:21 ----A---- C:\WINDOWS\SYSWOW64\iepeers.dll
2014-11-12 08:37:21 ----A---- C:\WINDOWS\SYSWOW64\actxprxy.dll
2014-11-12 08:37:21 ----A---- C:\WINDOWS\system32\inseng.dll
2014-11-12 08:37:20 ----A---- C:\WINDOWS\SYSWOW64\occache.dll
2014-11-12 08:37:20 ----A---- C:\WINDOWS\SYSWOW64\mshtmled.dll
2014-11-12 08:37:20 ----A---- C:\WINDOWS\SYSWOW64\msfeedsbs.dll
2014-11-12 08:37:20 ----A---- C:\WINDOWS\SYSWOW64\jsproxy.dll
2014-11-12 08:37:20 ----A---- C:\WINDOWS\SYSWOW64\IEAdvpack.dll
2014-11-12 08:37:20 ----A---- C:\WINDOWS\system32\mshtmled.dll
2014-11-12 08:37:20 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2014-11-12 08:37:20 ----A---- C:\WINDOWS\system32\jsproxy.dll
2014-11-12 08:37:20 ----A---- C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-11-12 08:37:19 ----A---- C:\WINDOWS\SYSWOW64\MshtmlDac.dll
2014-11-12 08:37:19 ----A---- C:\WINDOWS\SYSWOW64\JavaScriptCollectionAgent.dll
2014-11-12 08:37:19 ----A---- C:\WINDOWS\SYSWOW64\imgutil.dll
2014-11-12 08:37:19 ----A---- C:\WINDOWS\SYSWOW64\iexpress.exe
2014-11-12 08:37:19 ----A---- C:\WINDOWS\system32\occache.dll
2014-11-12 08:37:19 ----A---- C:\WINDOWS\system32\MshtmlDac.dll
2014-11-12 08:37:19 ----A---- C:\WINDOWS\system32\imgutil.dll
2014-11-12 08:37:18 ----A---- C:\WINDOWS\SYSWOW64\wextract.exe
2014-11-12 08:37:18 ----A---- C:\WINDOWS\SYSWOW64\pngfilt.dll
2014-11-12 08:37:18 ----A---- C:\WINDOWS\SYSWOW64\licmgr10.dll
2014-11-12 08:37:18 ----A---- C:\WINDOWS\SYSWOW64\iernonce.dll
2014-11-12 08:37:18 ----A---- C:\WINDOWS\SYSWOW64\ieetwproxystub.dll
2014-11-12 08:37:18 ----A---- C:\WINDOWS\system32\pngfilt.dll
2014-11-12 08:37:18 ----A---- C:\WINDOWS\system32\licmgr10.dll
2014-11-12 08:37:17 ----A---- C:\WINDOWS\SYSWOW64\url.dll
2014-11-12 08:37:17 ----A---- C:\WINDOWS\SYSWOW64\iesetup.dll
2014-11-12 08:37:17 ----A---- C:\WINDOWS\system32\wextract.exe
2014-11-12 08:37:17 ----A---- C:\WINDOWS\system32\url.dll
2014-11-12 08:37:17 ----A---- C:\WINDOWS\system32\iernonce.dll
2014-11-12 08:37:17 ----A---- C:\WINDOWS\system32\IEAdvpack.dll
2014-11-12 08:37:16 ----A---- C:\WINDOWS\SYSWOW64\mshta.exe
2014-11-12 08:37:16 ----A---- C:\WINDOWS\SYSWOW64\msfeedssync.exe
2014-11-12 08:37:16 ----A---- C:\WINDOWS\system32\mshta.exe
2014-11-12 08:37:16 ----A---- C:\WINDOWS\system32\msfeedssync.exe
2014-11-12 08:37:16 ----A---- C:\WINDOWS\system32\iexpress.exe
2014-11-12 08:37:16 ----A---- C:\WINDOWS\system32\iesetup.dll
2014-11-12 08:35:14 ----A---- C:\WINDOWS\SYSWOW64\schannel.dll
2014-11-12 08:35:14 ----A---- C:\WINDOWS\SYSWOW64\ncryptsslp.dll
2014-11-12 08:35:14 ----A---- C:\WINDOWS\system32\schannel.dll
2014-11-12 08:35:14 ----A---- C:\WINDOWS\system32\ncryptsslp.dll
2014-11-12 08:35:14 ----A---- C:\WINDOWS\system32\dpapisrv.dll
2014-11-12 08:35:08 ----A---- C:\WINDOWS\SYSWOW64\certcli.dll
2014-11-12 08:35:08 ----A---- C:\WINDOWS\system32\rdpcorets.dll
2014-11-12 08:35:08 ----A---- C:\WINDOWS\system32\lsasrv.dll
2014-11-12 08:35:08 ----A---- C:\WINDOWS\system32\drivers\ksecpkg.sys
2014-11-12 08:35:08 ----A---- C:\WINDOWS\system32\drivers\cng.sys
2014-11-12 08:35:08 ----A---- C:\WINDOWS\system32\certcli.dll
2014-11-12 08:35:08 ----A---- C:\WINDOWS\system32\adtschema.dll
2014-11-12 08:35:07 ----A---- C:\WINDOWS\SYSWOW64\msaudite.dll
2014-11-12 08:35:07 ----A---- C:\WINDOWS\SYSWOW64\adtschema.dll
2014-11-12 08:35:07 ----A---- C:\WINDOWS\system32\rfxvmt.dll
2014-11-12 08:35:07 ----A---- C:\WINDOWS\system32\rdpudd.dll
2014-11-12 08:35:07 ----A---- C:\WINDOWS\system32\msaudite.dll
2014-11-12 08:35:07 ----A---- C:\WINDOWS\system32\drivers\rdpvideominiport.sys
2014-11-12 08:34:59 ----A---- C:\WINDOWS\SYSWOW64\wuwebv.dll
2014-11-12 08:34:59 ----A---- C:\WINDOWS\SYSWOW64\wudriver.dll
2014-11-12 08:34:59 ----A---- C:\WINDOWS\SYSWOW64\wuapp.exe
2014-11-12 08:34:59 ----A---- C:\WINDOWS\SYSWOW64\wuapi.dll
2014-11-12 08:34:59 ----A---- C:\WINDOWS\system32\wuwebv.dll
2014-11-12 08:34:59 ----A---- C:\WINDOWS\system32\WUSettingsProvider.dll
2014-11-12 08:34:59 ----A---- C:\WINDOWS\system32\wups2.dll
2014-11-12 08:34:59 ----A---- C:\WINDOWS\system32\wups.dll
2014-11-12 08:34:59 ----A---- C:\WINDOWS\system32\wudriver.dll
2014-11-12 08:34:59 ----A---- C:\WINDOWS\system32\wucltux.dll
2014-11-12 08:34:59 ----A---- C:\WINDOWS\system32\wuaueng.dll
2014-11-12 08:34:59 ----A---- C:\WINDOWS\system32\wuauclt.exe
2014-11-12 08:34:59 ----A---- C:\WINDOWS\system32\wuapi.dll
2014-11-12 08:34:58 ----A---- C:\WINDOWS\SYSWOW64\wups.dll
2014-11-12 08:34:58 ----A---- C:\WINDOWS\system32\wuapp.exe
2014-11-12 08:34:58 ----A---- C:\WINDOWS\system32\wuaext.dll
2014-11-12 08:34:54 ----A---- C:\WINDOWS\SYSWOW64\oleaut32.dll
2014-11-12 08:34:54 ----A---- C:\WINDOWS\system32\oleaut32.dll
2014-11-12 07:30:41 ----A---- C:\WINDOWS\SYSWOW64\msxml3.dll
2014-11-12 07:30:41 ----A---- C:\WINDOWS\system32\msxml3.dll
2014-11-12 07:30:37 ----A---- C:\WINDOWS\system32\audiosrv.dll
2014-11-12 07:30:36 ----A---- C:\WINDOWS\system32\AudioSes.dll
2014-11-12 07:30:35 ----A---- C:\WINDOWS\system32\AUDIOKSE.dll
2014-11-12 07:30:34 ----A---- C:\WINDOWS\SYSWOW64\AudioSes.dll
2014-11-12 07:30:34 ----A---- C:\WINDOWS\SYSWOW64\AUDIOKSE.dll
2014-11-12 07:30:34 ----A---- C:\WINDOWS\SYSWOW64\AudioEng.dll
2014-11-12 07:30:34 ----A---- C:\WINDOWS\system32\AudioEng.dll
2014-11-12 07:30:34 ----A---- C:\WINDOWS\system32\AudioEndpointBuilder.dll
2014-11-12 07:30:34 ----A---- C:\WINDOWS\system32\audiodg.exe
2014-11-12 07:30:33 ----A---- C:\WINDOWS\system32\EncDump.dll
2014-11-12 07:30:32 ----A---- C:\WINDOWS\system32\win32k.sys
2014-11-12 07:30:31 ----A---- C:\WINDOWS\SYSWOW64\packager.dll
2014-11-12 07:30:31 ----A---- C:\WINDOWS\system32\packager.dll
2014-11-12 07:30:25 ----A---- C:\WINDOWS\system32\shell32.dll
2014-11-12 07:30:22 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2014-11-12 07:30:21 ----A---- C:\WINDOWS\SYSWOW64\shell32.dll
2014-11-12 07:30:17 ----A---- C:\WINDOWS\system32\SettingsHandlers.dll
2014-11-12 07:30:16 ----A---- C:\WINDOWS\system32\twinui.dll
2014-11-12 07:30:15 ----A---- C:\WINDOWS\system32\drivers\tcpip.sys
2014-11-12 07:30:14 ----A---- C:\WINDOWS\system32\localspl.dll
2014-11-12 07:30:13 ----A---- C:\WINDOWS\system32\MFMediaEngine.dll
2014-11-12 07:30:12 ----A---- C:\WINDOWS\system32\mfmp4srcsnk.dll
2014-11-12 07:30:11 ----A---- C:\WINDOWS\SYSWOW64\twinui.dll
2014-11-12 07:30:09 ----A---- C:\WINDOWS\SYSWOW64\mfmp4srcsnk.dll
2014-11-12 07:30:09 ----A---- C:\WINDOWS\SYSWOW64\MFMediaEngine.dll
2014-11-12 07:30:09 ----A---- C:\WINDOWS\system32\win32spl.dll
2014-11-12 07:30:08 ----A---- C:\WINDOWS\system32\drivers\netio.sys
2014-11-12 07:30:07 ----A---- C:\WINDOWS\SYSWOW64\WsmSvc.dll
2014-11-12 07:30:07 ----A---- C:\WINDOWS\system32\WsmSvc.dll
2014-11-12 07:30:06 ----A---- C:\WINDOWS\system32\puiobj.dll
2014-11-12 07:30:05 ----A---- C:\WINDOWS\SYSWOW64\puiobj.dll
2014-11-12 07:30:03 ----AC---- C:\WINDOWS\system32\drivers\USBSTOR.SYS
2014-11-12 07:30:02 ----A---- C:\WINDOWS\SYSWOW64\untfs.dll
2014-11-12 07:30:02 ----A---- C:\WINDOWS\system32\untfs.dll
2014-11-12 07:30:02 ----A---- C:\WINDOWS\system32\drivers\FWPKCLNT.SYS
2014-11-12 07:30:01 ----A---- C:\WINDOWS\system32\FXSCOMEX.dll
2014-11-12 07:30:00 ----A---- C:\WINDOWS\system32\FXSAPI.dll
2014-11-12 07:29:59 ----A---- C:\WINDOWS\SYSWOW64\FXSAPI.dll
2014-11-09 13:20:42 ----D---- C:\Users\Petr\AppData\Roaming\MPEG Streamclip
2014-11-09 12:43:40 ----D---- C:\ProgramData\Apple
2014-11-09 12:33:49 ----D---- C:\ProgramData\regid.1986-12.com.adobe
2014-11-09 11:28:33 ----D---- C:\Program Files\Common Files\Adobe
2014-11-08 09:53:23 ----A---- C:\WINDOWS\IsUn0405.exe
2014-11-07 21:01:23 ----D---- C:\Users\Petr\AppData\Roaming\BANDISOFT
2014-11-07 20:48:26 ----D---- C:\Users\Petr\AppData\Roaming\Publish Providers
2014-11-07 20:46:16 ----D---- C:\Users\Petr\AppData\Roaming\Sony
2014-11-05 18:22:42 ----D---- C:\Program Files (x86)\Adobe
2014-11-05 18:22:31 ----D---- C:\ProgramData\Adobe
2014-10-21 18:19:12 ----A---- C:\WINDOWS\SYSWOW64\javaws.exe
2014-10-21 18:19:11 ----A---- C:\WINDOWS\SYSWOW64\WindowsAccessBridge-32.dll
2014-10-21 18:19:11 ----A---- C:\WINDOWS\SYSWOW64\javaw.exe
2014-10-21 18:19:11 ----A---- C:\WINDOWS\SYSWOW64\java.exe
2014-10-21 18:19:07 ----D---- C:\Program Files (x86)\Java
2014-10-20 17:09:50 ----D---- C:\Users\Petr\AppData\Roaming\.mono

======List of files/folders modified in the last 1 month======

2014-11-15 12:50:05 ----D---- C:\WINDOWS\Prefetch
2014-11-15 12:50:01 ----D---- C:\WINDOWS\Temp
2014-11-15 12:49:59 ----RD---- C:\Program Files
2014-11-15 12:34:21 ----RD---- C:\Program Files (x86)
2014-11-15 12:34:20 ----HD---- C:\ProgramData
2014-11-15 12:34:20 ----D---- C:\WINDOWS\SysWOW64
2014-11-15 12:34:20 ----D---- C:\Windows
2014-11-15 12:33:01 ----SHD---- C:\WINDOWS\Installer
2014-11-15 12:32:47 ----D---- C:\ProgramData\Sony
2014-11-15 12:32:47 ----D---- C:\Program Files (x86)\Sony
2014-11-15 12:29:12 ----SHD---- C:\System Volume Information
2014-11-15 12:27:23 ----RD---- C:\WINDOWS\System32
2014-11-15 12:02:00 ----D---- C:\WINDOWS\system32\sru
2014-11-15 09:52:23 ----D---- C:\Program Files (x86)\Steam
2014-11-15 09:52:08 ----D---- C:\WINDOWS\Inf
2014-11-15 09:52:08 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2014-11-15 09:50:41 ----D---- C:\WINDOWS\AppReadiness
2014-11-14 18:37:30 ----D---- C:\WINDOWS\system32\config
2014-11-14 18:11:40 ----D---- C:\WINDOWS\system32\DriverStore
2014-11-14 15:34:25 ----HD---- C:\Program Files\WindowsApps
2014-11-13 21:11:02 ----D---- C:\WINDOWS\Tasks
2014-11-13 18:42:12 ----D---- C:\WINDOWS\rescache
2014-11-13 18:31:47 ----D---- C:\WINDOWS\WinSxS
2014-11-13 18:26:51 ----D---- C:\WINDOWS\Microsoft.NET
2014-11-13 18:26:26 ----RSD---- C:\WINDOWS\assembly
2014-11-13 18:26:03 ----D---- C:\WINDOWS\system32\catroot2
2014-11-13 16:57:20 ----D---- C:\Program Files (x86)\Battle.net
2014-11-13 16:29:54 ----D---- C:\Program Files (x86)\Hearthstone
2014-11-13 08:23:48 ----A---- C:\IFRToolLog.txt
2014-11-13 07:27:56 ----D---- C:\ProgramData\NVIDIA
2014-11-12 22:28:46 ----D---- C:\WINDOWS\system32\drivers
2014-11-12 22:28:46 ----D---- C:\Program Files\Windows Defender
2014-11-12 22:28:46 ----D---- C:\Program Files (x86)\Windows Defender
2014-11-12 22:28:45 ----D---- C:\WINDOWS\SYSWOW64\migration
2014-11-12 22:28:45 ----D---- C:\WINDOWS\SYSWOW64\cs-CZ
2014-11-12 22:28:45 ----D---- C:\WINDOWS\system32\wbem
2014-11-12 22:28:45 ----D---- C:\WINDOWS\system32\cs-CZ
2014-11-12 22:28:45 ----D---- C:\Program Files (x86)\Internet Explorer
2014-11-12 22:28:44 ----RD---- C:\WINDOWS\ToastData
2014-11-12 22:28:44 ----D---- C:\WINDOWS\system32\migration
2014-11-12 22:28:44 ----D---- C:\Program Files\Internet Explorer
2014-11-12 22:28:43 ----RD---- C:\WINDOWS\ImmersiveControlPanel
2014-11-12 22:28:43 ----D---- C:\WINDOWS\apppatch
2014-11-12 18:40:09 ----D---- C:\WINDOWS\CbsTemp
2014-11-12 18:32:13 ----D---- C:\WINDOWS\system32\MRT
2014-11-12 18:32:10 ----A---- C:\WINDOWS\system32\MRT.exe
2014-11-12 08:35:54 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2014-11-12 08:34:52 ----D---- C:\Program Files\Microsoft Office 15
2014-11-11 20:31:02 ----D---- C:\Program Files (x86)\ROCCAT
2014-11-11 20:23:53 ----SHD---- C:\WINDOWS\SYSWOW64\AI_RecycleBin
2014-11-09 12:58:40 ----D---- C:\WINDOWS\system32\Tasks
2014-11-09 12:58:03 ----D---- C:\Program Files (x86)\Common Files
2014-11-09 12:34:02 ----D---- C:\Users\Petr\AppData\Roaming\Adobe
2014-11-09 12:30:51 ----D---- C:\Users\Petr\AppData\Roaming\vlc
2014-11-09 11:28:55 ----D---- C:\ProgramData\Package Cache
2014-11-09 11:28:33 ----D---- C:\Program Files\Common Files
2014-11-09 10:52:28 ----D---- C:\Users\Petr\AppData\Roaming\TS3Client
2014-11-05 18:23:29 ----SD---- C:\Users\Petr\AppData\Roaming\Microsoft
2014-10-30 12:25:26 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2014-10-30 01:55:02 ----A---- C:\WINDOWS\SYSWOW64\FlashPlayerApp.exe
2014-10-23 14:56:07 ----D---- C:\WINDOWS\system32\NDF
2014-10-21 18:19:17 ----D---- C:\ProgramData\Oracle

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 excsd;ExpressCache Storage Filter Driver; C:\WINDOWS\system32\DRIVERS\excsd.sys [2013-01-08 112552]
R0 iaStorA;iaStorA; C:\WINDOWS\System32\drivers\iaStorA.sys [2013-01-31 652784]
R0 LHDmgr;LHDmgr; C:\WINDOWS\System32\DRIVERS\LhdX64.sys [2013-05-29 39008]
R1 excfs;ExpressCache File System Filter Driver; C:\WINDOWS\system32\DRIVERS\excfs.sys [2013-01-08 26024]
R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\WINDOWS\system32\DRIVERS\vwififlt.sys [2014-04-30 71680]
R3 ACPIVPC;@oem58.inf,%ACPIVPC.SvcDesc%;Lenovo Virtual Power Controller Driver; C:\WINDOWS\System32\drivers\AcpiVpc.sys [2013-05-29 33560]
R3 AMPPAL;@oem12.inf,%AMPPAL.SVCDESC%;Virtuální adaptér Intel® Centrino® Wireless Bluetooth® + High Speed; C:\WINDOWS\System32\drivers\AMPPAL.sys [2013-02-13 164832]
R3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Služba Bluetooth Enumerator; C:\WINDOWS\System32\drivers\BthEnum.sys [2013-08-22 53248]
R3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Bluetooth Low Energy Driver; C:\WINDOWS\System32\drivers\BthLEEnum.sys [2013-12-04 226304]
R3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\WINDOWS\System32\drivers\bthpan.sys [2014-07-24 118272]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2014-01-31 81920]
R3 btmhsf;btmhsf; C:\WINDOWS\system32\DRIVERS\btmhsf.sys [2012-10-01 1337216]
R3 busenum;@oem1.inf,%SvcDesc%;SteelBusSvc; C:\WINDOWS\System32\drivers\SteelBus64.sys [2013-10-30 140800]
R3 iBtFltCoex;iBtFltCoex; C:\WINDOWS\system32\DRIVERS\iBtFltCoex.sys [2012-08-06 68136]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RTKVHD64.sys [2013-01-29 3311944]
R3 L1C;@netl1c63x64.inf,%L1C.Service.DispName%;NDIS Miniport – ovladač pro řadič Qualcomm Atheros AR81xx PCI-E Ethernet; C:\WINDOWS\system32\DRIVERS\L1C63x64.sys [2013-06-18 129224]
R3 MEIx64;@oem3.inf,%HECI_SvcDesc%;Intel(R) Management Engine Interface ; C:\WINDOWS\System32\drivers\HECIx64.sys [2013-03-12 64624]
R3 NETwNe64;@oem71.inf,___ %NIC_Service_DispName_WIN8_64%;___ Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows 8 64 Bit; C:\WINDOWS\system32\DRIVERS\NETwew00.sys [2013-09-04 3345376]
R3 NVHDA;@oem76.inf,%NVHDA.SvcDesc%;Service for NVIDIA High Definition Audio Driver; C:\WINDOWS\system32\drivers\nvhda64v.sys [2013-11-28 197408]
R3 nvlddmkm;nvlddmkm; C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys [2014-05-20 12688328]
R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-05-30 20256]
R3 nvvad_WaveExtensible;@oem77.inf,%nvvad_WaveExtensible.SvcDesc%;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\WINDOWS\system32\drivers\nvvad64v.sys [2014-03-31 40392]
R3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\System32\drivers\rfcomm.sys [2014-01-27 167424]
R3 rtsuvc;@oem40.inf,%rtsuvc.DeviceDesc%;Lenovo EasyCamera; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [2013-03-15 8243272]
R3 SmbDrvI;SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [2013-03-08 33008]
R3 SynTP;@oem6.inf,%SynTP.SvcDesc%;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2013-03-08 473840]
R3 usbaudio;@wdma_usb.inf,%USBAudio.SvcDesc%;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2013-12-13 121088]
R3 vwifimp;@%SystemRoot%\System32\drivers\vwifimp.sys,-261; C:\WINDOWS\system32\DRIVERS\vwifimp.sys [2014-04-30 38912]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2014-07-24 1200640]
S3 GeneStor;@oem56.inf,%GENESTOR.SvcDesc%;Genesys Logic Storage Driver; C:\WINDOWS\System32\drivers\GeneStor.sys [2013-03-22 91368]
S3 ggflt;@oem125.inf,%SvcFltDesc%;SOMC USB Flash Driver Filter; C:\WINDOWS\System32\drivers\ggflt.sys [2014-07-06 16088]
S3 ggsomc;@oem125.inf,%SvcDesc%;SOMC USB Flash Driver; C:\WINDOWS\System32\drivers\ggsomc.sys [2014-07-06 30424]
S3 WinUsb;@wpdmtp.inf,%WinUsb.SvcDesc%;WinUsb; C:\WINDOWS\system32\DRIVERS\WinUsb.sys [2013-08-22 78848]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-09-12 64704]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service; C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2013-02-13 770528]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-09-30 1112000]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2012-09-30 1132480]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service; C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-09-13 135984]
R2 ClickToRunSvc;Služba Microsoft Office ClickToRun; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2014-10-30 2443960]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2013-02-09 621296]
R2 ExpressCache;ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [2013-01-08 107944]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-01-31 15344]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-02-13 731648]
R2 Intel(R) ME Service;Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2013-03-12 131544]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2013-03-12 169432]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2013-03-12 366552]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-05-30 1631008]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-05-30 21055432]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvvsvc.exe [2014-05-20 927520]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2013-02-09 149744]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-05-20 413128]
R3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2013-08-03 43696]
R3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2014-11-12 833728]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-21 116648]
S3 EasyAntiCheat;EasyAntiCheat; C:\WINDOWS\syswow64\EasyAntiCheat.exe [2014-11-07 182304]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-21 116648]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-02-13 820184]
S3 iumsvc;Intel(R) Update Manager; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28 174368]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2013-02-09 273136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2013-02-01 150600]
S3 Sony PC Companion;Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2013-02-04 155824]

-----------------EOF-----------------

Re: Zpomalení internetu (střídavé) podezření na trojana.

Napsal: 15 lis 2014 13:22
od altrok
Prijemnou sobotu Vam preju :bye:

:arrow: V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose).

:arrow: Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
  • ukoncete vsechny programy
  • kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
  • kliknete na Scan, pote na Clean
  • po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner [Sx].txt), jehoz obsah mi zkopirujte do pristi odpovedi
:arrow: Ulozte na plochu zoek.exe http://hijackthis.nl/smeenk/zoek.htm
  • spustte jako spravce
  • do velkeho okna zkopirujte script uvedeny nize
  • kliknete na Run script
  • po restartu na Vas vyskoci log (pripadne jej najdete v C:\zoek-results.log) - vlozte mi jej do pristi odpovedi

    Kód: Vybrat vše

    autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

Re: Zpomalení internetu (střídavé) podezření na trojana.

Napsal: 15 lis 2014 13:31
od Pepathepig
Tady je ten Adwcleaner:

# AdwCleaner v4.101 - Report created 15/11/2014 at 13:28:06
# Updated 09/11/2014 by Xplode
# Database : 2014-11-13.1 [Live]
# Operating System : Windows 8.1 (64 bits)
# Username : Petr - PETR-GAMING
# Running from : C:\Users\Petr\Desktop\adwcleaner_4.101.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\greoaTsavEri
Folder Deleted : C:\ProgramData\ef8f7ad72dc5af14
Folder Deleted : C:\Program Files (x86)\greoaTsavEri
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\torch
Folder Deleted : C:\Users\Petr\AppData\Local\torch
Folder Deleted : C:\Users\Petr\AppData\Local\CrashRpt
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lddmkkompeolhkfphaicaonfinmneogj
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lddmkkompeolhkfphaicaonfinmneogj
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lddmkkompeolhkfphaicaonfinmneogj
Folder Deleted : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lddmkkompeolhkfphaicaonfinmneogj
Folder Deleted : C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lddmkkompeolhkfphaicaonfinmneogj
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lddmkkompeolhkfphaicaonfinmneogj
Folder Deleted : C:\Users\Petr\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lddmkkompeolhkfphaicaonfinmneogj
File Deleted : C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_continuetosave.info_0.localstorage
File Deleted : C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_continuetosave.info_0.localstorage-journal

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CA41BB14-E67B-1653-C57B-5CA99418A866}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\icq.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\wlogin.icq.com

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Google Chrome v38.0.2125.111

[C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.searchqu.com/web?src=crb&appid=102& ... earchTerms}

-\\ Comodo Dragon v

[C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.searchqu.com/web?src=crb&appid=102& ... earchTerms}

*************************

AdwCleaner[R0].txt - [2783 octets] - [15/11/2014 13:27:06]
AdwCleaner[S0].txt - [2928 octets] - [15/11/2014 13:28:06]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2988 octets] ##########

Re: Zpomalení internetu (střídavé) podezření na trojana.

Napsal: 15 lis 2014 13:49
od Pepathepig
A tady je ten Zoek: Mockrát děkuji za tak rychlou odpověď!


Zoek.exe v5.0.0.0 Updated 14-November-2014
Tool run by Petr on so 15. 11. 2014 at 13:33:26,07.
Microsoft Windows 8.1 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Petr\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

15. 11. 2014 13:34:07 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\PROGRA~3\InstallMate deleted
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Users\Petr\AppData\LocalLow\{799FCC36-09EE-5D86-AA18-917C92CE7C77} deleted
C:\WINDOWS\SysWow64\AI_RecycleBin deleted

==== Fake Chromium Profiles Check ======================

Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Administrator\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\Guest\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\Guest\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Guest\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\Petr\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Petr\AppData\Local\Comodo\Dragon deleted

==== Chromium Look ======================

Angry Birds - Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj
Beatlab - Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\alnfdikmbdfgkcbdodjcbmedanjinmkk
Spotify - Music for every moment - Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh
Lounge Assistant - Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\enjonnlehciedbcidabdglnnihcncbml
Until AM Web App - Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\kodigjkcpaoeodlnmcnekemakpnmegnk

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{DC765A5F-8B90-478A-8F2A-01DE14449712}"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IESR02"
{DC765A5F-8B90-478A-8F2A-01DE14449712} Unknown Url="Not_Found"

==== Reset Google Chrome ======================

C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\TTA~1\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\TTA~1\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{DC765A5F-8B90-478A-8F2A-01DE14449712} deleted successfully
HKEY_USERS\S-1-5-21-733613913-2694496044-2789402938-1002\Software\Microsoft\Internet Explorer\SearchScopes\{DC765A5F-8B90-478A-8F2A-01DE14449712} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Petr\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Petr\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Users\TTA~1\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\TTA~1\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Petr\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Users\TTA~1\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\TTA~1\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Petr\AppData\Local\Microsoft\Windows\INetCache\IE\AWEIPX2G will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\TTA~1\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=36 folders=40 115423633 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Petr\AppData\Local\Temp will be emptied at reboot
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\Users\TTA~1\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\Petr\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found
"C:\Users\Petr\AppData\Local\Microsoft\Windows\INetCache\IE\AWEIPX2G" not found

==== EOF on so 15. 11. 2014 at 13:48:35,05 ======================

Re: Zpomalení internetu (střídavé) podezření na trojana.

Napsal: 15 lis 2014 13:52
od altrok
:arrow: Dejte novy log FRST.txt, prilozte i Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101

Re: Zpomalení internetu (střídavé) podezření na trojana.

Napsal: 15 lis 2014 14:01
od Pepathepig
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2014
Ran by Petr (administrator) on PETR-GAMING on 15-11-2014 13:59:28
Running from C:\Users\Petr\Desktop
Loaded Profiles: Petr (Available profiles: Petr & Táta)
Platform: Windows 8.1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Condusiv Technologies) C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
() C:\Windows\SysWOW64\UMonit64.exe
(Lenovo) C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(ROCCAT GmbH) C:\Program Files (x86)\ROCCAT\Isku Keyboard\IskuMonitor.exe
(ROCCAT GmbH) C:\Program Files (x86)\ROCCAT\Talk\TalkMonitor.exe
(ROCCAT) C:\Program Files (x86)\ROCCAT\Pyra Mouse\PyraMonitor.exe
(ROCCAT GmbH) C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\KoneXTDMonitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17044_x64__8wekyb3d8bbwe\glcnd.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(forum.viry.cz) C:\Users\Petr\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6346312 2013-03-15] (Realtek semiconductor)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13267016 2013-01-29] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1276488 2013-01-18] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [677104 2013-03-08] (Synaptics)
HKLM\...\Run: [UMonit64] => C:\windows\SysWOW64\UMonit64.exe [40960 2013-03-14] ()
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-14] (Lenovo)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2013-05-29] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2013-05-29] (Lenovo(beijing) Limited)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3041520 2013-03-08] (Synaptics Incorporated)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-30] (NVIDIA Corporation)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-31] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-19] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [RoccatIsku] => C:\Program Files (x86)\ROCCAT\Isku Keyboard\IskuMonitor.EXE [542560 2012-11-09] (ROCCAT GmbH)
HKLM-x32\...\Run: [ROCCATTalk] => C:\Program Files (x86)\ROCCAT\Talk\TalkMonitor.EXE [2154496 2011-07-12] (ROCCAT GmbH)
HKLM-x32\...\Run: [ROCCAT Pyra Mouse] => C:\Program Files (x86)\ROCCAT\Pyra Mouse\PyraMonitor.EXE [532480 2010-09-07] (ROCCAT)
HKLM-x32\...\Run: [RoccatKoneXTD] => C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\KoneXTDMonitor.EXE [552960 2013-10-25] (ROCCAT GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-733613913-2694496044-2789402938-1002\...\Run: [SteelSeries Engine] => C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe [242688 2013-11-05] (SteelSeries ApS)
HKU\S-1-5-21-733613913-2694496044-2789402938-1002\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [466656 2014-05-23] (Sony)
HKU\S-1-5-21-733613913-2694496044-2789402938-1002\...\MountPoints2: {e1ab55ea-6ae5-11e3-bec0-606c6661cf96} - "E:\Autorun.exe"
AppInit_DLLs-x32: �ȋ噎䵒 => "�ȋ噎䵒" File Not Found
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com
SearchScopes: HKLM - DefaultScope {DC765A5F-8B90-478A-8F2A-01DE14449712} URL =
SearchScopes: HKLM-x32 - DefaultScope {DC765A5F-8B90-478A-8F2A-01DE14449712} URL =
SearchScopes: HKCU - DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-733613913-2694496044-2789402938-1002: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR Profile: C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Angry Birds) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2013-08-21]
CHR Extension: (Beatlab) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\alnfdikmbdfgkcbdodjcbmedanjinmkk [2013-08-21]
CHR Extension: (Dokumenty Google) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-21]
CHR Extension: (Disk Google) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-21]
CHR Extension: (YouTube) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-21]
CHR Extension: (Spotify - Music for every moment) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2014-11-05]
CHR Extension: (Vyhledávání Google) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-21]
CHR Extension: (Lounge Assistant) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\enjonnlehciedbcidabdglnnihcncbml [2014-11-05]
CHR Extension: (Until AM Web App) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\kodigjkcpaoeodlnmcnekemakpnmegnk [2013-08-21]
CHR Extension: (Peněženka Google) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Gmail) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-21]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [182304 2014-11-07] (EasyAntiCheat Ltd)
R2 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [107944 2013-01-08] (Condusiv Technologies)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-12] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-02-09] ()
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-30] (NVIDIA Corporation)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3386608 2013-02-09] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1337216 2012-10-01] (Motorola Solutions, Inc.)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [26024 2013-01-08] (Condusiv Technologies)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [112552 2013-01-08] (Condusiv Technologies)
S3 GeneStor; C:\Windows\System32\drivers\GeneStor.sys [91368 2013-03-22] (GenesysLogic)
S3 ggsomc; C:\Windows\System32\drivers\ggsomc.sys [30424 2014-07-06] (Sony Mobile Communications)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-09-04] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8243272 2013-03-15] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-03-08] (Synaptics Incorporated)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
R3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-15 13:59 - 2014-11-15 13:59 - 00020666 _____ () C:\Users\Petr\Desktop\FRST.txt
2014-11-15 13:58 - 2014-11-15 13:59 - 00000000 ____D () C:\FRST
2014-11-15 13:58 - 2014-11-15 13:58 - 00112640 _____ (forum.viry.cz) C:\Users\Petr\Desktop\FRSTLauncher.exe
2014-11-15 13:57 - 2014-11-15 13:57 - 02116608 _____ (Farbar) C:\Users\Petr\Desktop\FRST64.exe
2014-11-15 13:41 - 2014-11-15 13:33 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2014-11-15 13:34 - 2014-11-15 13:48 - 00007823 _____ () C:\zoek-results.log
2014-11-15 13:33 - 2014-11-15 13:40 - 00000000 ____D () C:\zoek_backup
2014-11-15 13:33 - 2014-11-15 13:33 - 01294848 _____ () C:\Users\Petr\Desktop\zoek.exe
2014-11-15 13:26 - 2014-11-15 13:28 - 00000000 ____D () C:\AdwCleaner
2014-11-15 13:25 - 2014-11-15 13:25 - 04265850 _____ () C:\Users\Petr\Desktop\zoek.rar
2014-11-15 13:25 - 2014-11-15 13:25 - 02140160 _____ () C:\Users\Petr\Desktop\adwcleaner_4.101.exe
2014-11-15 12:49 - 2014-11-15 12:50 - 00000000 ____D () C:\rsit
2014-11-15 12:49 - 2014-11-15 12:50 - 00000000 ____D () C:\Program Files\trend micro
2014-11-14 17:16 - 2014-11-07 15:37 - 00182304 _____ (EasyAntiCheat Ltd) C:\WINDOWS\SysWOW64\EasyAntiCheat.exe
2014-11-13 16:30 - 2014-11-13 16:30 - 00000000 __SHD () C:\Users\Petr\AppData\Local\EmieBrowserModeList
2014-11-12 18:19 - 2014-09-22 05:38 - 01519488 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2014-11-12 18:19 - 2014-09-22 04:06 - 00258368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-11-12 18:19 - 2014-09-22 04:06 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-11-12 18:19 - 2014-09-22 03:49 - 00035320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-11-12 18:19 - 2014-09-19 01:16 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2014-11-12 18:19 - 2014-09-02 23:08 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2014-11-12 18:19 - 2014-09-02 23:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2014-11-12 18:16 - 2014-10-13 03:33 - 00116032 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2014-11-12 18:16 - 2014-10-11 01:58 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-11-12 18:16 - 2014-10-11 01:53 - 03607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-11-12 18:16 - 2014-10-08 08:30 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2014-11-12 18:16 - 2014-10-08 08:09 - 00428032 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2014-11-12 18:16 - 2014-10-08 07:27 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
2014-11-12 18:16 - 2014-10-08 06:32 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-11-12 18:16 - 2014-10-08 06:19 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-11-12 08:38 - 2014-10-31 06:28 - 25110016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-11-12 08:38 - 2014-10-31 04:42 - 19781632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-11-12 08:37 - 2014-10-31 06:12 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wextract.exe
2014-11-12 08:37 - 2014-10-31 06:12 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshta.exe
2014-11-12 08:37 - 2014-10-31 06:10 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iexpress.exe
2014-11-12 08:37 - 2014-10-31 06:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pngfilt.dll
2014-11-12 08:37 - 2014-10-31 06:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe
2014-11-12 08:37 - 2014-10-31 06:06 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-11-12 08:37 - 2014-10-31 06:06 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2014-11-12 08:37 - 2014-10-31 06:06 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-11-12 08:37 - 2014-10-31 06:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-11-12 08:37 - 2014-10-31 06:05 - 02884096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-11-12 08:37 - 2014-10-31 06:05 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-11-12 08:37 - 2014-10-31 06:04 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-11-12 08:37 - 2014-10-31 05:57 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-11-12 08:37 - 2014-10-31 05:56 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-11-12 08:37 - 2014-10-31 05:54 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\IEAdvpack.dll
2014-11-12 08:37 - 2014-10-31 05:53 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2014-11-12 08:37 - 2014-10-31 05:52 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2014-11-12 08:37 - 2014-10-31 05:51 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-11-12 08:37 - 2014-10-31 05:51 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-11-12 08:37 - 2014-10-31 05:51 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-11-12 08:37 - 2014-10-31 05:50 - 06040064 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-11-12 08:37 - 2014-10-31 05:50 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-11-12 08:37 - 2014-10-31 05:40 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2014-11-12 08:37 - 2014-10-31 05:38 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-11-12 08:37 - 2014-10-31 05:30 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-11-12 08:37 - 2014-10-31 05:29 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2014-11-12 08:37 - 2014-10-31 05:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2014-11-12 08:37 - 2014-10-31 05:28 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2014-11-12 08:37 - 2014-10-31 05:25 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-11-12 08:37 - 2014-10-31 05:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-11-12 08:37 - 2014-10-31 05:24 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2014-11-12 08:37 - 2014-10-31 05:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-11-12 08:37 - 2014-10-31 05:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-11-12 08:37 - 2014-10-31 05:19 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2014-11-12 08:37 - 2014-10-31 05:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-11-12 08:37 - 2014-10-31 05:08 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-11-12 08:37 - 2014-10-31 05:06 - 00372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-11-12 08:37 - 2014-10-31 05:05 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-11-12 08:37 - 2014-10-31 05:05 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-11-12 08:37 - 2014-10-31 05:03 - 02124288 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-11-12 08:37 - 2014-10-31 04:59 - 14390272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-11-12 08:37 - 2014-10-31 04:45 - 02365440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-11-12 08:37 - 2014-10-31 04:44 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-11-12 08:37 - 2014-10-31 04:42 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\imgutil.dll
2014-11-12 08:37 - 2014-10-31 04:32 - 01550336 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-11-12 08:37 - 2014-10-31 04:28 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wextract.exe
2014-11-12 08:37 - 2014-10-31 04:28 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshta.exe
2014-11-12 08:37 - 2014-10-31 04:27 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iexpress.exe
2014-11-12 08:37 - 2014-10-31 04:26 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pngfilt.dll
2014-11-12 08:37 - 2014-10-31 04:25 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedssync.exe
2014-11-12 08:37 - 2014-10-31 04:24 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-11-12 08:37 - 2014-10-31 04:24 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\url.dll
2014-11-12 08:37 - 2014-10-31 04:24 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-11-12 08:37 - 2014-10-31 04:23 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-11-12 08:37 - 2014-10-31 04:23 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-11-12 08:37 - 2014-10-31 04:22 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-11-12 08:37 - 2014-10-31 04:20 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-11-12 08:37 - 2014-10-31 04:18 - 02277376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-11-12 08:37 - 2014-10-31 04:16 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-11-12 08:37 - 2014-10-31 04:15 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-11-12 08:37 - 2014-10-31 04:14 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IEAdvpack.dll
2014-11-12 08:37 - 2014-10-31 04:13 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2014-11-12 08:37 - 2014-10-31 04:13 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2014-11-12 08:37 - 2014-10-31 04:12 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-11-12 08:37 - 2014-10-31 04:12 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-11-12 08:37 - 2014-10-31 04:11 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-11-12 08:37 - 2014-10-31 04:03 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licmgr10.dll
2014-11-12 08:37 - 2014-10-31 04:02 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-11-12 08:37 - 2014-10-31 03:57 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 08:37 - 2014-10-31 03:56 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inseng.dll
2014-11-12 08:37 - 2014-10-31 03:56 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2014-11-12 08:37 - 2014-10-31 03:56 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2014-11-12 08:37 - 2014-10-31 03:53 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-11-12 08:37 - 2014-10-31 03:53 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedsbs.dll
2014-11-12 08:37 - 2014-10-31 03:52 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-11-12 08:37 - 2014-10-31 03:51 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-11-12 08:37 - 2014-10-31 03:50 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-11-12 08:37 - 2014-10-31 03:48 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\occache.dll
2014-11-12 08:37 - 2014-10-31 03:46 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-11-12 08:37 - 2014-10-31 03:46 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-11-12 08:37 - 2014-10-31 03:42 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-11-12 08:37 - 2014-10-31 03:40 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-11-12 08:37 - 2014-10-31 03:40 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-11-12 08:37 - 2014-10-31 03:39 - 02051072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-11-12 08:37 - 2014-10-31 03:30 - 12819456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-11-12 08:37 - 2014-10-31 03:26 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-11-12 08:37 - 2014-10-31 03:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imgutil.dll
2014-11-12 08:37 - 2014-10-31 03:17 - 01892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-11-12 08:37 - 2014-10-31 03:13 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-11-12 08:37 - 2014-10-31 03:11 - 00708096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-11-12 08:35 - 2014-10-10 02:58 - 00177472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2014-11-12 08:35 - 2014-10-10 02:58 - 00027456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2014-11-12 08:35 - 2014-10-10 02:44 - 00563976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-11-12 08:35 - 2014-10-08 08:37 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-11-12 08:35 - 2014-10-08 08:37 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2014-11-12 08:35 - 2014-10-08 08:34 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2014-11-12 08:35 - 2014-10-08 08:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll
2014-11-12 08:35 - 2014-10-08 07:56 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-11-12 08:35 - 2014-10-08 07:51 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-11-12 08:35 - 2014-10-08 07:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2014-11-12 08:35 - 2014-10-08 07:18 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-11-12 08:35 - 2014-10-08 07:17 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-11-12 08:35 - 2014-10-08 06:23 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2014-11-12 08:35 - 2014-09-27 08:13 - 00104336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2014-11-12 08:35 - 2014-09-27 06:24 - 00088800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2014-11-12 08:35 - 2014-09-27 04:38 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2014-11-12 08:35 - 2014-09-27 04:30 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2014-11-12 08:35 - 2014-09-27 04:17 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2014-11-12 08:34 - 2014-10-18 10:55 - 00055776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-11-12 08:34 - 2014-10-18 09:09 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-11-12 08:34 - 2014-10-18 09:09 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2014-11-12 08:34 - 2014-10-18 08:25 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-11-12 08:34 - 2014-10-18 07:50 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2014-11-12 08:34 - 2014-10-18 07:38 - 03557376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-11-12 08:34 - 2014-10-18 07:27 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-11-12 08:34 - 2014-10-18 07:26 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-11-12 08:34 - 2014-10-18 07:23 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-11-12 08:34 - 2014-10-18 07:23 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-11-12 08:34 - 2014-10-18 07:21 - 00894976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-11-12 08:34 - 2014-10-18 07:20 - 01714176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-11-12 08:34 - 2014-10-18 07:14 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-11-12 08:34 - 2014-10-18 07:14 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-11-12 08:34 - 2014-10-18 07:12 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-11-12 08:34 - 2014-10-18 07:11 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-11-12 08:34 - 2014-10-17 08:01 - 00789184 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2014-11-12 08:34 - 2014-10-17 07:58 - 00602768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2014-11-12 07:30 - 2014-10-23 06:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2014-11-12 07:30 - 2014-10-23 06:05 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
2014-11-12 07:30 - 2014-10-07 07:28 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2014-11-12 07:30 - 2014-10-07 07:27 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2014-11-12 07:30 - 2014-10-07 07:27 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2014-11-12 07:30 - 2014-10-07 07:27 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2014-11-12 07:30 - 2014-10-07 07:27 - 00108432 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2014-11-12 07:30 - 2014-10-07 04:34 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2014-11-12 07:30 - 2014-10-07 04:34 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2014-11-12 07:30 - 2014-10-07 04:33 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2014-11-12 07:30 - 2014-10-07 04:30 - 04182016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-11-12 07:30 - 2014-10-07 02:54 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2014-11-12 07:30 - 2014-10-07 02:46 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-11-12 07:30 - 2014-09-10 07:25 - 00474432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2014-11-12 07:30 - 2014-09-08 04:07 - 02497344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-11-12 07:30 - 2014-09-08 04:07 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-11-12 07:30 - 2014-09-04 23:30 - 00822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2014-11-12 07:30 - 2014-09-04 23:21 - 01053184 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-11-12 07:30 - 2014-09-04 04:05 - 00836176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2014-11-12 07:30 - 2014-09-04 03:22 - 00670384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2014-11-12 07:30 - 2014-09-04 02:01 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2014-11-12 07:30 - 2014-09-04 01:32 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2014-11-12 07:30 - 2014-08-31 01:17 - 00148800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2014-11-12 07:30 - 2014-08-31 01:15 - 21197152 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-11-12 07:30 - 2014-08-30 23:59 - 18723112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-11-12 07:30 - 2014-08-30 23:05 - 00615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSCOMEX.dll
2014-11-12 07:30 - 2014-08-30 22:58 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSAPI.dll
2014-11-12 07:30 - 2014-08-30 22:04 - 00941568 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2014-11-12 07:30 - 2014-08-30 21:17 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2014-11-12 07:30 - 2014-08-28 03:55 - 07484224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-11-12 07:30 - 2014-08-28 01:21 - 02480128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2014-11-12 07:30 - 2014-08-28 01:06 - 02030592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2014-11-12 07:30 - 2014-08-23 06:18 - 02149376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2014-11-12 07:30 - 2014-08-23 06:14 - 13424128 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-11-12 07:30 - 2014-08-23 06:04 - 11820544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-11-12 07:30 - 2014-08-23 06:03 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2014-11-12 07:30 - 2014-08-23 05:50 - 02714112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2014-11-12 07:30 - 2014-08-02 01:51 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2014-11-12 07:30 - 2014-08-02 01:35 - 00485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2014-11-12 07:29 - 2014-09-07 23:08 - 00389176 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-11-12 07:29 - 2014-08-30 21:53 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSAPI.dll
2014-11-10 22:16 - 2014-11-14 15:59 - 00009731 _____ () C:\Users\Petr\Desktop\Příjmy a Výdaje.xlsx
2014-11-09 13:20 - 2014-11-09 13:20 - 00000000 ____D () C:\Users\Petr\AppData\Roaming\MPEG Streamclip
2014-11-09 13:19 - 2014-11-15 12:34 - 00054156 ____H () C:\WINDOWS\QTFont.qfn
2014-11-09 13:18 - 2014-11-09 13:18 - 12934148 _____ ( ) C:\Users\Petr\Downloads\quicktimealt181.exe
2014-11-09 13:14 - 2014-11-09 13:14 - 00554844 _____ () C:\Users\Petr\Downloads\MPEG_Streamclip_1.2.zip
2014-11-09 12:58 - 2014-11-09 12:58 - 00003194 _____ () C:\WINDOWS\System32\Tasks\{DDC12F1B-4D53-4F2B-93CB-25E6A3855FBB}
2014-11-09 12:47 - 2014-11-09 12:47 - 00000000 ____D () C:\Users\Petr\AppData\Local\Apple Computer
2014-11-09 12:43 - 2014-11-09 12:43 - 00000000 ____D () C:\Users\Petr\AppData\Local\Apple
2014-11-09 12:43 - 2014-11-09 12:43 - 00000000 ____D () C:\ProgramData\Apple
2014-11-09 12:34 - 2014-11-09 13:29 - 00000345 _____ () C:\Users\Petr\Documents\DesignLibrary_Photoshop.log
2014-11-09 12:33 - 2014-11-09 12:33 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-11-09 11:28 - 2014-11-11 20:31 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-11-09 11:22 - 2014-11-09 11:22 - 00000000 ___RD () C:\Users\Petr\Creative Cloud Files
2014-11-08 09:53 - 1998-11-13 12:58 - 00307200 _____ (InstallShield Software Corporation) C:\WINDOWS\IsUn0405.exe
2014-11-07 22:41 - 2014-11-07 22:45 - 00014848 ___SH () C:\Users\Petr\Documents\Thumbs.db
2014-11-07 21:01 - 2014-11-09 14:06 - 00000000 ____D () C:\Users\Petr\Desktop\Bandicam
2014-11-07 21:01 - 2014-11-07 21:01 - 00000000 ____D () C:\Users\Petr\AppData\Roaming\BANDISOFT
2014-11-07 20:48 - 2014-11-07 20:48 - 00000000 ____D () C:\Users\Petr\AppData\Roaming\Publish Providers
2014-11-07 20:47 - 2014-11-15 12:32 - 00007650 _____ () C:\WINDOWS\system32\--traceoff
2014-11-07 20:47 - 2014-11-15 12:32 - 00000000 ____D () C:\Users\Petr\AppData\Local\Sony
2014-11-07 20:47 - 2014-11-07 20:47 - 00000000 _____ () C:\WINDOWS\system32\--debugoff
2014-11-07 20:46 - 2014-11-07 22:41 - 00000000 ____D () C:\Users\Petr\AppData\Roaming\Sony
2014-11-05 18:22 - 2014-11-15 12:35 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-11-05 18:22 - 2014-11-11 20:32 - 00000000 ____D () C:\ProgramData\Adobe
2014-11-05 18:22 - 2014-11-11 20:29 - 00000000 ____D () C:\Users\Petr\AppData\Local\Adobe
2014-11-05 18:22 - 2014-11-05 18:25 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-11-05 18:22 - 2014-11-05 18:22 - 00002050 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-11-04 18:30 - 2014-11-05 20:56 - 00000467 _____ () C:\Users\Petr\Desktop\Vánoce_seznam 2014.txt
2014-11-02 21:34 - 2014-11-02 21:34 - 00000000 ____D () C:\Users\Petr\Desktop\Geography
2014-11-02 11:19 - 2014-11-02 11:19 - 00000222 _____ () C:\Users\Petr\Desktop\Evolve.url
2014-10-21 18:19 - 2014-10-21 18:19 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-10-21 18:19 - 2014-10-21 18:19 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-10-21 18:19 - 2014-10-21 18:19 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-10-21 18:19 - 2014-10-21 18:19 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-10-21 18:19 - 2014-10-21 18:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-21 18:19 - 2014-10-21 18:19 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-20 17:09 - 2014-10-20 17:09 - 00000000 ____D () C:\Users\Petr\AppData\Roaming\.mono

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-15 13:59 - 2014-09-03 20:18 - 00004982 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for Petr-gaming-Petr Petr-gaming
2014-11-15 13:59 - 2013-11-12 15:49 - 01360974 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-15 13:55 - 2013-11-12 16:07 - 01749406 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-11-15 13:55 - 2013-09-30 04:56 - 00740962 _____ () C:\WINDOWS\system32\perfh005.dat
2014-11-15 13:55 - 2013-09-30 04:56 - 00152146 _____ () C:\WINDOWS\system32\perfc005.dat
2014-11-15 13:48 - 2013-08-21 15:23 - 00000980 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-15 13:47 - 2013-09-29 20:01 - 00025690 _____ () C:\WINDOWS\PFRO.log
2014-11-15 13:47 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-15 13:47 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-11-15 13:47 - 2013-08-11 19:31 - 00000442 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.ics
2014-11-15 13:47 - 2013-05-29 21:18 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-15 13:46 - 2013-07-09 06:02 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-733613913-2694496044-2789402938-1002
2014-11-15 13:40 - 2014-01-05 19:38 - 00000000 ____D () C:\Users\Petr\AppData\Local\Comodo
2014-11-15 13:40 - 2014-01-05 19:38 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-11-15 13:40 - 2014-01-05 19:38 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-11-15 13:40 - 2014-01-05 19:38 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-11-15 13:40 - 2014-01-05 19:38 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-11-15 13:40 - 2014-01-05 19:38 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-11-15 13:40 - 2014-01-05 19:38 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-11-15 13:40 - 2013-08-21 15:23 - 00000000 ____D () C:\Users\Petr\AppData\Local\Google
2014-11-15 13:31 - 2013-05-29 21:55 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Lenovo
2014-11-15 13:24 - 2013-12-13 11:18 - 00000000 ____D () C:\Users\Petr\AppData\Local\Battle.net
2014-11-15 13:23 - 2013-07-08 19:28 - 00007629 _____ () C:\Users\Petr\AppData\Local\resmon.resmoncfg
2014-11-15 13:16 - 2013-08-21 15:23 - 00000984 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-15 13:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-11-15 12:35 - 2013-07-09 04:48 - 00000000 ____D () C:\Users\Petr\AppData\Roaming\Adobe
2014-11-15 12:32 - 2014-07-06 17:54 - 00000000 ____D () C:\ProgramData\Sony
2014-11-15 12:32 - 2014-07-06 17:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2014-11-15 12:32 - 2014-07-06 17:54 - 00000000 ____D () C:\Program Files (x86)\Sony
2014-11-15 09:52 - 2013-07-09 06:02 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-11-15 09:50 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-11-14 17:18 - 2013-07-10 06:59 - 00000541 _____ () C:\Users\Petr\Desktop\Hesla.txt
2014-11-13 21:11 - 2013-08-21 15:23 - 00003956 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-13 21:11 - 2013-08-21 15:23 - 00003720 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-13 18:42 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-11-13 16:57 - 2013-12-13 11:18 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-11-13 16:29 - 2013-12-13 11:19 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-11-13 07:29 - 2013-11-12 16:16 - 00000000 ___RD () C:\Users\Petr\SkyDrive
2014-11-13 07:27 - 2013-08-22 15:44 - 00482280 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-11-12 22:28 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-11-12 22:28 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-11-12 22:28 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-12 22:28 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-12 22:28 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-11-12 22:28 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-11-12 18:40 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-11-12 18:36 - 2013-08-12 18:10 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-11-12 18:32 - 2013-07-08 20:45 - 103374192 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-11-12 08:34 - 2013-09-04 17:34 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-11-11 20:31 - 2013-07-09 06:26 - 00000000 ____D () C:\Program Files (x86)\ROCCAT
2014-11-11 20:30 - 2013-07-09 06:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ROCCAT
2014-11-11 09:25 - 2013-07-09 04:47 - 00000000 ____D () C:\Users\Petr\AppData\Local\Packages
2014-11-10 22:09 - 2013-09-03 14:54 - 00000000 ____D () C:\Users\Petr\Desktop\Random shit
2014-11-10 19:51 - 2013-08-12 15:32 - 00735744 ___SH () C:\Users\Petr\Desktop\Thumbs.db
2014-11-09 13:20 - 2013-07-09 04:47 - 00000000 ____D () C:\Users\Petr\AppData\Local\VirtualStore
2014-11-09 12:30 - 2013-09-22 11:04 - 00000000 ____D () C:\Users\Petr\AppData\Roaming\vlc
2014-11-09 11:22 - 2013-11-12 15:55 - 00000000 ____D () C:\Users\Petr
2014-11-09 10:52 - 2014-05-23 18:14 - 00000000 ____D () C:\Users\Petr\AppData\Roaming\TS3Client
2014-11-07 20:48 - 2013-08-22 15:46 - 00344453 _____ () C:\WINDOWS\setupact.log
2014-11-02 21:15 - 2014-02-11 20:08 - 00000000 ____D () C:\Users\Petr\Desktop\English as Second Language
2014-11-02 11:19 - 2013-07-09 06:07 - 00000000 ____D () C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-10-30 20:10 - 2013-08-21 15:23 - 00002214 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-30 12:25 - 2013-08-18 16:32 - 00275080 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-10-30 01:55 - 2013-08-22 16:38 - 00714208 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-10-30 01:55 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-23 14:56 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-10-21 18:19 - 2014-10-09 20:54 - 00000000 ____D () C:\ProgramData\Oracle

Files to move or delete:
====================
C:\ProgramData\Lenovo-404.vbs
C:\ProgramData\Lenovo-459.vbs


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-15 13:46




===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: (Windows8_OS) (Fixed) (Total:883.84 GB) (Free:510.8 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.06 GB) NTFS

Available physical RAM: 13155.73 MB
Total physical RAM: 16178.27 MB
Percentage of memory in use: 18%

==================== MBR and Partition Table ==================

Gun Monkeys (HKLM-x32\...\Steam App 239450) (Version: - Size Five Games)
Disk: 0 (Size: 22.4 GB) (Disk ID: FB16C211)
Disk: 1 (Size: 931.5 GB) (Disk ID: FB16C210)

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\WINDOWS\system32\Drivers\btmhsf.sys:Microsoft_Appcompat_ReinstallUpgrade
AlternateDataStreams: C:\Users\Petr\SkyDrive:ms-properties

==================== Security Center ==================

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Petr\Desktop" je 20766 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
FRST log:


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Re: Zpomalení internetu (střídavé) podezření na trojana.

Napsal: 15 lis 2014 14:01
od Pepathepig
Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-11-2014
Ran by Petr at 2014-11-15 13:59:56
Running from C:\Users\Petr\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader XI (11.0.09) - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Aktualizace NVIDIA 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
Assassin's Creed Revelations 1.02 (HKLM-x32\...\{33A22B2D-55BA-4508-B767-BF2E9C21A73F}) (Version: 1.02 - Ubisoft)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.3.2.3825 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.5.1 - EA Digital Illusions CE AB)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Crysis®3 (HKLM-x32\...\{4198AE83-A3C6-4C41-85C8-EC63E990696E}) (Version: 1.0.0.0 - Electronic Arts)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dawngate (HKLM-x32\...\{1330926C-251C-414E-A681-F8CEF84899BC}) (Version: 182.23.92.0 - Electronic Arts, Inc.)
DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive)
Dead Space (HKLM-x32\...\{6E6F22D7-8AD6-4A87-9A47-733E6E996F50}) (Version: 1.0.0.222 - Electronic Arts)
Dino D-Day (HKLM-x32\...\Steam App 70000) (Version: - 800 North and Digital Ranch)
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve )
Dota 2 Test (HKLM-x32\...\Steam App 205790) (Version: - )
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.4 - Lenovo)
Energy Management (x32 Version: 8.0.2.4 - Lenovo) Hidden
Evolve (HKLM-x32\...\Steam App 273350) (Version: - Turtle Rock Studios)
ExpressCache (HKLM\...\{C123584F-9C84-45E8-AE5F-522328BB79A0}) (Version: 1.0.100.0 - Condusiv Technologies)
FIFA 11 (HKLM-x32\...\{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}) (Version: 1.0.0.0 - Electronic Arts)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Garry)
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.0.3 - Genesys Logic)
Goat Simulator (HKLM-x32\...\Steam App 265930) (Version: - Coffee Stain Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GTR Evolution (HKLM-x32\...\Steam App 8660) (Version: - SimBin)
Gun Monkeys (HKLM-x32\...\Steam App 239450) (Version: - Size Five Games)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{DA2600C1-6BDF-4FD1-8F3D-148929CC1385}) (Version: 2.6.1210.0278 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{fad118b4-798f-4755-9e67-a622eec95b62}) (Version: 15.6.1 - Intel Corporation)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10223 - Realtek Semiconductor Corp.)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1219 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.1219 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4331.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4331.52 - CyberLink Corp.) Hidden
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3423 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3423 - CyberLink Corp.) Hidden
Mass Effect™ 3 (HKLM-x32\...\{534A31BD-20F4-46b0-85CE-09778379663C}) (Version: 1.05.0.0 - Electronic Arts)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - cs-cz (HKLM\...\ProPlusRetail - cs-cz) (Version: 15.0.4667.1002 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{4E968D9C-21A7-4915-B698-F7AEB913541D}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{2A2F3AE8-246A-4252-BB26-1BEB45627074}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft Visual Basic 2010 Express - ENU (HKLM-x32\...\Microsoft Visual Basic 2010 Express - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319 (HKLM\...\{94D70749-4281-39AC-AD90-B56A0E0A402E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.30319 - Microsoft Corporation)
Mirror's Edge (HKLM-x32\...\Steam App 17410) (Version: - DICE)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
NVIDIA GeForce Experience 2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1 - NVIDIA Corporation)
NVIDIA Ovladač 3D Vision 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Onekey Theater (HKLM-x32\...\{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}) (Version: 3.0.1.0 - Lenovo)
Origin (HKLM-x32\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.)
Ovládací panel NVIDIA 337.88 (Version: 337.88 - NVIDIA Corporation) Hidden
Password and PIN generator (HKU\S-1-5-21-733613913-2694496044-2789402938-1002\...\3169a5c80912caf8) (Version: 1.0.0.4 - Password and PIN generator)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)
Peggle (HKLM-x32\...\{715AD72D-887A-459E-988B-D4F3E87FA24B}) (Version: 1.04.0.0 - PopCap Games)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Plants vs. Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
Python 3.3.2 (64-bit) (HKLM\...\{9fa9a2a6-19e4-381a-8af3-f8cf12f0dcf0}) (Version: 3.3.2150 - Python Software Foundation)
Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.12 - Qualcomm Atheros Communications Inc.)
RACE 07 (HKLM-x32\...\Steam App 8600) (Version: - SimBin)
RaceRoom Racing Experience (HKLM-x32\...\Steam App 211500) (Version: - SimBin Studios AB)
Really Big Sky (HKLM-x32\...\Steam App 201570) (Version: - Boss Baddie)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6833 - Realtek Semiconductor Corp.)
RIDGE RACER™ Driftopia (HKLM-x32\...\Steam App 226410) (Version: - BUGBEAR)
Rising Storm/Red Orchestra 2 Multiplayer (HKLM-x32\...\Steam App 35450) (Version: - Tripwire Interactive)
Robocraft (HKLM-x32\...\Steam App 301520) (Version: - Freejam)
ROCCAT Isku Keyboard Driver (HKLM-x32\...\{4ABAF918-A6BD-43D8-AE0B-5292034B14CB}) (Version: - Roccat GmbH)
ROCCAT Kone XTD Mouse Driver (HKLM-x32\...\{7133137D-DF48-4522-AD88-13C82B7D0A63}) (Version: - Roccat GmbH)
ROCCAT Pyra Mouse Driver (HKLM-x32\...\{918F769E-02E8-44EC-8373-4888B23B2492}) (Version: - Roccat GmbH)
ROCCAT Talk Driver (HKLM-x32\...\{0B2044E4-B4A7-4413-ABB1-99E04C7DF405}) (Version: - Roccat GmbH)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 2.1.214 - NVIDIA Corporation) Hidden
Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version: - Rebellion)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.14.9.201406230908 - Sony Mobile Communications AB)
Sony PC Companion 2.10.211 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.211 - Sony)
SpaceChem (HKLM-x32\...\Steam App 92800) (Version: - Zachtronics)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SteelSeries Engine (HKLM\...\SteelSeries Engine) (Version: 2.8.171.34768 - SteelSeries)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.4.1.0 - Synaptics Incorporated)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
The Mighty Quest For Epic Loot (HKLM-x32\...\Steam App 239220) (Version: - Ubisoft Montreal)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo)
UserGuide (x32 Version: 1.0.0.9 - Lenovo) Hidden
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN)
Windows Driver Package - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-733613913-2694496044-2789402938-1002_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb64.dll No File

==================== Restore Points =========================

11-11-2014 19:22:23 Removed XSplit Broadcaster
15-11-2014 11:28:53 Removed Vegas Pro 13.0 (64-bit)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2014-11-15 13:34 - 00000753 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {27E7430A-BE32-442A-B230-BBEB2A717DF0} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-03-08] (Synaptics Incorporated)
Task: {57B41498-99CC-46C6-837E-3DF8D942A461} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-21] (Google Inc.)
Task: {72D9B3E8-AAED-4167-9168-9A8E73D18A81} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-11-12] (Microsoft Corporation)
Task: {7E51D36C-4B86-40A6-9D8F-0AA719CF530A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-21] (Google Inc.)
Task: {8BACF5BD-06EC-4DFD-A795-13A15986C742} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-10-07] (Microsoft Corporation)
Task: {8FD7E758-DAF9-4EBB-9F1B-7507D0BD1482} - System32\Tasks\Lenovo\Lenovo-404 => C:\ProgramData\Lenovo-404.vbs [2013-05-29] ()
Task: {92FA0687-C39B-47DB-90EB-FDEED9D976D6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation)
Task: {B96E126B-67BD-4190-9E73-E6151A7FF53D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation)
Task: {BE16662E-5438-497F-A325-54B5697C115E} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {C846E2DE-9E8E-4CE6-A7B7-D58CA08D2C1C} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {D990C611-C500-4AE3-9612-51B8743FFC7E} - System32\Tasks\Lenovo\Lenovo-459 => C:\ProgramData\Lenovo-459.vbs [2013-05-29] ()
Task: {DD2769F5-504B-4F47-80C8-AF844BE82532} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Petr-gaming-Petr Petr-gaming => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-09-23] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (whitelisted) =============

2013-11-12 15:49 - 2014-05-20 02:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-03-15 11:05 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-05-29 21:41 - 2013-03-14 10:46 - 00040960 _____ () C:\Windows\SysWOW64\UMonit64.exe
2013-11-05 18:19 - 2013-11-05 18:19 - 00708096 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SSEngineLib.dll
2013-11-05 18:19 - 2013-11-05 18:19 - 00175104 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\DBUtils.dll
2014-11-15 13:49 - 2014-11-15 13:49 - 00089915 _____ () C:\Users\Petr\AppData\Local\Temp\10d2ca4a-28d7-4d81-8c1e-dc42bb6c83fc\CliSecureRT64.dll
2013-11-05 18:19 - 2013-11-05 18:19 - 00280064 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\DriverCommunication.dll
2013-11-05 18:19 - 2013-11-05 18:19 - 00139776 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\ISSPlugin.dll
2013-11-05 18:19 - 2013-11-05 18:19 - 00148480 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\Localization.dll
2013-11-05 18:19 - 2013-11-05 18:19 - 00145408 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\Utilities.dll
2013-01-10 06:46 - 2013-01-10 06:46 - 00047616 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesDrivers\x2api.dll
2013-11-05 18:19 - 2013-11-05 18:19 - 09562112 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SSEngineWinGui.dll
2013-01-10 06:46 - 2013-01-10 06:46 - 01102336 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\System.Data.SQLite.dll
2013-11-05 18:19 - 2013-11-05 18:19 - 00209408 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\CustomWPFColorPicker.dll
2013-11-05 18:19 - 2013-11-05 18:19 - 00349696 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\MousePlugin.dll
2013-11-05 18:19 - 2013-11-05 18:19 - 00171008 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\D3MousePlugin.dll
2013-11-05 18:19 - 2013-11-05 18:19 - 00173056 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\KKMousePlugin.dll
2013-11-05 18:19 - 2013-11-05 18:19 - 00171008 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SRawPlugin.dll
2013-11-05 18:19 - 2013-11-05 18:19 - 00307200 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\MLGSenseiPlugin.dll
2013-11-05 18:19 - 2013-11-05 18:19 - 00154624 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\WoWGoldPlugin.dll
2013-11-05 18:19 - 2013-11-05 18:19 - 00170496 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\GW2MousePlugin.dll
2013-11-05 18:19 - 2013-11-05 18:19 - 00169472 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\CSGOMousePlugin.dll
2013-11-05 18:19 - 2013-11-05 18:19 - 00169984 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\DOTA2MousePlugin.dll
2013-11-05 18:19 - 2013-11-05 18:19 - 00157184 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\WoWWirelessPlugin.dll
2013-11-05 18:19 - 2013-11-05 18:19 - 00170496 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\CODMousePlugin.dll
2013-11-05 18:19 - 2013-11-05 18:19 - 00169984 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\WoTMousePlugin.dll
2013-07-08 18:06 - 2010-11-04 10:48 - 00061440 _____ () C:\Program Files (x86)\ROCCAT\Isku Keyboard\hiddriver.dll
2014-03-07 17:11 - 2009-10-31 07:13 - 00061440 _____ () C:\Program Files (x86)\ROCCAT\Pyra Mouse\hiddriver.dll
2014-03-25 18:02 - 2012-06-17 11:20 - 00061440 _____ () C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\hiddriver.dll
2013-05-29 21:27 - 2013-03-12 21:19 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\Drivers\btmhsf.sys:Microsoft_Appcompat_ReinstallUpgrade
AlternateDataStreams: C:\Users\Petr\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "BTMTrayAgent"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "YouCam Tray"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKCU\...\StartupApproved\Run: => "Steam"
HKCU\...\StartupApproved\Run: => "Sony PC Companion"

========================= Accounts: ==========================

Administrator (S-1-5-21-733613913-2694496044-2789402938-500 - Administrator - Disabled)
Guest (S-1-5-21-733613913-2694496044-2789402938-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-733613913-2694496044-2789402938-1008 - Limited - Enabled)
Petr (S-1-5-21-733613913-2694496044-2789402938-1002 - Administrator - Enabled) => C:\Users\Petr
Táta (S-1-5-21-733613913-2694496044-2789402938-1009 - Limited - Enabled) => C:\Users\Táta

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/15/2014 01:46:20 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Generování kontextu aktivace pro UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1 se nezdařilo. Chyba v souboru manifestu nebo zásady UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2 na řádku UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Identita komponenty nalezená v manifestu nesouhlasí s identitou požadované komponenty.
Odkaz je UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definice je UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (11/15/2014 00:35:30 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Generování kontextu aktivace pro C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1 se nezdařilo. Chyba v souboru manifestu nebo zásad C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2 na řádku C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
Verze součásti požadovaná aplikací je v konfliktu s jinou verzí součásti, která je již aktivní.
Konfliktní součásti:
Součást 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Součást 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

Error: (11/15/2014 00:35:30 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Generování kontextu aktivace pro C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1 se nezdařilo. Chyba v souboru manifestu nebo zásad C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2 na řádku C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
Verze součásti požadovaná aplikací je v konfliktu s jinou verzí součásti, která je již aktivní.
Konfliktní součásti:
Součást 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Součást 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

Error: (11/15/2014 11:22:35 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program backgroundTaskHost.exe verze 6.3.9600.16384 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: 30e0

Čas spuštění: 01d000bd5c21414f

Čas ukončení: 4294967295

Cesta k aplikaci: C:\WINDOWS\system32\backgroundTaskHost.exe

ID hlášení: 4fcc45fe-6cb1-11e4-bf06-606c6661cf96

Úplný název chybujícího balíčku: C59AD0AF.LenovoCloudStorageBySugarSync_1.3.0.889_neutral__m3tnjedffpfhj

ID aplikace související s chybujícím balíčkem: App

Error: (11/15/2014 11:21:11 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Generování kontextu aktivace pro C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1 se nezdařilo. Chyba v souboru manifestu nebo zásad C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2 na řádku C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
Verze součásti požadovaná aplikací je v konfliktu s jinou verzí součásti, která je již aktivní.
Konfliktní součásti:
Součást 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Součást 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

Error: (11/15/2014 11:21:09 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Generování kontextu aktivace pro UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1 se nezdařilo. Chyba v souboru manifestu nebo zásady UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2 na řádku UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Identita komponenty nalezená v manifestu nesouhlasí s identitou požadované komponenty.
Odkaz je UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definice je UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (11/15/2014 11:13:35 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Generování kontextu aktivace pro C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1 se nezdařilo. Chyba v souboru manifestu nebo zásad C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2 na řádku C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
Verze součásti požadovaná aplikací je v konfliktu s jinou verzí součásti, která je již aktivní.
Konfliktní součásti:
Součást 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Součást 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

Error: (11/15/2014 11:13:03 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Generování kontextu aktivace pro UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1 se nezdařilo. Chyba v souboru manifestu nebo zásady UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2 na řádku UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Identita komponenty nalezená v manifestu nesouhlasí s identitou požadované komponenty.
Odkaz je UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definice je UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (11/15/2014 09:53:59 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program backgroundTaskHost.exe verze 6.3.9600.16384 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: 1c68

Čas spuštění: 01d000b0fbd80969

Čas ukončení: 4294967295

Cesta k aplikaci: C:\WINDOWS\system32\backgroundTaskHost.exe

ID hlášení: efa1ebf2-6ca4-11e4-bf06-606c6661cf96

Úplný název chybujícího balíčku: C59AD0AF.LenovoCloudStorageBySugarSync_1.3.0.889_neutral__m3tnjedffpfhj

ID aplikace související s chybujícím balíčkem: App

Error: (11/14/2014 08:27:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program backgroundTaskHost.exe verze 6.3.9600.16384 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: 4a9c

Čas spuštění: 01d0004040c77868

Čas ukončení: 4294967295

Cesta k aplikaci: C:\WINDOWS\system32\backgroundTaskHost.exe

ID hlášení: 35752e44-6c34-11e4-bf06-606c6661cf96

Úplný název chybujícího balíčku: C59AD0AF.LenovoCloudStorageBySugarSync_1.3.0.889_neutral__m3tnjedffpfhj

ID aplikace související s chybujícím balíčkem: App


System errors:
=============
Error: (11/15/2014 01:47:54 PM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: 192.168.2.109192.168.137.0255.255.255.0

Error: (11/15/2014 01:47:54 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:

Error: (11/15/2014 01:47:54 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:

Error: (11/15/2014 01:47:54 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:

Error: (11/15/2014 01:40:42 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (11/15/2014 01:40:41 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (11/15/2014 01:40:41 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (11/15/2014 01:40:41 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (11/15/2014 01:40:41 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (11/15/2014 01:29:14 PM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: 192.168.2.109192.168.137.0255.255.255.0


Microsoft Office Sessions:
=========================
Error: (11/15/2014 01:46:20 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1

Error: (11/15/2014 00:35:30 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\Creative Cloud Uninstaller.exe

Error: (11/15/2014 00:35:30 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\Creative Cloud Uninstaller.exe

Error: (11/15/2014 11:22:35 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.1638430e001d000bd5c21414f4294967295C:\WINDOWS\system32\backgroundTaskHost.exe4fcc45fe-6cb1-11e4-bf06-606c6661cf96C59AD0AF.LenovoCloudStorageBySugarSync_1.3.0.889_neutral__m3tnjedffpfhjApp

Error: (11/15/2014 11:21:11 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\Creative Cloud Uninstaller.exe

Error: (11/15/2014 11:21:09 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1

Error: (11/15/2014 11:13:35 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\Creative Cloud Uninstaller.exe

Error: (11/15/2014 11:13:03 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1

Error: (11/15/2014 09:53:59 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.163841c6801d000b0fbd809694294967295C:\WINDOWS\system32\backgroundTaskHost.exeefa1ebf2-6ca4-11e4-bf06-606c6661cf96C59AD0AF.LenovoCloudStorageBySugarSync_1.3.0.889_neutral__m3tnjedffpfhjApp

Error: (11/14/2014 08:27:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.163844a9c01d0004040c778684294967295C:\WINDOWS\system32\backgroundTaskHost.exe35752e44-6c34-11e4-bf06-606c6661cf96C59AD0AF.LenovoCloudStorageBySugarSync_1.3.0.889_neutral__m3tnjedffpfhjApp


CodeIntegrity Errors:
===================================
Date: 2014-11-14 18:26:11.132
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-11-13 16:14:22.165
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-11-13 16:03:17.128
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-11-13 15:52:05.097
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-11-13 15:48:50.433
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-11-12 19:08:30.018
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-11-12 18:46:22.963
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-11-12 18:35:45.405
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-11-12 18:24:24.726
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-11-12 18:19:00.974
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4700MQ CPU @ 2.40GHz
Percentage of memory in use: 18%
Total physical RAM: 16178.27 MB
Available physical RAM: 13155.73 MB
Total Pagefile: 18610.27 MB
Available Pagefile: 15489.63 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:883.84 GB) (Free:510.8 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 22.4 GB) (Disk ID: FB16C211)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: FB16C210)

Partition: GPT Partition Type.

==================== End Of Log ============================

Re: Zpomalení internetu (střídavé) podezření na trojana.

Napsal: 15 lis 2014 14:11
od altrok
:arrow: Velikost plochy by nemela presahovat 200 MB. Snizuje se pak start i samotny beh OS.

:arrow: Po aplikovani fixlistu sledujte stav PC.
  • Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
  • ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
  • znovu spustte FRST a kliknete na Fix
  • po restartu na Vas vyskoci fixlog (pripadne bude ulozen na Plose), jehoz obsah mi vlozte do pristi odpovedi

    Kód: Vybrat vše

    Start
CloseProcesses:
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-30] (NVIDIA Corporation)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-19] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-733613913-2694496044-2789402938-1002\...\MountPoints2: {e1ab55ea-6ae5-11e3-bec0-606c6661cf96} - "E:\Autorun.exe" 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com
SearchScopes: HKLM - DefaultScope {DC765A5F-8B90-478A-8F2A-01DE14449712} URL =
SearchScopes: HKLM-x32 - DefaultScope {DC765A5F-8B90-478A-8F2A-01DE14449712} URL =
SearchScopes: HKCU - DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
CHR Extension: (Beatlab) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\alnfdikmbdfgkcbdodjcbmedanjinmkk [2013-08-21]
2014-11-15 13:41 - 2014-11-15 13:33 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2014-11-15 13:34 - 2014-11-15 13:48 - 00007823 _____ () C:\zoek-results.log
2014-11-15 13:33 - 2014-11-15 13:40 - 00000000 ____D () C:\zoek_backup
2014-11-15 13:33 - 2014-11-15 13:33 - 01294848 _____ () C:\Users\Petr\Desktop\zoek.exe
2014-11-15 13:25 - 2014-11-15 13:25 - 04265850 _____ () C:\Users\Petr\Desktop\zoek.rar
2014-11-15 12:49 - 2014-11-15 12:50 - 00000000 ____D () C:\Program Files\trend micro
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
AlternateDataStreams: C:\WINDOWS\system32\Drivers\btmhsf.sys:Microsoft_Appcompat_ReinstallUpgrade
Hosts:
EmptyTemp:
End

Re: Zpomalení internetu (střídavé) podezření na trojana.

Napsal: 15 lis 2014 14:16
od Pepathepig
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-11-2014
Ran by Petr at 2014-11-15 14:14:58 Run:1
Running from C:\Users\Petr\Desktop
Loaded Profiles: Petr (Available profiles: Petr & Táta)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-30] (NVIDIA Corporation)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-19] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-733613913-2694496044-2789402938-1002\...\MountPoints2: {e1ab55ea-6ae5-11e3-bec0-606c6661cf96} - "E:\Autorun.exe"
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com
SearchScopes: HKLM - DefaultScope {DC765A5F-8B90-478A-8F2A-01DE14449712} URL =
SearchScopes: HKLM-x32 - DefaultScope {DC765A5F-8B90-478A-8F2A-01DE14449712} URL =
SearchScopes: HKCU - DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
CHR Extension: (Beatlab) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\alnfdikmbdfgkcbdodjcbmedanjinmkk [2013-08-21]
2014-11-15 13:41 - 2014-11-15 13:33 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2014-11-15 13:34 - 2014-11-15 13:48 - 00007823 _____ () C:\zoek-results.log
2014-11-15 13:33 - 2014-11-15 13:40 - 00000000 ____D () C:\zoek_backup
2014-11-15 13:33 - 2014-11-15 13:33 - 01294848 _____ () C:\Users\Petr\Desktop\zoek.exe
2014-11-15 13:25 - 2014-11-15 13:25 - 04265850 _____ () C:\Users\Petr\Desktop\zoek.rar
2014-11-15 12:49 - 2014-11-15 12:50 - 00000000 ____D () C:\Program Files\trend micro
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
AlternateDataStreams: C:\WINDOWS\system32\Drivers\btmhsf.sys:Microsoft_Appcompat_ReinstallUpgrade
Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Nvtmru => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\NvBackend => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\UpdateP2GShortCut => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => value deleted successfully.
"HKU\S-1-5-21-733613913-2694496044-2789402938-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e1ab55ea-6ae5-11e3-bec0-606c6661cf96}" => Key deleted successfully.
"HKCR\CLSID\{e1ab55ea-6ae5-11e3-bec0-606c6661cf96}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}" => Key deleted successfully.
"HKCR\CLSID\{012E1000-F331-11DB-8314-0800200C9A66}" => Key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@esn/npbattlelog,version=2.3.1" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully.
HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\msktbird@mcafee.com => value deleted successfully.
C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\alnfdikmbdfgkcbdodjcbmedanjinmkk => Moved successfully.
C:\WINDOWS\zoek-delete.exe => Moved successfully.
C:\zoek-results.log => Moved successfully.
C:\zoek_backup => Moved successfully.
C:\Users\Petr\Desktop\zoek.exe => Moved successfully.
C:\Users\Petr\Desktop\zoek.rar => Moved successfully.
C:\Program Files\trend micro => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\WINDOWS\system32\Drivers\btmhsf.sys => ":Microsoft_Appcompat_ReinstallUpgrade" ADS removed successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 292.4 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

Re: Zpomalení internetu (střídavé) podezření na trojana.

Napsal: 15 lis 2014 14:21
od altrok
:arrow: Sledujte stav PC a dejte vedet, zda problemy pretrvavaji.

Re: Zpomalení internetu (střídavé) podezření na trojana.

Napsal: 15 lis 2014 14:23
od Pepathepig
Děkuji za pomoc, kdyžtak se ještě ozvu. Problémy byly hlavně o večerech a brzo ráno, zkusím to tedy zkontrolovat.

Re: Zpomalení internetu (střídavé) podezření na trojana.

Napsal: 15 lis 2014 14:26
od altrok
  • Ulozte na plochu OTM - http://oldtimer.geekstogo.com/OTM.exe
  • ukoncete vsechny programy
  • kliknete pravym na ikonu OTM.exe a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
  • obsah bileho pole zkopirujte do leveho okna OTM a kliknete na MoveIt!
  • po restartu vlozte log, ktery bude v C:\_OTM\MovedFiles\mmddyyyy_hhmmss.log

Kód: Vybrat vše

:commands
[Purity]
[EmptyTemp]
[EmptyFlash]
[EmptyJava]
[ResetHosts]
[CreateRestorePoint]

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp /s

:reg
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""

Re: Zpomalení internetu (střídavé) podezření na trojana.

Napsal: 15 lis 2014 17:03
od Pepathepig
Log:


All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default.migrated

User: Guest

User: HomeGroupUser$

User: Petr
->Temp folder emptied: 1307288 bytes
->Temporary Internet Files folder emptied: 241829708 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 8970918 bytes
->Flash cache emptied: 497 bytes

User: Public

User: Táta
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1215404 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 242,00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default

User: Default User

User: Default.migrated

User: Guest

User: HomeGroupUser$

User: Petr
->Flash cache emptied: 0 bytes

User: Public

User: Táta
->Flash cache emptied: 0 bytes

User: UpdatusUser

Total Flash Files Cleaned = 0,00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Default

User: Default User

User: Default.migrated

User: Guest

User: HomeGroupUser$

User: Petr
->Java cache emptied: 0 bytes

User: Public

User: Táta

User: UpdatusUser

Total Java Files Cleaned = 0,00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTM Restore Point
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1EBF.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8AB6.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9EBC.tmp folder moved successfully.
C:\WINDOWS\Inf\Intel Storage Counters\tmp3D53.tmp moved successfully.
C:\WINDOWS\Inf\Intel Storage Counters\tmp3E10.tmp moved successfully.
C:\WINDOWS\Inf\Intel Storage Counters\tmpD180.tmp moved successfully.
C:\WINDOWS\Inf\Intel Storage Counters\tmpD191.tmp moved successfully.
C:\WINDOWS\Inf\Intel Storage Counters\0000\tmp3D53.tmp moved successfully.
C:\WINDOWS\Inf\Intel Storage Counters\0000\tmpD180.tmp moved successfully.
C:\WINDOWS\Inf\Intel Storage Counters\0005\tmp3D53.tmp moved successfully.
C:\WINDOWS\Inf\Intel Storage Counters\0005\tmpD180.tmp moved successfully.
C:\WINDOWS\Inf\Intel Storage Counters\0009\tmp3D53.tmp moved successfully.
C:\WINDOWS\Inf\Intel Storage Counters\0009\tmpD180.tmp moved successfully.
C:\WINDOWS\Installer\MSI4317.tmp- folder moved successfully.
C:\WINDOWS\Installer\MSIF090.tmp- folder moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows\\"AppInit_DLLs"|"" /E : value set successfully!

OTM by OldTimer - Version 3.1.21.0 log created on 11152014_165833

Files moved on Reboot...
C:\Users\Petr\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\6d1026b4fa6d4c49d77d65f8805a9c0_fce8395f8fd8a848_e330f25ac01818f1_0_0.bin moved successfully.
C:\Users\Petr\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\6d1026b4fa6d4c49d77d65f8805a9c0_fce8395f8fd8a848_e330f25ac01818f1_0_0.toc moved successfully.
C:\Users\Petr\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\6d1026b4fa6d4c49d77d65f8805a9c0_fce8395f8fd8a848_e330f25ac01818f1_1_0.bin moved successfully.
C:\Users\Petr\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\6d1026b4fa6d4c49d77d65f8805a9c0_fce8395f8fd8a848_e330f25ac01818f1_1_0.toc moved successfully.
C:\Users\Petr\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\6d1026b4fa6d4c49d77d65f8805a9c0_fce8395f8fd8a848_e330f25ac01818f1_2_0.bin moved successfully.
C:\Users\Petr\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\6d1026b4fa6d4c49d77d65f8805a9c0_fce8395f8fd8a848_e330f25ac01818f1_2_0.toc moved successfully.
C:\Users\Petr\AppData\Local\Temp\10d2ca4a-28d7-4d81-8c1e-dc42bb6c83fc\CliSecureRT64.dll moved successfully.
C:\Users\Petr\AppData\Local\Microsoft\Windows\INetCache\counters.dat moved successfully.
File move failed. C:\WINDOWS\temp\NVIDIA Corporation\NV_Cache\6d1026b4fa6d4c49d77d65f8805a9c0_fce8395f8fd8a848_6229ccd76215aea1_0_0.bin scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\NVIDIA Corporation\NV_Cache\6d1026b4fa6d4c49d77d65f8805a9c0_fce8395f8fd8a848_6229ccd76215aea1_0_0.toc scheduled to be moved on reboot.
C:\WINDOWS\temp\NVIDIA Corporation\NV_Cache\6d1026b4fa6d4c49d77d65f8805a9c0_fce8395f8fd8a848_6229ccd76215aea1_0_1.bin moved successfully.
File C:\WINDOWS\temp\officeclicktorun.exe_c2ruidll(20141115141549700).log not found!
File C:\WINDOWS\temp\officeclicktorun.exe_streamserver(20141115141549700).log not found!
C:\WINDOWS\temp\PETR-GAMING-20141115-1415.log moved successfully.

Registry entries deleted on Reboot...

Re: Zpomalení internetu (střídavé) podezření na trojana.

Napsal: 15 lis 2014 20:44
od Pepathepig
Tak už to zase začalo. Ve hrách (Counter-Strike global offensive) mám spiky, kdy mi ping vylítává až na 500ms. Takovéto stavy trvají cca 15 sec a opakují se každou minutu. Když změřím rychlost na speedtestu, dostávám jen lehce snížené hodnoty (Download: z 40 na 25 Mb/s Upload z 30 - 40 Mb/s na 15 Mb/s) a ping relativně normální (max 40). Jen jednou, když mi ping ve hře vyskočil až na 800 mi speedtest vyhodil hodnoty viz příloha. Download začal na cca 0,50 mb/s a po cca 2 sec se "vzpamatoval". Připadá mi to, jako by něco/někdo využíval moje připojení a stahoval věci.

Re: Zpomalení internetu (střídavé) podezření na trojana.

Napsal: 15 lis 2014 21:56
od altrok
:arrow: Kdyz zacnou spiky, zkontrolujte, ktery proces pocitac (procesor i RAM) vytezuje nejvic.

:arrow: Nainstalujte MBAM a udelejte vlastni sken vsech disku - http://forum.viry.cz/viewtopic.php?f=29&t=137928
  • Upozorneni: tento sken zabere od 30 minut po nekolik hodin
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz