VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Podezření na trojana

https://forum.viry.cz:443/viewtopic.php?t=141303

Stránka 1 z 1

Podezření na trojana

Napsal: 16 lis 2014 14:57
od curepiddy
Zdravím,

prosím Vás, mohl by se někdo kouknout na log kámošky? Eset (legální) ji pořád vyhazuje upozornění o přítomnosti trojana a sám jej nedokáže odstranit (ani jiné programy, které zkoušela). Systém má legální. Děkuji. Zde je její log:

Logfile of random's system information tool 1.10 (written by random/random)
Run by NT Acer at 2014-11-16 14:53:37
Microsoft Windows 8.1
System drive C: has 370 GB (81%) free of 457 GB
Total RAM: 3911 MB (35% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:53:41, on 16. 11. 2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17416)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTray.exe
C:\SRNMIC~1\SOLOSENT.EXE
C:\SRNMIC~1\SOLOCFG.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\NT Acer.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer13.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [RadioController] "C:\Program Files (x86)\RadioController\RfBtnHelper.exe" Start_Run
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [Zoner Photo Studio Autoupdate] C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTRAY.EXE
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKLM\..\Policies\Explorer\Run: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{C9868DCD-087E-41F5-86BE-22CA40150ACE}: NameServer = 204.27.56.122,204.27.56.123,10.0.0.138
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AtherosSvc - Qualcomm Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: CCDMonitorService - Acer Incorporated - C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Device Fast-lane Service (DeviceFastLaneService) - Acer Incorporated - C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Endpoint Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe
O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
O23 - Service: ESET SHA Service (ESHASRV) - ESET - C:\Program Files\ESET\ESET Endpoint Antivirus\EShaSrv.exe
O23 - Service: ExpressCache - Condusiv Technologies - C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Sleep memory optimizer (FFSOpzSvc) - Acer Incorporated - C:\Program Files\Acer\Acer Instant Service\Sleep Memory Optimizer\FFSService.exe
O23 - Service: GamesAppIntegrationService - WildTangent - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Rapid Start Technology Service (irstrtsv) - Intel Corporation - C:\Windows\SysWOW64\irstrtsv.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: Nero Update (NAUpdate) - Nero AG - c:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Dritek RF Button Command Service (RfButtonDriverService) - Dritek System INC. - C:\Windows\RfBtnSvc64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: AVG PC TuneUp Service (TuneUp.UtilitiesSvc) - AVG - C:\Program Files (x86)\AVG PC TuneUp 2014\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Acer Theft Shield Service (USecuAppSvc) - Acer Incorporated - C:\Program Files\Acer\Acer Theft Shield\USecuAppSvc.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10225 bytes

======Listing Processes======





wininit.exe

C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Bluetooth Suite\adminservice.exe"
"C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe"
"C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe" /service
"C:\Program Files (x86)\Launch Manager\dsiwmis.exe"
dashost.exe {9b97e231-bdf3-4f91-8ff73d6aaadf87c7}
"C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe"
"C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe"
"C:\Program Files\Acer\Acer Instant Service\Sleep Memory Optimizer\FFSService.exe"
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
C:\Windows\RfBtnSvc64.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\AVG PC TuneUp 2014\TuneUpUtilitiesService64.exe"
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet
C:\WINDOWS\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe"
"C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"c:\Program Files (x86)\Nero\Update\NASvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
taskeng.exe {A9538BBC-B6F3-4BEA-9655-C2DEDF8C0B23}

C:\WINDOWS\System32\WinLogon.exe -SpecialSession
-hiberboot
"C:\Program Files (x86)\Launch Manager\LMutilps32.exe" --system-level --system-level-mutex="Local\{B904A927-FE6B-48fd-8C83-6B807BED1F9C}" --enable-wmi-window --enable-setforeground-window --enable-kbhook-window
C:\WINDOWS\Explorer.EXE
taskhostex.exe
"C:\Program Files (x86)\AVG PC TuneUp 2014\TuneUpUtilitiesApp64.exe" /TUStart /pid:2872
"C:\Program Files (x86)\Launch Manager\LManager.exe"
C:\WINDOWS\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe"
"C:\WINDOWS\system32\igfxext.exe" -Embedding
C:\Windows\System32\skydrive.exe -Embedding
"C:\Windows\System32\SettingSyncHost.exe" -Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
"C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe"
"C:\Program Files\Elantech\ETDCtrl.exe"
"C:\Program Files\Elantech\ETDTouch.exe"
"C:\Program Files\Elantech\ETDCtrlHelper.exe"
"C:\Windows\System32\igfxtray.exe"
"C:\WINDOWS\system32\igfxsrvc.exe" -Embedding
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4
"C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe" /hide /waitservice
"C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTray.exe"
"C:\Windows\System32\StikyNot.exe"
"C:\Program Files (x86)\RadioController\RfBtnHelper.exe" HigherRFButtonHelper
"C:\Dolby PCEE4\pcee4.exe" -autostart
"C:\Program Files\Acer\Acer Power Management\ePowerTray.exe"
C:\WINDOWS\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe"
"C:\Program Files\Acer\Acer Theft Shield\USecuAppClient.exe"
"C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17044_x64__8wekyb3d8bbwe\glcnd.exe" -ServerName:Microsoft.Reader.AppXtszmc7avrx02s7n8gch63tzwg517wd9k.mca
"C:\SRNMIC~1\SOLOSENT.EXE"
"C:\SRNMIC~1\SOLOCFG.EXE"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="3668.0.1061680946\2046955781" --disable-d3d11 --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,6,16 --gpu-vendor-id=0x8086 --gpu-device-id=0x0166 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=10.18.10.3412 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutoReloadExperiment/Enabled/AutoReloadVisibleOnlyExperiment/Enabled/BrowserBlacklist/Enabled/DomRel-Enable/control/EmbeddedSearch/Group1 dev:pp5 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Bootstrap/GoogleNow/Enable/MaterialDesignNTP/Default/NewProfileManagement/NewAvatarMenu/OmniboxBundledExperimentV1/DevHQPExperimentsControlR2/PasswordGeneration/Disabled/Prerender/PrerenderMulti/PrerenderLocalPredictorSpec/cd=3:LocalPredictor=Disabled/RapporRollout/Enabled/RememberCertificateErrorDecisions/Default/SafeBrowsingIncidentReportingService/Default/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-1-Percent/group_11/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/WebRTC-ApplicationUDPSendSocketSize/65536/" --extension-process --enable-webrtc-hw-h264-encoding --renderer-print-preview --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --channel="3668.2.772276661\891329561" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutoReloadExperiment/Enabled/AutoReloadVisibleOnlyExperiment/Enabled/BrowserBlacklist/Enabled/DomRel-Enable/control/EmbeddedSearch/Group1 dev:pp5 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Bootstrap/GoogleNow/Enable/MaterialDesignNTP/Default/NewProfileManagement/NewAvatarMenu/OmniboxBundledExperimentV1/DevHQPExperimentsControlR2/PasswordGeneration/Disabled/Prerender/PrerenderMulti/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/cd=3:LocalPredictor=Disabled/RapporRollout/Enabled/RememberCertificateErrorDecisions/Default/SafeBrowsingIncidentReportingService/Default/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-1-Percent/group_11/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/WebRTC-ApplicationUDPSendSocketSize/65536/" --renderer-print-preview --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --channel="3668.6.2125908505\193040232" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="3668.7.1696259839\829791281" --ppapi-flash-args=enable_hw_video_decode=1 --lang=cs --ignored=" --type=renderer " /prefetch:-632637702
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutoReloadExperiment/Enabled/AutoReloadVisibleOnlyExperiment/Enabled/BrowserBlacklist/Enabled/DomRel-Enable/control/EmbeddedSearch/Group1 dev:pp5 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Bootstrap/GoogleNow/Enable/MaterialDesignNTP/Default/NewProfileManagement/NewAvatarMenu/OmniboxBundledExperimentV1/DevHQPExperimentsControlR2/PasswordGeneration/Disabled/Prerender/PrerenderMulti/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/cd=3:LocalPredictor=Disabled/RapporRollout/Enabled/RememberCertificateErrorDecisions/Default/SafeBrowsingIncidentReportingService/Default/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-1-Percent/group_11/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/WebRTC-ApplicationUDPSendSocketSize/65536/" --renderer-print-preview --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --channel="3668.9.1760951936\2005564000" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutoReloadExperiment/Enabled/AutoReloadVisibleOnlyExperiment/Enabled/BrowserBlacklist/Enabled/DomRel-Enable/control/EmbeddedSearch/Group1 dev:pp5 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Bootstrap/GoogleNow/Enable/MaterialDesignNTP/Default/NewProfileManagement/NewAvatarMenu/OmniboxBundledExperimentV1/DevHQPExperimentsControlR2/PasswordGeneration/Disabled/Prerender/PrerenderMulti/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/cd=3:LocalPredictor=Disabled/RapporRollout/Enabled/RememberCertificateErrorDecisions/Default/SafeBrowsingIncidentReportingService/Default/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-1-Percent/group_11/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/WebRTC-ApplicationUDPSendSocketSize/65536/" --renderer-print-preview --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --channel="3668.19.782062830\109387644" /prefetch:673131151
C:\WINDOWS\splwow64.exe 8192
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutoReloadExperiment/Enabled/AutoReloadVisibleOnlyExperiment/Enabled/BrowserBlacklist/Enabled/DomRel-Enable/control/EmbeddedSearch/Group1 dev:pp5 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Bootstrap/GoogleNow/Enable/MaterialDesignNTP/Default/NewProfileManagement/NewAvatarMenu/OmniboxBundledExperimentV1/DevHQPExperimentsControlR2/PasswordGeneration/Disabled/Prerender/PrerenderMulti/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/cd=3:LocalPredictor=Disabled/RapporRollout/Enabled/RememberCertificateErrorDecisions/Default/SafeBrowsingIncidentReportingService/Default/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-1-Percent/group_11/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/WebRTC-ApplicationUDPSendSocketSize/65536/" --renderer-print-preview --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --channel="3668.24.691345065\1285539120" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutoReloadExperiment/Enabled/AutoReloadVisibleOnlyExperiment/Enabled/BrowserBlacklist/Enabled/DomRel-Enable/control/EmbeddedSearch/Group1 dev:pp5 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Bootstrap/GoogleNow/Enable/MaterialDesignNTP/Default/NewProfileManagement/NewAvatarMenu/OmniboxBundledExperimentV1/DevHQPExperimentsControlR2/PasswordGeneration/Disabled/Prerender/PrerenderMulti/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/cd=3:LocalPredictor=Disabled/RapporRollout/Enabled/RememberCertificateErrorDecisions/Default/SafeBrowsingIncidentReportingService/Default/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-1-Percent/group_11/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/WebRTC-ApplicationUDPSendSocketSize/65536/" --renderer-print-preview --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --channel="3668.44.2069402210\1187008110" /prefetch:673131151
"C:\Program Files\OSHI\Defender\oshidfui.exe"
taskhost.exe
"C:\Program Files\OSHI\Defender\oshidfui.exe" /scan 09073764-9BA8-4A36-9913-CCCEDC3D3C70 345E9B95-7F53-4FC6-BC01-4D1136176575

"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe50_ Global\UsGthrCtrlFltPipeMssGthrPipe50 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\WINDOWS\system32\SearchFilterHost.exe" 0 576 580 588 65536 584
"C:\Users\NT Acer\Downloads\RSITx64 (1).exe"
C:\WINDOWS\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2014-10-14 218776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}]
CIESpeechBHO Class - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2013-01-25 66688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2014-10-14 2334928]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2011-02-01 1487240]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2011-02-01 1487240]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ETDCtrl"=C:\Program Files\Elantech\ETDCtrl.exe [2013-03-05 2876816]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2014-01-25 391128]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2014-01-25 771544]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2014-01-25 770520]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-01-29 13267016]
"RtHDVBg_Dolby"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2013-01-18 1276488]
"egui"=C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe [2012-07-04 4133072]
"OSHI Defender"=C:\Program Files\OSHI\Defender\oshidfui.exe [2014-04-09 5406704]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"BtvStack"=C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [2013-01-25 131712]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Zoner Photo Studio Autoupdate"=C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTRAY.EXE [2012-10-18 752736]
"RESTART_STICKY_NOTES"=C:\Windows\System32\StikyNot.exe [2014-03-18 457728]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"RadioController"=C:\Program Files (x86)\RadioController\RfBtnHelper.exe [2013-11-26 111216]
"TrojanScanner"=C:\Program Files (x86)\Trojan Remover\Trjscan.exe [2014-05-22 1666432]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"BtvStack"=C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [2013-01-25 131712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2014-01-25 624640]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLinkedConnections"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave4"=wdmaud.drv
"mixer4"=wdmaud.drv
"midi4"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-11-16 14:17:07 ----D---- C:\rsit
2014-11-16 14:17:07 ----D---- C:\Program Files\trend micro
2014-11-16 11:32:03 ----D---- C:\Program Files\OSHI
2014-11-16 11:31:06 ----SHD---- C:\Config.Msi
2014-11-16 11:02:20 ----A---- C:\WINDOWS\SYSWOW64\drivers\Partizan.sys
2014-11-16 11:02:19 ----RASHOT---- C:\WINDOWS\winstart.bat
2014-11-16 11:02:16 ----A---- C:\WINDOWS\SYSWOW64\drivers\UnHackMeDrv.sys
2014-11-16 11:02:12 ----D---- C:\Program Files (x86)\UnHackMe
2014-11-15 12:51:09 ----A---- C:\AUTOEXEC.BAT
2014-11-15 12:50:34 ----D---- C:\SRN Micro
2014-11-15 12:29:12 ----D---- C:\ProgramData\OSHI
2014-11-15 11:21:18 ----D---- C:\ProgramData\Licenses
2014-11-15 11:20:44 ----D---- C:\ProgramData\Simply Super Software
2014-11-15 11:20:44 ----D---- C:\Program Files (x86)\Trojan Remover
2014-11-14 16:35:48 ----D---- C:\Program Files (x86)\DeltaFix
2014-11-14 16:35:01 ----D---- C:\Program Files (x86)\YoutubeAdBlocke
2014-11-14 16:34:33 ----D---- C:\Program Files (x86)\GoSave
2014-11-14 16:34:22 ----D---- C:\ProgramData\8946204686517272714
2014-11-14 16:34:11 ----D---- C:\ProgramData\dfbgapojjdhboflcldlnakjlknkdbdbi
2014-11-12 07:49:54 ----A---- C:\WINDOWS\system32\schannel.dll
2014-11-12 07:49:53 ----A---- C:\WINDOWS\SYSWOW64\schannel.dll
2014-11-12 07:49:53 ----A---- C:\WINDOWS\system32\dpapisrv.dll
2014-11-12 07:49:52 ----A---- C:\WINDOWS\system32\ncryptsslp.dll
2014-11-12 07:49:51 ----A---- C:\WINDOWS\SYSWOW64\ncryptsslp.dll
2014-11-12 07:49:16 ----A---- C:\WINDOWS\system32\rdpcorets.dll
2014-11-12 07:49:15 ----A---- C:\WINDOWS\system32\lsasrv.dll
2014-11-12 07:49:14 ----A---- C:\WINDOWS\SYSWOW64\certcli.dll
2014-11-12 07:49:14 ----A---- C:\WINDOWS\system32\certcli.dll
2014-11-12 07:49:13 ----A---- C:\WINDOWS\system32\drivers\ksecpkg.sys
2014-11-12 07:49:13 ----A---- C:\WINDOWS\system32\drivers\cng.sys
2014-11-12 07:49:12 ----A---- C:\WINDOWS\SYSWOW64\adtschema.dll
2014-11-12 07:49:12 ----A---- C:\WINDOWS\system32\adtschema.dll
2014-11-12 07:49:11 ----A---- C:\WINDOWS\system32\rfxvmt.dll
2014-11-12 07:49:11 ----A---- C:\WINDOWS\system32\drivers\rdpvideominiport.sys
2014-11-12 07:49:08 ----A---- C:\WINDOWS\SYSWOW64\msaudite.dll
2014-11-12 07:49:08 ----A---- C:\WINDOWS\system32\msaudite.dll
2014-11-12 07:49:07 ----A---- C:\WINDOWS\system32\rdpudd.dll
2014-11-12 07:47:23 ----A---- C:\WINDOWS\system32\oleaut32.dll
2014-11-12 07:47:22 ----A---- C:\WINDOWS\SYSWOW64\oleaut32.dll
2014-11-12 07:47:19 ----A---- C:\WINDOWS\SYSWOW64\msi.dll
2014-11-12 07:47:18 ----A---- C:\WINDOWS\system32\msi.dll
2014-11-12 07:47:18 ----A---- C:\WINDOWS\system32\authui.dll
2014-11-12 07:47:17 ----A---- C:\WINDOWS\SYSWOW64\authui.dll
2014-11-12 07:47:17 ----A---- C:\WINDOWS\system32\msihnd.dll
2014-11-12 07:47:16 ----A---- C:\WINDOWS\SYSWOW64\msihnd.dll
2014-11-12 07:47:16 ----A---- C:\WINDOWS\system32\consent.exe
2014-11-12 07:47:16 ----A---- C:\WINDOWS\system32\appinfo.dll
2014-11-12 07:47:03 ----A---- C:\WINDOWS\system32\wuaueng.dll
2014-11-12 07:47:02 ----A---- C:\WINDOWS\system32\wuapi.dll
2014-11-12 07:47:01 ----A---- C:\WINDOWS\SYSWOW64\wuapi.dll
2014-11-12 07:47:00 ----A---- C:\WINDOWS\system32\wucltux.dll
2014-11-12 07:46:59 ----A---- C:\WINDOWS\SYSWOW64\wuwebv.dll
2014-11-12 07:46:59 ----A---- C:\WINDOWS\system32\WUSettingsProvider.dll
2014-11-12 07:46:58 ----A---- C:\WINDOWS\SYSWOW64\wudriver.dll
2014-11-12 07:46:58 ----A---- C:\WINDOWS\SYSWOW64\wuapp.exe
2014-11-12 07:46:58 ----A---- C:\WINDOWS\system32\wuwebv.dll
2014-11-12 07:46:58 ----A---- C:\WINDOWS\system32\wups.dll
2014-11-12 07:46:58 ----A---- C:\WINDOWS\system32\wudriver.dll
2014-11-12 07:46:58 ----A---- C:\WINDOWS\system32\wuauclt.exe
2014-11-12 07:46:57 ----A---- C:\WINDOWS\SYSWOW64\wups.dll
2014-11-12 07:46:57 ----A---- C:\WINDOWS\system32\wups2.dll
2014-11-12 07:46:57 ----A---- C:\WINDOWS\system32\wuapp.exe
2014-11-12 07:46:57 ----A---- C:\WINDOWS\system32\wuaext.dll
2014-11-12 07:45:44 ----A---- C:\WINDOWS\system32\user32.dll
2014-11-12 07:45:42 ----A---- C:\WINDOWS\SYSWOW64\user32.dll
2014-11-12 07:45:42 ----A---- C:\WINDOWS\system32\drivers\WdFilter.sys
2014-11-12 07:45:41 ----A---- C:\WINDOWS\system32\drivers\WdNisDrv.sys
2014-11-12 07:45:40 ----A---- C:\WINDOWS\system32\drivers\WdBoot.sys
2014-11-12 07:45:37 ----A---- C:\WINDOWS\SYSWOW64\winshfhc.dll
2014-11-12 07:45:37 ----A---- C:\WINDOWS\system32\winshfhc.dll
2014-11-12 07:44:40 ----A---- C:\WINDOWS\system32\mshtml.dll
2014-11-12 07:44:33 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll
2014-11-12 07:44:02 ----A---- C:\WINDOWS\system32\ieframe.dll
2014-11-12 07:43:56 ----A---- C:\WINDOWS\SYSWOW64\ieframe.dll
2014-11-12 07:43:51 ----A---- C:\WINDOWS\system32\jscript9.dll
2014-11-12 07:43:49 ----A---- C:\WINDOWS\SYSWOW64\jscript9.dll
2014-11-12 07:43:47 ----A---- C:\WINDOWS\system32\wininet.dll
2014-11-12 07:43:46 ----A---- C:\WINDOWS\SYSWOW64\wininet.dll
2014-11-12 07:43:46 ----A---- C:\WINDOWS\SYSWOW64\urlmon.dll
2014-11-12 07:43:46 ----A---- C:\WINDOWS\system32\urlmon.dll
2014-11-12 07:43:46 ----A---- C:\WINDOWS\system32\iertutil.dll
2014-11-12 07:43:45 ----A---- C:\WINDOWS\SYSWOW64\inetcomm.dll
2014-11-12 07:43:45 ----A---- C:\WINDOWS\SYSWOW64\iertutil.dll
2014-11-12 07:43:45 ----A---- C:\WINDOWS\system32\inetcomm.dll
2014-11-12 07:43:45 ----A---- C:\WINDOWS\system32\actxprxy.dll
2014-11-12 07:43:44 ----A---- C:\WINDOWS\SYSWOW64\jscript.dll
2014-11-12 07:43:44 ----A---- C:\WINDOWS\system32\jscript9diag.dll
2014-11-12 07:43:44 ----A---- C:\WINDOWS\system32\jscript.dll
2014-11-12 07:43:44 ----A---- C:\WINDOWS\system32\ieui.dll
2014-11-12 07:43:43 ----A---- C:\WINDOWS\SYSWOW64\vbscript.dll
2014-11-12 07:43:43 ----A---- C:\WINDOWS\SYSWOW64\msfeeds.dll
2014-11-12 07:43:43 ----A---- C:\WINDOWS\SYSWOW64\jscript9diag.dll
2014-11-12 07:43:43 ----A---- C:\WINDOWS\SYSWOW64\ieui.dll
2014-11-12 07:43:43 ----A---- C:\WINDOWS\system32\vbscript.dll
2014-11-12 07:43:43 ----A---- C:\WINDOWS\system32\msfeeds.dll
2014-11-12 07:43:42 ----A---- C:\WINDOWS\SYSWOW64\ieapfltr.dll
2014-11-12 07:43:42 ----A---- C:\WINDOWS\SYSWOW64\dxtrans.dll
2014-11-12 07:43:42 ----A---- C:\WINDOWS\SYSWOW64\dxtmsft.dll
2014-11-12 07:43:42 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2014-11-12 07:43:42 ----A---- C:\WINDOWS\system32\dxtrans.dll
2014-11-12 07:43:42 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2014-11-12 07:43:41 ----A---- C:\WINDOWS\SYSWOW64\webcheck.dll
2014-11-12 07:43:41 ----A---- C:\WINDOWS\SYSWOW64\iedkcs32.dll
2014-11-12 07:43:41 ----A---- C:\WINDOWS\system32\webcheck.dll
2014-11-12 07:43:41 ----A---- C:\WINDOWS\system32\ieetwproxystub.dll
2014-11-12 07:43:40 ----A---- C:\WINDOWS\SYSWOW64\msrating.dll
2014-11-12 07:43:40 ----A---- C:\WINDOWS\SYSWOW64\inseng.dll
2014-11-12 07:43:40 ----A---- C:\WINDOWS\SYSWOW64\ieUnatt.exe
2014-11-12 07:43:40 ----A---- C:\WINDOWS\SYSWOW64\iesysprep.dll
2014-11-12 07:43:40 ----A---- C:\WINDOWS\SYSWOW64\iepeers.dll
2014-11-12 07:43:40 ----A---- C:\WINDOWS\SYSWOW64\hlink.dll
2014-11-12 07:43:40 ----A---- C:\WINDOWS\SYSWOW64\actxprxy.dll
2014-11-12 07:43:40 ----A---- C:\WINDOWS\system32\msrating.dll
2014-11-12 07:43:40 ----A---- C:\WINDOWS\system32\ieUnatt.exe
2014-11-12 07:43:40 ----A---- C:\WINDOWS\system32\iesysprep.dll
2014-11-12 07:43:40 ----A---- C:\WINDOWS\system32\iepeers.dll
2014-11-12 07:43:40 ----A---- C:\WINDOWS\system32\ieetwcollector.exe
2014-11-12 07:43:40 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2014-11-12 07:43:40 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2014-11-12 07:43:40 ----A---- C:\WINDOWS\system32\hlink.dll
2014-11-12 07:43:39 ----A---- C:\WINDOWS\SYSWOW64\wextract.exe
2014-11-12 07:43:39 ----A---- C:\WINDOWS\SYSWOW64\url.dll
2014-11-12 07:43:39 ----A---- C:\WINDOWS\SYSWOW64\pngfilt.dll
2014-11-12 07:43:39 ----A---- C:\WINDOWS\SYSWOW64\occache.dll
2014-11-12 07:43:39 ----A---- C:\WINDOWS\SYSWOW64\mshtmled.dll
2014-11-12 07:43:39 ----A---- C:\WINDOWS\SYSWOW64\MshtmlDac.dll
2014-11-12 07:43:39 ----A---- C:\WINDOWS\SYSWOW64\mshta.exe
2014-11-12 07:43:39 ----A---- C:\WINDOWS\SYSWOW64\msfeedssync.exe
2014-11-12 07:43:39 ----A---- C:\WINDOWS\SYSWOW64\msfeedsbs.dll
2014-11-12 07:43:39 ----A---- C:\WINDOWS\SYSWOW64\licmgr10.dll
2014-11-12 07:43:39 ----A---- C:\WINDOWS\SYSWOW64\jsproxy.dll
2014-11-12 07:43:39 ----A---- C:\WINDOWS\SYSWOW64\JavaScriptCollectionAgent.dll
2014-11-12 07:43:39 ----A---- C:\WINDOWS\SYSWOW64\imgutil.dll
2014-11-12 07:43:39 ----A---- C:\WINDOWS\SYSWOW64\iexpress.exe
2014-11-12 07:43:39 ----A---- C:\WINDOWS\SYSWOW64\iesetup.dll
2014-11-12 07:43:39 ----A---- C:\WINDOWS\SYSWOW64\iernonce.dll
2014-11-12 07:43:39 ----A---- C:\WINDOWS\SYSWOW64\ieetwproxystub.dll
2014-11-12 07:43:39 ----A---- C:\WINDOWS\SYSWOW64\IEAdvpack.dll
2014-11-12 07:43:39 ----A---- C:\WINDOWS\system32\wextract.exe
2014-11-12 07:43:39 ----A---- C:\WINDOWS\system32\url.dll
2014-11-12 07:43:39 ----A---- C:\WINDOWS\system32\pngfilt.dll
2014-11-12 07:43:39 ----A---- C:\WINDOWS\system32\occache.dll
2014-11-12 07:43:39 ----A---- C:\WINDOWS\system32\mshtmled.dll
2014-11-12 07:43:39 ----A---- C:\WINDOWS\system32\MshtmlDac.dll
2014-11-12 07:43:39 ----A---- C:\WINDOWS\system32\mshta.exe
2014-11-12 07:43:39 ----A---- C:\WINDOWS\system32\msfeedssync.exe
2014-11-12 07:43:39 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2014-11-12 07:43:39 ----A---- C:\WINDOWS\system32\licmgr10.dll
2014-11-12 07:43:39 ----A---- C:\WINDOWS\system32\jsproxy.dll
2014-11-12 07:43:39 ----A---- C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-11-12 07:43:39 ----A---- C:\WINDOWS\system32\inseng.dll
2014-11-12 07:43:39 ----A---- C:\WINDOWS\system32\imgutil.dll
2014-11-12 07:43:39 ----A---- C:\WINDOWS\system32\iexpress.exe
2014-11-12 07:43:39 ----A---- C:\WINDOWS\system32\iesetup.dll
2014-11-12 07:43:39 ----A---- C:\WINDOWS\system32\iernonce.dll
2014-11-12 07:43:39 ----A---- C:\WINDOWS\system32\IEAdvpack.dll
2014-11-12 07:42:10 ----A---- C:\WINDOWS\SYSWOW64\packager.dll
2014-11-12 07:42:10 ----A---- C:\WINDOWS\SYSWOW64\msxml3.dll
2014-11-12 07:42:10 ----A---- C:\WINDOWS\system32\packager.dll
2014-11-12 07:42:10 ----A---- C:\WINDOWS\system32\msxml3.dll
2014-11-12 07:42:09 ----A---- C:\WINDOWS\system32\win32k.sys
2014-11-12 07:42:04 ----A---- C:\WINDOWS\SYSWOW64\AudioSes.dll
2014-11-12 07:42:04 ----A---- C:\WINDOWS\SYSWOW64\AUDIOKSE.dll
2014-11-12 07:42:04 ----A---- C:\WINDOWS\system32\audiosrv.dll
2014-11-12 07:42:04 ----A---- C:\WINDOWS\system32\AudioSes.dll
2014-11-12 07:42:04 ----A---- C:\WINDOWS\system32\AUDIOKSE.dll
2014-11-12 07:42:04 ----A---- C:\WINDOWS\system32\audiodg.exe
2014-11-12 07:42:03 ----A---- C:\WINDOWS\SYSWOW64\AudioEng.dll
2014-11-12 07:42:03 ----A---- C:\WINDOWS\system32\EncDump.dll
2014-11-12 07:42:03 ----A---- C:\WINDOWS\system32\AudioEng.dll
2014-11-12 07:42:03 ----A---- C:\WINDOWS\system32\AudioEndpointBuilder.dll
2014-11-12 07:41:58 ----A---- C:\WINDOWS\system32\shell32.dll
2014-11-12 07:41:56 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2014-11-12 07:41:55 ----A---- C:\WINDOWS\SYSWOW64\shell32.dll
2014-11-12 07:41:54 ----A---- C:\WINDOWS\system32\SettingsHandlers.dll
2014-11-12 07:41:53 ----A---- C:\WINDOWS\system32\twinui.dll
2014-11-12 07:41:52 ----A---- C:\WINDOWS\system32\localspl.dll
2014-11-12 07:41:52 ----A---- C:\WINDOWS\system32\drivers\tcpip.sys
2014-11-12 07:41:51 ----A---- C:\WINDOWS\SYSWOW64\twinui.dll
2014-11-12 07:41:51 ----A---- C:\WINDOWS\system32\mfmp4srcsnk.dll
2014-11-12 07:41:51 ----A---- C:\WINDOWS\system32\MFMediaEngine.dll
2014-11-12 07:41:50 ----A---- C:\WINDOWS\SYSWOW64\mfmp4srcsnk.dll
2014-11-12 07:41:50 ----A---- C:\WINDOWS\SYSWOW64\MFMediaEngine.dll
2014-11-12 07:41:50 ----A---- C:\WINDOWS\system32\win32spl.dll
2014-11-12 07:41:49 ----A---- C:\WINDOWS\SYSWOW64\WsmSvc.dll
2014-11-12 07:41:49 ----A---- C:\WINDOWS\SYSWOW64\puiobj.dll
2014-11-12 07:41:49 ----A---- C:\WINDOWS\system32\WsmSvc.dll
2014-11-12 07:41:49 ----A---- C:\WINDOWS\system32\puiobj.dll
2014-11-12 07:41:49 ----A---- C:\WINDOWS\system32\drivers\netio.sys
2014-11-12 07:41:48 ----AC---- C:\WINDOWS\system32\drivers\USBSTOR.SYS
2014-11-12 07:41:48 ----A---- C:\WINDOWS\SYSWOW64\untfs.dll
2014-11-12 07:41:48 ----A---- C:\WINDOWS\system32\untfs.dll
2014-11-12 07:41:48 ----A---- C:\WINDOWS\system32\FXSCOMEX.dll
2014-11-12 07:41:48 ----A---- C:\WINDOWS\system32\drivers\FWPKCLNT.SYS
2014-11-12 07:41:47 ----A---- C:\WINDOWS\SYSWOW64\FXSAPI.dll
2014-11-12 07:41:47 ----A---- C:\WINDOWS\system32\FXSAPI.dll

======List of files/folders modified in the last 1 month======

2014-11-16 14:53:30 ----D---- C:\WINDOWS\Temp
2014-11-16 14:25:07 ----D---- C:\WINDOWS\Prefetch
2014-11-16 14:17:07 ----RD---- C:\Program Files
2014-11-16 14:00:00 ----D---- C:\WINDOWS\system32\sru
2014-11-16 13:09:14 ----D---- C:\WINDOWS\Microsoft.NET
2014-11-16 12:35:49 ----RD---- C:\WINDOWS\System32
2014-11-16 12:35:49 ----D---- C:\WINDOWS\Inf
2014-11-16 12:35:49 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2014-11-16 11:32:04 ----SHD---- C:\WINDOWS\Installer
2014-11-16 11:32:04 ----D---- C:\WINDOWS\system32\Tasks
2014-11-16 11:08:32 ----AD---- C:\ProgramData\Temp
2014-11-16 11:02:20 ----D---- C:\WINDOWS\SYSWOW64\drivers
2014-11-16 11:02:19 ----D---- C:\WINDOWS\SysWOW64
2014-11-16 11:02:19 ----D---- C:\Windows
2014-11-16 11:02:12 ----RD---- C:\Program Files (x86)
2014-11-15 14:06:13 ----D---- C:\WINDOWS\debug
2014-11-15 13:57:52 ----A---- C:\WINDOWS\SYSWOW64\log.txt
2014-11-15 13:19:55 ----RD---- C:\WINDOWS\assembly
2014-11-15 12:29:12 ----HD---- C:\ProgramData
2014-11-15 12:28:54 ----SHD---- C:\System Volume Information
2014-11-15 11:24:49 ----SD---- C:\Users\NT Acer\AppData\Roaming\Microsoft
2014-11-15 11:24:49 ----SD---- C:\ProgramData\Microsoft
2014-11-15 09:52:20 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2014-11-15 09:51:34 ----D---- C:\Program Files\Microsoft Office 15
2014-11-14 19:50:13 ----D---- C:\WINDOWS\AppReadiness
2014-11-13 18:50:56 ----HD---- C:\Program Files\WindowsApps
2014-11-13 06:19:53 ----D---- C:\WINDOWS\system32\config
2014-11-13 06:18:46 ----D---- C:\WINDOWS\rescache
2014-11-13 06:05:55 ----D---- C:\WINDOWS\system32\DriverStore
2014-11-13 05:56:27 ----D---- C:\WINDOWS\Tasks
2014-11-12 19:33:53 ----D---- C:\WINDOWS\WinSxS
2014-11-12 09:35:09 ----D---- C:\WINDOWS\SYSWOW64\cs-CZ
2014-11-12 09:35:09 ----D---- C:\WINDOWS\system32\drivers
2014-11-12 09:35:09 ----D---- C:\WINDOWS\system32\cs-CZ
2014-11-12 09:35:08 ----D---- C:\WINDOWS\SYSWOW64\migration
2014-11-12 09:35:08 ----D---- C:\Program Files (x86)\Internet Explorer
2014-11-12 09:35:07 ----RD---- C:\WINDOWS\ToastData
2014-11-12 09:35:07 ----D---- C:\WINDOWS\system32\migration
2014-11-12 09:35:07 ----D---- C:\Program Files\Internet Explorer
2014-11-12 09:35:06 ----RD---- C:\WINDOWS\ImmersiveControlPanel
2014-11-12 09:35:06 ----D---- C:\WINDOWS\apppatch
2014-11-12 09:35:06 ----D---- C:\Program Files\Windows Defender
2014-11-12 09:35:06 ----D---- C:\Program Files (x86)\Windows Defender
2014-11-12 07:59:56 ----D---- C:\WINDOWS\CbsTemp
2014-11-12 07:59:44 ----D---- C:\WINDOWS\system32\wbem
2014-11-12 07:58:29 ----D---- C:\WINDOWS\system32\MRT
2014-11-12 07:56:22 ----A---- C:\WINDOWS\system32\MRT.exe
2014-11-12 07:40:55 ----D---- C:\WINDOWS\system32\catroot2
2014-10-30 01:55:02 ----A---- C:\WINDOWS\SYSWOW64\FlashPlayerApp.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 edevmon;edevmon; C:\WINDOWS\system32\DRIVERS\edevmon.sys [2012-07-10 179920]
R0 excsd;ExpressCache Storage Filter Driver; C:\WINDOWS\system32\DRIVERS\excsd.sys [2013-01-08 112552]
R0 iaStorA;iaStorA; C:\WINDOWS\System32\drivers\iaStorA.sys [2012-07-09 645952]
R1 eamonm;eamonm; C:\WINDOWS\system32\DRIVERS\eamonm.sys [2012-07-10 213416]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2012-03-29 152136]
R1 excfs;ExpressCache File System Filter Driver; C:\WINDOWS\system32\DRIVERS\excfs.sys [2013-01-08 26024]
R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\WINDOWS\system32\DRIVERS\vwififlt.sys [2014-04-30 71680]
R2 epfwwfpr;epfwwfpr; C:\WINDOWS\system32\DRIVERS\epfwwfpr.sys [2012-03-29 140752]
R3 athr;@athw8x.inf,%ATHR.Service.DispName%;Qualcomm Atheros Extensible Wireless LAN device driver; C:\WINDOWS\system32\DRIVERS\athw8x.sys [2013-06-18 3680256]
R3 BTATH_HCRP;@oem4.inf,%BTATH_HCRP.SvcDesc%;Bluetooth HCRP Server driver; C:\WINDOWS\System32\drivers\btath_hcrp.sys [2013-01-25 179432]
R3 BTATH_RCP;@oem8.inf,%BTATH_RCP%;Bluetooth AVRCP Device; C:\WINDOWS\System32\drivers\btath_rcp.sys [2013-01-25 136424]
R3 BtFilter;BtFilter; C:\WINDOWS\system32\DRIVERS\btfilter.sys [2014-04-28 599240]
R3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Služba Bluetooth Enumerator; C:\WINDOWS\System32\drivers\BthEnum.sys [2013-08-22 53248]
R3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Ovladač úspory energie technologie Bluetooth; C:\WINDOWS\system32\DRIVERS\BthLEEnum.sys [2014-03-18 226304]
R3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\WINDOWS\System32\drivers\bthpan.sys [2014-07-24 118272]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2014-03-18 81920]
R3 ETD;@oem9.inf,%PS2.DeviceDesc%;ELAN PS/2 Port Input Device; C:\WINDOWS\system32\DRIVERS\ETD.sys [2013-03-05 356752]
R3 igfx;igfx; C:\WINDOWS\system32\DRIVERS\igdkmd64.sys [2014-01-25 4221440]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RTKVHD64.sys [2013-01-29 3311944]
R3 IntcDAud;@oem5.inf,%IntcDAud.SvcDesc%;Intel(R) Display Audio; C:\WINDOWS\system32\DRIVERS\IntcDAud.sys [2012-06-19 342528]
R3 irstrtdv;@oem11.inf,%Irstrt.DispName%;Intel(R) Rapid Start Technology Driver; C:\WINDOWS\System32\drivers\irstrtdv.sys [2012-07-20 43800]
R3 iwdbus;@oem28.inf,%iwdbus.SVCDESC%;IWD Bus Enumerator; C:\WINDOWS\System32\drivers\iwdbus.sys [2013-12-27 27032]
R3 MEIx64;@oem19.inf,%HECI_SvcDesc%;Intel(R) Management Engine Interface ; C:\WINDOWS\System32\drivers\HECIx64.sys [2012-07-02 62784]
R3 Ps2Kb2Hid;@oem7.inf,%Ps2Kb2Hid.SVCDESC%;PS/2 Keyboard to HID Driver; C:\WINDOWS\System32\drivers\aPs2Kb2Hid.sys [2013-11-26 26736]
R3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\System32\drivers\rfcomm.sys [2014-03-18 167424]
R3 RSUSBVSTOR;@oem2.inf,%RSUSBVSTOR.SvcDesc%;RtsUVStor.Sys Realtek USB Card Reader; C:\WINDOWS\System32\Drivers\RtsUVStor.sys [2012-06-15 315536]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\AVG PC TuneUp 2014\TuneUpUtilitiesDriver64.sys [2013-09-18 14112]
R3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2013-08-22 212224]
R3 vwifimp;@%SystemRoot%\System32\drivers\vwifimp.sys,-261; C:\WINDOWS\system32\DRIVERS\vwifimp.sys [2014-04-30 38912]
S0 Partizan;Partizan; C:\WINDOWS\system32\drivers\Partizan.sys []
S3 AthBTPort;@oem25.inf,%BTHSUPPORT.SvcDesc%;Qualcomm Atheros Virtual Bluetooth Class; C:\WINDOWS\system32\DRIVERS\btath_flt.sys [2013-01-25 89168]
S3 AX88772;@netax88772.inf,%AX88772.DeviceDesc%;Adaptér ASIX AX88772 USB2.0 to Fast Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\ax88772.sys [2013-07-18 113864]
S3 BTATH_A2DP;@oem24.inf,%BTATH_A2DP.SvcDesc%;Bluetooth A2DP Audio Driver; C:\WINDOWS\system32\drivers\btath_a2dp.sys [2013-01-25 346192]
S3 btath_avdt;@oem24.inf,%btath_avdt.SvcDesc%;Qualcomm Atheros Bluetooth AVDT Service; C:\WINDOWS\system32\drivers\btath_avdt.sys [2013-01-25 115280]
S3 BTATH_LWFLT;@oem13.inf,%BTATH_LWFLT%;Bluetooth LWFLT Device; C:\WINDOWS\system32\DRIVERS\btath_lwflt.sys [2013-01-25 77464]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2014-07-24 1200640]
S3 dg_ssudbus;@oem16.inf,%ssud.Service.DeviceDesc%;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudbus.sys [2014-01-22 108800]
S3 intaud_WaveExtensible;@oem27.inf,%INTAUD_WEX.SvcDesc%;Intel WiDi Audio Device; C:\WINDOWS\system32\drivers\intelaud.sys [2013-12-27 38296]
S3 ssudmdm;@oem18.inf,%ssud.Service.Name%;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [2014-01-22 206080]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AtherosSvc;AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [2013-01-25 227456]
R2 CCDMonitorService;CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2013-02-27 2615368]
R2 ClickToRunSvc;Služba Microsoft Office ClickToRun; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2014-10-30 2443960]
R2 DsiWMIService;Dritek WMI Service; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2013-01-16 350984]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe [2012-07-04 999704]
R2 ExpressCache;ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [2013-01-08 107944]
R2 FFSOpzSvc;Sleep memory optimizer; C:\Program Files\Acer\Acer Instant Service\Sleep Memory Optimizer\FFSService.exe [2012-03-12 161384]
R2 GamesAppIntegrationService;GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2014-04-24 227904]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-04-20 635104]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-06-25 166720]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2012-07-17 277824]
R2 NAUpdate;Nero Update; c:\Program Files (x86)\Nero\Update\NASvc.exe [2012-07-14 769432]
R2 RfButtonDriverService;Dritek RF Button Command Service; C:\Windows\RfBtnSvc64.exe [2013-11-26 96880]
R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service; C:\Program Files (x86)\AVG PC TuneUp 2014\TuneUpUtilitiesService64.exe [2014-07-14 2253112]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-07-17 365376]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\WINDOWS\System32\svchost.exe [2013-08-22 37768]
R3 ePowerSvc;ePower Service; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2013-03-16 662088]
S2 fc67e7a0;DeltaFix; C:\WINDOWS\syswow64\rundll32.exe [2013-08-22 49664]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-11 116648]
S3 cphs;Intel(R) Content Protection HECI Service; C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe [2014-01-25 279000]
S3 DeviceFastLaneService;Device Fast-lane Service; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [2013-05-01 470056]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Endpoint Antivirus\EHttpSrv.exe [2012-07-04 35720]
S3 ESHASRV;ESET SHA Service; C:\Program Files\ESET\ESET Endpoint Antivirus\EShaSrv.exe [2012-07-04 190208]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2013-08-03 43696]
S3 GamesAppService;GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2014-08-13 203344]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-11 116648]
S3 irstrtsv;Intel(R) Rapid Start Technology Service; C:\Windows\SysWOW64\irstrtsv.exe [2012-07-19 193576]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2013-02-01 150600]
S3 USecuAppSvc;Acer Theft Shield Service; C:\Program Files\Acer\Acer Theft Shield\USecuAppSvc.exe [2012-11-12 345744]

-----------------EOF-----------------

Re: Podezření na trojana

Napsal: 16 lis 2014 15:02
od altrok
Hezky den :bye:

:arrow: Ve kterem presnem umisteni je trojan nahlasen? Dle druhu licence ESETu predpokladam, ze se jedna o pracovni PC?

Re: Podezření na trojana

Napsal: 16 lis 2014 15:30
od curepiddy
Bude to trošku složitější ta komunikace teď, musím čekat, až mi odepíše, tak se předem omlouvám :) Je to notebook, Eset už tam byl, když ho od taťky dostala (pravděpodobně původně pracovní NTB), nicméně je legální na 100%, stejně jako systém (ani v jednom případě žádné cracky, patche, aktivátory, nic). V té hlášce od Esetu stojí tohle:

Objekt: hxxp://i2.zipration.org/addons/agup.exe
infiltrace: Win32/TrojanDownloader.Agent.ACF trojský kůň

info: přerušeno spojení - uložen do karantény

Objekt: C:/Users/NTACER-1/AppData/Local/Temp/16c20/temp/BIT1B1B.tmp

Infiltrace: Win32/TrojanDownloader.Agent.ACF trojský kůň

Info: vyléčen smazáním - uložen do karantény

Různě se to ale mění, např. "Trojan.Win32.Agent.Ctoq Infected file:ZPSFacebookUploader.exe", obecně ji tam pořád skáče něco, co má koncovku .ACF (a Eset to nedokáže smazat, jen to "přemístí" do karantény, což očividně moc účinné není, protože říká, že ji jde pomalu net atd.)

Re: Podezření na trojana

Napsal: 16 lis 2014 15:36
od altrok
:arrow: Nedavejte jiz priste zivy link na droppery haveti, dekuji.

:arrow: V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose).

:arrow: Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
  • ukoncete vsechny programy
  • kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
  • kliknete na Scan, pote na Clean
  • po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner [Sx].txt), jehoz obsah mi zkopirujte do pristi odpovedi
:arrow: Ulozte na plochu zoek.exe http://hijackthis.nl/smeenk/zoek.htm
  • spustte jako spravce
  • do velkeho okna zkopirujte script uvedeny nize
  • kliknete na Run script
  • po restartu na Vas vyskoci log (pripadne jej najdete v C:\zoek-results.log) - vlozte mi jej do pristi odpovedi

    Kód: Vybrat vše

    autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;
/e za zneaktivneni tohoto linku kolegovi dekuji

Re: Podezření na trojana

Napsal: 16 lis 2014 16:05
od curepiddy
Pardon ohledně toho živého odkazu, bylo to zkopírováno přesně tak, jak to vyhodil Eset, kdo mohl tušit, že se to tady po odeslání zobrazí jako živý link. Moc se omlouvím (nevím, jak to odstranit…). Zde jsou ony logy:
AdwCleaner:
# AdwCleaner v4.101 - Report created 16/11/2014 at 15:44:50
# Updated 09/11/2014 by Xplode
# Database : 2014-11-16.1 [Live]
# Operating System : Windows 8.1 (64 bits)
# Username : NT Acer - NT
# Running from : C:\Users\NT Acer\Downloads\adwcleaner_4.101.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Pokki
Folder Deleted : C:\ProgramData\8946204686517272714
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\DeltaFix
Folder Deleted : C:\WINDOWS\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Folder Deleted : C:\Users\NT Acer\AppData\Local\Pokki
Folder Deleted : C:\Users\NT Acer\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\NT Acer\AppData\Roaming\OpenCandy

***** [ Scheduled Tasks ] *****

Task Deleted : Scheduled Update for Ask Toolbar

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Classes\pokki
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D602F9AF-6A3E-42BB-85C9-AA81BFD197A5}
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Pokki
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\AskToolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Google Chrome v38.0.2125.111


*************************

AdwCleaner[R0].txt - [7102 octets] - [16/11/2014 15:43:40]
AdwCleaner[S0].txt - [6745 octets] - [16/11/2014 15:44:50]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6805 octets] ##########

Ten druhý program:


Zoek.exe v5.0.0.0 Updated 16-November-2014
Tool run by NT Acer on ne 16. 11. 2014 at 15:50:55,32.
Microsoft Windows 8.1 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\NT Acer\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

16. 11. 2014 15:53:29 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-329716168-676599413-1959386347-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} deleted successfully
HKEY_USERS\S-1-5-21-329716168-676599413-1959386347-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\PROGRA~3\dfbgapojjdhboflcldlnakjlknkdbdbi deleted
C:\PROGRA~3\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} deleted
C:\PROGRA~2\GoSave deleted
C:\PROGRA~2\YoutubeAdBlocke deleted
C:\PROGRA~3\boost_interprocess deleted
C:\Users\Default\AppData\Local\Pokki deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Users\NT Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk deleted
"C:\Windows\Installer\56952.msi" deleted

==== Chromium Look ======================

Win by Browsing - NT Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\beapnbfmjmjhhfpaoajfhjbbfnnlfpnc

==== Chromium Fix ======================

C:\Users\NT Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\beapnbfmjmjhhfpaoajfhjbbfnnlfpnc deleted successfully
C:\Users\NT Acer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_beapnbfmjmjhhfpaoajfhjbbfnnlfpnc_0.localstorage deleted successfully
C:\Users\NT Acer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_beapnbfmjmjhhfpaoajfhjbbfnnlfpnc_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://acer13.msn.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{4FED11A9-C66E-4EAE-ADFD-206C9F7D968A}"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://acer13.msn.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IESR02"
{4FED11A9-C66E-4EAE-ADFD-206C9F7D968A} Unknown Url="Not_Found"

==== Reset Google Chrome ======================

C:\Users\NT Acer\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\NT Acer\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-329716168-676599413-1959386347-1001\Software\Microsoft\Internet Explorer\SearchScopes\{4FED11A9-C66E-4EAE-ADFD-206C9F7D968A} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\203E62EEA6789D84098513925E9B9999 deleted successfully
HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EE26E302-876A-48D9-9058-3129E5B99999} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\203E62EEA6789D84098513925E9B9999 deleted successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\NT Acer\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\NT Acer\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\NT Acer\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\NT Acer\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\NT Acer\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=967 folders=92 235300500 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\NT Acer\AppData\Local\Temp will be emptied at reboot
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\NTACER~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on ne 16. 11. 2014 at 16:03:26,52 ======================

Re: Podezření na trojana

Napsal: 16 lis 2014 16:08
od altrok
:arrow: Po kazdem provedenem kroku me informujte, zda problem pretrvava.

:arrow: Dejte novy log FRST.txt, prilozte i Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101

Re: Podezření na trojana

Napsal: 16 lis 2014 16:30
od curepiddy
První log (FRST.txt)

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-11-2014 02
Ran by NT Acer (administrator) on NT on 16-11-2014 16:24:19
Running from C:\Users\NT Acer\Desktop
Loaded Profile: NT Acer (Available profiles: NT Acer)
Platform: Windows 8.1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe
(Condusiv Technologies) C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Greatis Software) C:\Program Files (x86)\UnHackMe\hackmon.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Instant Service\Sleep Memory Optimizer\FFSService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(AVG) C:\Program Files (x86)\AVG PC TuneUp 2014\TuneUpUtilitiesService64.exe
(AVG) C:\Program Files (x86)\AVG PC TuneUp 2014\TuneUpUtilitiesApp64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe
(ZONER software) C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTray.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\RadioController\RfBtnHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17044_x64__8wekyb3d8bbwe\glcnd.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Theft Shield\USecuAppClient.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\NT Acer\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2876816 2013-03-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13267016 2013-01-29] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1276488 2013-01-18] (Realtek Semiconductor)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe [4133072 2012-07-04] (ESET)
HKLM\...\Run: [OSHI Defender] => C:\Program Files\OSHI\Defender\oshidfui.exe [5406704 2014-04-09] (Aveas Limited)
HKLM-x32\...\Run: [RadioController] => C:\Program Files (x86)\RadioController\RfBtnHelper.exe [111216 2013-11-26] (Dritek System Inc.)
HKLM-x32\...\Run: [TrojanScanner] => C:\Program Files (x86)\Trojan Remover\Trjscan.exe [1666432 2014-05-22] (Simply Super Software)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [131712 2013-01-25] ( (Qualcomm Atheros Commnucations))
HKU\S-1-5-21-329716168-676599413-1959386347-1001\...\Run: [Zoner Photo Studio Autoupdate] => C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTRAY.EXE [752736 2012-10-18] (ZONER software)
HKU\S-1-5-21-329716168-676599413-1959386347-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [457728 2014-03-18] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-329716168-676599413-1959386347-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer13.msn.com
HKU\S-1-5-21-329716168-676599413-1959386347-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com
SearchScopes: HKLM - DefaultScope {4FED11A9-C66E-4EAE-ADFD-206C9F7D968A} URL =
SearchScopes: HKLM-x32 - DefaultScope {4FED11A9-C66E-4EAE-ADFD-206C9F7D968A} URL =
SearchScopes: HKCU - DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{C9868DCD-087E-41F5-86BE-22CA40150ACE}: [NameServer] 204.27.56.122,204.27.56.123,10.0.0.138

FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Endpoint Antivirus\Mozilla Thunderbird
FF Extension: ESET Endpoint Security Extension - C:\Program Files\ESET\ESET Endpoint Antivirus\Mozilla Thunderbird [2014-03-19]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\NT Acer\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\NT Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-16]
CHR Extension: (Docs) - C:\Users\NT Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-16]
CHR Extension: (Disk Google) - C:\Users\NT Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-11]
CHR Extension: (YouTube) - C:\Users\NT Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-11]
CHR Extension: (Vyhledávání Google) - C:\Users\NT Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-11]
CHR Extension: (Tabulky Google) - C:\Users\NT Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-16]
CHR Extension: (Gmail) - C:\Users\NT Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [227456 2013-01-25] (Qualcomm Atheros Commnucations)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-27] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [470056 2013-05-01] (Acer Incorporated)
S3 EhttpSrv; C:\Program Files\ESET\ESET Endpoint Antivirus\EHttpSrv.exe [35720 2012-07-04] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe [999704 2012-07-04] (ESET)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-16] (Acer Incorporated)
S3 ESHASRV; C:\Program Files\ESET\ESET Endpoint Antivirus\EShaSrv.exe [190208 2012-07-04] (ESET)
R2 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [107944 2013-01-08] (Condusiv Technologies)
R2 FFSOpzSvc; C:\Program Files\Acer\Acer Instant Service\Sleep Memory Optimizer\FFSService.exe [161384 2012-03-12] (Acer Incorporated)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
S3 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-19] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [96880 2013-11-26] (Dritek System INC.)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG PC TuneUp 2014\TuneUpUtilitiesService64.exe [2253112 2014-07-14] (AVG)
S3 USecuAppSvc; C:\Program Files\Acer\Acer Theft Shield\USecuAppSvc.exe [345744 2012-11-12] (Acer Incorporated)
R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [42808 2014-07-14] (AVG)
R2 UxTuneUp; C:\Windows\SysWOW64\uxtuneup.dll [35640 2014-07-14] (AVG)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S2 fc67e7a0; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\DeltaFix\DeltaFix.dll",serv

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-25] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2012-07-10] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [179920 2012-07-10] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [152136 2012-03-29] (ESET)
R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [140752 2012-03-29] (ESET)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [26024 2013-01-08] (Condusiv Technologies)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [112552 2013-01-08] (Condusiv Technologies)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-20] (Intel Corporation)
U0 Partizan; C:\Windows\SysWOW64\drivers\Partizan.sys [35816 2014-11-16] (Greatis Software)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2013-11-26] (Dritek System Inc.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG PC TuneUp 2014\TuneUpUtilitiesDriver64.sys [14112 2013-09-18] (TuneUp Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-16 16:24 - 2014-11-16 16:24 - 00014696 _____ () C:\Users\NT Acer\Desktop\FRST.txt
2014-11-16 16:22 - 2014-11-16 16:24 - 00000000 ____D () C:\FRST
2014-11-16 16:17 - 2014-11-16 16:17 - 00112640 _____ (forum.viry.cz) C:\Users\NT Acer\Desktop\FRSTLauncher.exe
2014-11-16 16:16 - 2014-11-16 16:16 - 00112640 _____ (forum.viry.cz) C:\Users\NT Acer\Downloads\Nepotvrzeno 722942.crdownload
2014-11-16 16:14 - 2014-11-16 16:14 - 00112640 _____ (forum.viry.cz) C:\Users\NT Acer\Downloads\Nepotvrzeno 918337.crdownload
2014-11-16 16:12 - 2014-11-16 16:12 - 02117120 _____ (Farbar) C:\Users\NT Acer\Desktop\FRST64.exe
2014-11-16 16:03 - 2014-11-16 16:03 - 00007615 _____ () C:\Users\NT Acer\Desktop\zoek-results.txt
2014-11-16 16:01 - 2014-11-16 15:50 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2014-11-16 15:53 - 2014-11-16 16:03 - 00007615 _____ () C:\zoek-results.log
2014-11-16 15:50 - 2014-11-16 16:00 - 00000000 ____D () C:\zoek_backup
2014-11-16 15:49 - 2014-11-16 15:49 - 01294848 _____ () C:\Users\NT Acer\Downloads\zoek.exe
2014-11-16 15:47 - 2014-11-16 15:47 - 00006985 _____ () C:\Users\NT Acer\Desktop\AdwCleaner[S0].txt
2014-11-16 15:43 - 2014-11-16 15:44 - 00000000 ____D () C:\AdwCleaner
2014-11-16 15:38 - 2014-11-16 15:38 - 02140160 _____ () C:\Users\NT Acer\Downloads\adwcleaner_4.101.exe
2014-11-16 14:54 - 2014-11-16 14:54 - 00054358 _____ () C:\Users\NT Acer\Desktop\soubor corrected.txt
2014-11-16 14:53 - 2014-11-16 14:53 - 01222144 _____ () C:\Users\NT Acer\Downloads\RSITx64 (1).exe
2014-11-16 14:24 - 2014-11-16 14:24 - 00021263 _____ () C:\Users\NT Acer\Downloads\soubor.txt
2014-11-16 14:24 - 2014-11-16 14:24 - 00021263 _____ () C:\Users\NT Acer\Desktop\soubor.txt
2014-11-16 14:17 - 2014-11-16 14:53 - 00000000 ____D () C:\Program Files\trend micro
2014-11-16 14:17 - 2014-11-16 14:17 - 00000000 ____D () C:\rsit
2014-11-16 14:16 - 2014-11-16 14:16 - 01222144 _____ () C:\Users\NT Acer\Downloads\RSITx64.exe
2014-11-16 11:32 - 2014-11-16 11:32 - 00002006 _____ () C:\Users\Public\Desktop\OSHI Defender.lnk
2014-11-16 11:32 - 2014-11-16 11:32 - 00000000 ____D () C:\WINDOWS\System32\Tasks\OSHI
2014-11-16 11:32 - 2014-11-16 11:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OSHI Defender
2014-11-16 11:32 - 2014-11-16 11:32 - 00000000 ____D () C:\Program Files\OSHI
2014-11-16 11:31 - 2014-11-16 11:31 - 04803568 _____ (Aveas Limited) C:\Users\NT Acer\Downloads\WebInstaller (3).exe
2014-11-16 11:30 - 2014-11-16 11:30 - 04803568 _____ (Aveas Limited) C:\Users\NT Acer\Downloads\WebInstaller (2).exe
2014-11-16 11:26 - 2014-11-16 11:26 - 04803568 _____ (Aveas Limited) C:\Users\NT Acer\Downloads\WebInstaller (1).exe
2014-11-16 11:24 - 2014-11-16 11:24 - 04803568 _____ (Aveas Limited) C:\Users\NT Acer\Downloads\WebInstaller.exe
2014-11-16 11:03 - 2014-11-16 15:46 - 00000969 _____ () C:\Users\NT Acer\Desktop\Reanimator.lnk
2014-11-16 11:03 - 2014-11-16 15:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reanimator
2014-11-16 11:02 - 2014-11-16 16:03 - 00000000 ____D () C:\Program Files (x86)\UnHackMe
2014-11-16 11:02 - 2014-11-16 15:46 - 00000002 RSHOT () C:\WINDOWS\winstart.bat
2014-11-16 11:02 - 2014-11-16 15:46 - 00000002 RSHOT () C:\WINDOWS\SysWOW64\CONFIG.NT
2014-11-16 11:02 - 2014-11-16 15:46 - 00000002 RSHOT () C:\WINDOWS\SysWOW64\AUTOEXEC.NT
2014-11-16 11:02 - 2014-11-16 11:04 - 00000000 ____D () C:\Users\NT Acer\Documents\RegRun2
2014-11-16 11:02 - 2014-11-16 11:02 - 00035816 _____ (Greatis Software) C:\WINDOWS\SysWOW64\Drivers\Partizan.sys
2014-11-16 11:02 - 2014-11-16 11:02 - 00003316 _____ () C:\WINDOWS\System32\Tasks\UnHackMe Task Scheduler
2014-11-16 11:02 - 2014-11-16 11:02 - 00001023 _____ () C:\Users\NT Acer\Desktop\UnHackMe.lnk
2014-11-16 11:02 - 2014-11-16 11:02 - 00000000 ____D () C:\Users\Public\Documents\regruninfo
2014-11-16 11:02 - 2014-11-16 11:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
2014-11-16 11:02 - 2014-06-30 16:45 - 00012800 _____ (Greatis Software, LLC.) C:\WINDOWS\SysWOW64\Drivers\UnHackMeDrv.sys
2014-11-16 11:01 - 2014-11-16 11:01 - 15790435 _____ () C:\Users\NT Acer\Downloads\unhackme.zip
2014-11-15 14:51 - 2014-11-15 14:53 - 47272611 _____ (spydig.com, Inc. ) C:\Users\NT Acer\Desktop\Spydig_Setup.exe
2014-11-15 12:51 - 2014-11-15 12:51 - 00000046 _____ () C:\AUTOEXEC.BAT
2014-11-15 12:50 - 2014-11-16 15:39 - 00000000 ____D () C:\SRN Micro
2014-11-15 12:50 - 2014-11-15 12:50 - 00000599 _____ () C:\Users\NT Acer\Desktop\Solo Antivirus Scanner.lnk
2014-11-15 12:50 - 2014-11-15 12:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Solo Antivirus
2014-11-15 12:29 - 2014-11-15 12:29 - 00000000 ____D () C:\ProgramData\OSHI
2014-11-15 11:24 - 2014-11-15 11:24 - 00001125 _____ () C:\Users\Public\Desktop\Trojan Remover.lnk
2014-11-15 11:21 - 2014-11-15 11:21 - 00000000 ____D () C:\Users\NT Acer\Documents\Simply Super Software
2014-11-15 11:21 - 2014-11-15 11:21 - 00000000 ____D () C:\ProgramData\Licenses
2014-11-15 11:20 - 2014-11-15 11:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2014-11-15 11:20 - 2014-11-15 11:24 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover
2014-11-15 11:20 - 2014-11-15 11:20 - 00000000 ____D () C:\ProgramData\Simply Super Software
2014-11-12 07:49 - 2014-10-10 02:58 - 00177472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2014-11-12 07:49 - 2014-10-10 02:58 - 00027456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2014-11-12 07:49 - 2014-10-10 02:44 - 00563976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-11-12 07:49 - 2014-10-08 08:37 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-11-12 07:49 - 2014-10-08 08:37 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2014-11-12 07:49 - 2014-10-08 08:34 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2014-11-12 07:49 - 2014-10-08 08:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll
2014-11-12 07:49 - 2014-10-08 07:56 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-11-12 07:49 - 2014-10-08 07:51 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-11-12 07:49 - 2014-10-08 07:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2014-11-12 07:49 - 2014-10-08 07:18 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-11-12 07:49 - 2014-10-08 07:17 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-11-12 07:49 - 2014-10-08 06:23 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2014-11-12 07:49 - 2014-09-27 08:13 - 00104336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2014-11-12 07:49 - 2014-09-27 06:24 - 00088800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2014-11-12 07:49 - 2014-09-27 04:38 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2014-11-12 07:49 - 2014-09-27 04:30 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2014-11-12 07:49 - 2014-09-27 04:17 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2014-11-12 07:47 - 2014-10-18 07:38 - 03557376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-11-12 07:47 - 2014-10-18 07:21 - 00894976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-11-12 07:47 - 2014-10-18 07:20 - 01714176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-11-12 07:47 - 2014-10-18 07:11 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-11-12 07:47 - 2014-10-17 08:01 - 00789184 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2014-11-12 07:47 - 2014-10-17 07:58 - 00602768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2014-11-12 07:47 - 2014-10-13 03:33 - 00116032 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2014-11-12 07:47 - 2014-10-11 01:58 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-11-12 07:47 - 2014-10-11 01:53 - 03607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-11-12 07:47 - 2014-10-08 08:30 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2014-11-12 07:47 - 2014-10-08 08:09 - 00428032 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2014-11-12 07:47 - 2014-10-08 07:27 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
2014-11-12 07:47 - 2014-10-08 06:32 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-11-12 07:47 - 2014-10-08 06:19 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-11-12 07:46 - 2014-10-18 10:55 - 00055776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-11-12 07:46 - 2014-10-18 09:09 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-11-12 07:46 - 2014-10-18 09:09 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2014-11-12 07:46 - 2014-10-18 08:25 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-11-12 07:46 - 2014-10-18 07:50 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2014-11-12 07:46 - 2014-10-18 07:27 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-11-12 07:46 - 2014-10-18 07:26 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-11-12 07:46 - 2014-10-18 07:23 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-11-12 07:46 - 2014-10-18 07:23 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-11-12 07:46 - 2014-10-18 07:14 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-11-12 07:46 - 2014-10-18 07:14 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-11-12 07:46 - 2014-10-18 07:12 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-11-12 07:45 - 2014-09-22 05:38 - 01519488 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2014-11-12 07:45 - 2014-09-22 04:06 - 00258368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-11-12 07:45 - 2014-09-22 04:06 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-11-12 07:45 - 2014-09-22 03:49 - 00035320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-11-12 07:45 - 2014-09-19 01:16 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2014-11-12 07:45 - 2014-09-02 23:08 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2014-11-12 07:45 - 2014-09-02 23:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2014-11-12 07:44 - 2014-10-31 06:28 - 25110016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-11-12 07:44 - 2014-10-31 04:59 - 14390272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-11-12 07:44 - 2014-10-31 04:42 - 19781632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-11-12 07:43 - 2014-10-31 06:12 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wextract.exe
2014-11-12 07:43 - 2014-10-31 06:12 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshta.exe
2014-11-12 07:43 - 2014-10-31 06:10 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iexpress.exe
2014-11-12 07:43 - 2014-10-31 06:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pngfilt.dll
2014-11-12 07:43 - 2014-10-31 06:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe
2014-11-12 07:43 - 2014-10-31 06:06 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-11-12 07:43 - 2014-10-31 06:06 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2014-11-12 07:43 - 2014-10-31 06:06 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-11-12 07:43 - 2014-10-31 06:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-11-12 07:43 - 2014-10-31 06:05 - 02884096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-11-12 07:43 - 2014-10-31 06:05 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-11-12 07:43 - 2014-10-31 06:04 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-11-12 07:43 - 2014-10-31 05:57 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-11-12 07:43 - 2014-10-31 05:56 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-11-12 07:43 - 2014-10-31 05:54 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\IEAdvpack.dll
2014-11-12 07:43 - 2014-10-31 05:53 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2014-11-12 07:43 - 2014-10-31 05:52 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2014-11-12 07:43 - 2014-10-31 05:51 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-11-12 07:43 - 2014-10-31 05:51 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-11-12 07:43 - 2014-10-31 05:51 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-11-12 07:43 - 2014-10-31 05:50 - 06040064 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-11-12 07:43 - 2014-10-31 05:50 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-11-12 07:43 - 2014-10-31 05:40 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2014-11-12 07:43 - 2014-10-31 05:38 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-11-12 07:43 - 2014-10-31 05:30 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-11-12 07:43 - 2014-10-31 05:29 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2014-11-12 07:43 - 2014-10-31 05:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2014-11-12 07:43 - 2014-10-31 05:28 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2014-11-12 07:43 - 2014-10-31 05:25 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-11-12 07:43 - 2014-10-31 05:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-11-12 07:43 - 2014-10-31 05:24 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2014-11-12 07:43 - 2014-10-31 05:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-11-12 07:43 - 2014-10-31 05:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-11-12 07:43 - 2014-10-31 05:19 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2014-11-12 07:43 - 2014-10-31 05:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-11-12 07:43 - 2014-10-31 05:08 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-11-12 07:43 - 2014-10-31 05:06 - 00372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-11-12 07:43 - 2014-10-31 05:05 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-11-12 07:43 - 2014-10-31 05:05 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-11-12 07:43 - 2014-10-31 05:03 - 02124288 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-11-12 07:43 - 2014-10-31 04:45 - 02365440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-11-12 07:43 - 2014-10-31 04:44 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-11-12 07:43 - 2014-10-31 04:42 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\imgutil.dll
2014-11-12 07:43 - 2014-10-31 04:32 - 01550336 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-11-12 07:43 - 2014-10-31 04:28 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wextract.exe
2014-11-12 07:43 - 2014-10-31 04:28 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshta.exe
2014-11-12 07:43 - 2014-10-31 04:27 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iexpress.exe
2014-11-12 07:43 - 2014-10-31 04:26 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pngfilt.dll
2014-11-12 07:43 - 2014-10-31 04:25 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedssync.exe
2014-11-12 07:43 - 2014-10-31 04:24 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-11-12 07:43 - 2014-10-31 04:24 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\url.dll
2014-11-12 07:43 - 2014-10-31 04:24 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-11-12 07:43 - 2014-10-31 04:23 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-11-12 07:43 - 2014-10-31 04:23 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-11-12 07:43 - 2014-10-31 04:22 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-11-12 07:43 - 2014-10-31 04:20 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-11-12 07:43 - 2014-10-31 04:18 - 02277376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-11-12 07:43 - 2014-10-31 04:16 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-11-12 07:43 - 2014-10-31 04:15 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-11-12 07:43 - 2014-10-31 04:14 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IEAdvpack.dll
2014-11-12 07:43 - 2014-10-31 04:13 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2014-11-12 07:43 - 2014-10-31 04:13 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2014-11-12 07:43 - 2014-10-31 04:12 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-11-12 07:43 - 2014-10-31 04:12 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-11-12 07:43 - 2014-10-31 04:11 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-11-12 07:43 - 2014-10-31 04:03 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licmgr10.dll
2014-11-12 07:43 - 2014-10-31 04:02 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-11-12 07:43 - 2014-10-31 03:57 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 07:43 - 2014-10-31 03:56 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inseng.dll
2014-11-12 07:43 - 2014-10-31 03:56 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2014-11-12 07:43 - 2014-10-31 03:56 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2014-11-12 07:43 - 2014-10-31 03:53 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-11-12 07:43 - 2014-10-31 03:53 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedsbs.dll
2014-11-12 07:43 - 2014-10-31 03:52 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-11-12 07:43 - 2014-10-31 03:51 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-11-12 07:43 - 2014-10-31 03:50 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-11-12 07:43 - 2014-10-31 03:48 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\occache.dll
2014-11-12 07:43 - 2014-10-31 03:46 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-11-12 07:43 - 2014-10-31 03:46 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-11-12 07:43 - 2014-10-31 03:42 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-11-12 07:43 - 2014-10-31 03:40 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-11-12 07:43 - 2014-10-31 03:40 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-11-12 07:43 - 2014-10-31 03:39 - 02051072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-11-12 07:43 - 2014-10-31 03:30 - 12819456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-11-12 07:43 - 2014-10-31 03:26 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-11-12 07:43 - 2014-10-31 03:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imgutil.dll
2014-11-12 07:43 - 2014-10-31 03:17 - 01892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-11-12 07:43 - 2014-10-31 03:13 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-11-12 07:43 - 2014-10-31 03:11 - 00708096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-11-12 07:42 - 2014-10-23 06:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2014-11-12 07:42 - 2014-10-23 06:05 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
2014-11-12 07:42 - 2014-10-07 07:28 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2014-11-12 07:42 - 2014-10-07 07:27 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2014-11-12 07:42 - 2014-10-07 07:27 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2014-11-12 07:42 - 2014-10-07 07:27 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2014-11-12 07:42 - 2014-10-07 07:27 - 00108432 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2014-11-12 07:42 - 2014-10-07 04:34 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2014-11-12 07:42 - 2014-10-07 04:34 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2014-11-12 07:42 - 2014-10-07 04:33 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2014-11-12 07:42 - 2014-10-07 04:30 - 04182016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-11-12 07:42 - 2014-10-07 02:54 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2014-11-12 07:42 - 2014-10-07 02:46 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-11-12 07:42 - 2014-08-23 06:18 - 02149376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2014-11-12 07:42 - 2014-08-23 06:03 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2014-11-12 07:41 - 2014-09-10 07:25 - 00474432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2014-11-12 07:41 - 2014-09-08 04:07 - 02497344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-11-12 07:41 - 2014-09-08 04:07 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-11-12 07:41 - 2014-09-07 23:08 - 00389176 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-11-12 07:41 - 2014-09-04 23:30 - 00822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2014-11-12 07:41 - 2014-09-04 23:21 - 01053184 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-11-12 07:41 - 2014-09-04 04:05 - 00836176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2014-11-12 07:41 - 2014-09-04 03:22 - 00670384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2014-11-12 07:41 - 2014-09-04 02:01 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2014-11-12 07:41 - 2014-09-04 01:32 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2014-11-12 07:41 - 2014-08-31 01:17 - 00148800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2014-11-12 07:41 - 2014-08-31 01:15 - 21197152 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-11-12 07:41 - 2014-08-30 23:59 - 18723112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-11-12 07:41 - 2014-08-30 23:05 - 00615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSCOMEX.dll
2014-11-12 07:41 - 2014-08-30 22:58 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSAPI.dll
2014-11-12 07:41 - 2014-08-30 22:04 - 00941568 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2014-11-12 07:41 - 2014-08-30 21:53 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSAPI.dll
2014-11-12 07:41 - 2014-08-30 21:17 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2014-11-12 07:41 - 2014-08-28 03:55 - 07484224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-11-12 07:41 - 2014-08-28 01:21 - 02480128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2014-11-12 07:41 - 2014-08-28 01:06 - 02030592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2014-11-12 07:41 - 2014-08-23 06:14 - 13424128 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-11-12 07:41 - 2014-08-23 06:04 - 11820544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-11-12 07:41 - 2014-08-23 05:50 - 02714112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2014-11-12 07:41 - 2014-08-02 01:51 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2014-11-12 07:41 - 2014-08-02 01:35 - 00485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2014-11-11 13:04 - 2014-11-11 21:36 - 00000000 ____D () C:\Users\NT Acer\Desktop\tlumočnictví fotky
2014-11-08 10:57 - 2014-11-08 10:57 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2014-11-08 10:57 - 2014-11-08 10:57 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-16 16:14 - 2014-07-02 17:28 - 00004958 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for NT-NT Acer NT
2014-11-16 16:08 - 2014-03-19 12:41 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-329716168-676599413-1959386347-1001
2014-11-16 16:07 - 2014-03-18 16:33 - 01745984 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-11-16 16:07 - 2014-03-18 15:54 - 00739924 _____ () C:\WINDOWS\system32\perfh005.dat
2014-11-16 16:07 - 2014-03-18 15:54 - 00151610 _____ () C:\WINDOWS\system32\perfc005.dat
2014-11-16 16:03 - 2014-04-19 12:24 - 00000000 ___DO () C:\Users\NT Acer\OneDrive
2014-11-16 16:03 - 2014-04-11 10:29 - 00000962 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-16 16:02 - 2014-04-18 14:47 - 01564276 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-16 16:02 - 2014-03-18 08:20 - 00015338 _____ () C:\WINDOWS\PFRO.log
2014-11-16 16:02 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-16 16:02 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-11-16 16:01 - 2014-04-11 10:29 - 00000966 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-16 16:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-11-16 15:09 - 2014-03-19 12:25 - 00000000 ____D () C:\Users\NT Acer\AppData\Local\Packages
2014-11-16 15:07 - 2014-04-18 15:57 - 00000000 ____D () C:\Users\NT Acer\AppData\Local\Deployment
2014-11-16 14:54 - 2014-04-06 20:10 - 01970688 ___SH () C:\Users\NT Acer\Desktop\Thumbs.db
2014-11-16 11:08 - 2013-03-12 06:57 - 00000000 ____D () C:\ProgramData\Temp
2014-11-16 10:52 - 2014-04-27 17:29 - 00003954 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{9580FCD8-9136-41F8-9840-D2E4B35088E7}
2014-11-16 10:51 - 2014-04-15 17:50 - 00287232 ___SH () C:\Users\NT Acer\Downloads\Thumbs.db
2014-11-16 10:51 - 2014-03-19 16:50 - 00000000 ____D () C:\Users\NT Acer\Desktop\filmy
2014-11-15 13:45 - 2014-03-19 12:26 - 00000000 ____D () C:\Users\NT Acer\AppData\Local\VirtualStore
2014-11-15 09:51 - 2014-03-19 12:49 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-11-14 19:50 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-11-13 06:18 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-11-13 05:56 - 2014-04-11 10:29 - 00003938 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-13 05:56 - 2014-04-11 10:29 - 00003702 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-12 18:58 - 2013-08-22 15:44 - 00372488 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-11-12 09:35 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-11-12 09:35 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-11-12 09:35 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-12 09:35 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-12 09:35 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-11-12 09:35 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-11-12 07:59 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-11-12 07:58 - 2014-04-07 20:08 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-11-12 07:56 - 2014-04-07 20:08 - 103374192 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-11-11 21:36 - 2014-09-07 18:23 - 00019456 ____H () C:\Users\NT Acer\Desktop\photothumb.db
2014-11-08 10:57 - 2014-09-07 18:23 - 00002062 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2014-11-08 10:57 - 2014-09-07 18:23 - 00002060 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2014-11-08 10:57 - 2014-09-07 18:23 - 00002050 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2014-11-08 10:57 - 2014-09-07 18:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-10-30 01:55 - 2013-08-22 16:38 - 00714208 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-10-30 01:55 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-29 21:45 - 2013-08-22 15:46 - 00297104 _____ () C:\WINDOWS\setupact.log
2014-10-26 19:59 - 2014-09-08 08:58 - 00000000 ____D () C:\Users\NT Acer\Desktop\Fotky

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-15 14:37




===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: (Acer) (Fixed) (Total:446.61 GB) (Free:361.97 GB) NTFS

Available physical RAM: 1640.72 MB
Total physical RAM: 3911.27 MB
Percentage of memory in use: 58%

==================== MBR and Partition Table ==================

Disk: 0 (Size: 465.8 GB) (Disk ID: 059A1314)
Disk: 1 (Size: 22.4 GB) (Disk ID: 3C34AF41)

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\ProgramData\Temp:CB0AACC9
AlternateDataStreams: C:\Users\NT Acer\OneDrive:ms-properties

==================== Security Center ==================

AV: ESET Endpoint Antivirus 5.0 (Enabled - Up to date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Endpoint Antivirus 5.0 (Enabled - Up to date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\NT Acer\Desktop" je 41158 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Druhý (Addition.txt)

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-11-2014 02
Ran by NT Acer at 2014-11-16 16:24:41
Running from C:\Users\NT Acer\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Endpoint Antivirus 5.0 (Enabled - Up to date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Endpoint Antivirus 5.0 (Enabled - Up to date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

clear.fi SDK - Video 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3013 - Acer Incorporated)
Acer Games (HKU\S-1-5-21-329716168-676599413-1959386347-1001\...\Pokki_03d432a7e610c3e908213e7689d4342ce2111caf) (Version: 1.1.7.42206 - Pokki)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3013 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated)
Acer Theft Shield (HKLM\...\{8ADB0CD2-4E5A-452F-BB3B-3A2984CAC749}) (Version: 1.01.3006 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.01.2008 - Acer Incorporated)
AcerCloud Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.02.2022 - Acer Incorporated)
AVG PC TuneUp 2014 (cs-CZ) (x32 Version: 14.0.1001.519 - AVG) Hidden
AVG PC TuneUp 2014 (HKLM-x32\...\AVG PC TuneUp) (Version: 14.0.1001.519 - AVG)
AVG PC TuneUp 2014 (x32 Version: 14.0.1001.519 - AVG) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.02.2012 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.02.2016 - Acer Incorporated)
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
ESET Endpoint Antivirus (HKLM\...\{5027F4BD-2B2A-4E4A-9758-785EE6EF6423}) (Version: 5.0.2126.11 - ESET, spol. s r.o.)
ETDWare PS/2-X64 11.6.20.203_WHQL (HKLM\...\Elantech) (Version: 11.6.20.203 - ELAN Microelectronic Corp.)
ExpressCache (HKLM\...\{C123584F-9C84-45E8-AE5F-522328BB79A0}) (Version: 1.0.100.0 - Condusiv Technologies)
Free RAR Extract Frog (HKLM-x32\...\Free RAR Extract Frog) (Version: 3.20 - Philipp Winterberg)
Game Channels (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 8.1.0.17 - WildTangent, Inc.)
Game Channels (HKLM-x32\...\WildTangentGameProvider-acer-main) (Version: 8.1.0.17 - WildTangent, Inc.)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.62.5209 - Gretech Corporation)
Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3006 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel(R) Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.12 - Acer Inc.)
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Microsoft Office 2013 pro podnikatele - cs-cz (HKLM\...\HomeBusinessRetail - cs-cz) (Version: 15.0.4667.1002 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-329716168-676599413-1959386347-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2008 - Acer)
Office Addin 2003 (HKLM-x32\...\{1FCC073B-CC01-4443-AD20-E559F66E6E83}) (Version: 2.02.2008 - Acer)
OSHI Defender (HKLM\...\{CAB89D3D-F28C-4C0D-9F63-710AF1C13514}) (Version: 1.3.172 - Aveas Limited)
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.220 - Qualcomm Atheros Communications)
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.39 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6833 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
RegRun Reanimator (HKLM-x32\...\Greatis Reanimator_is1) (Version: - Greatis Software, LLC.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Sleep Memory Optimizer (HKLM\...\{BF63C2C3-9A5B-4366-AA5F-015292B919F0}) (Version: 1.01.3000 - Acer Incorporated)
Smart Timer (HKLM-x32\...\{89DB52FC-EA72-468F-A0C7-150AF8B7AB74}) (Version: 1.00.3007 - Acer Incorporated)
Solo Antivirus 14.0 (HKLM-x32\...\SoloAV_is1) (Version: - SRN Micro Systems)
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Trojan Remover 6.9.1 (HKLM-x32\...\Trojan Remover_is1) (Version: 6.9.1 - Simply Super Software)
UnHackMe 7.20 release (HKLM-x32\...\UnHackMe_is1) (Version: - Greatis Software, LLC.)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.11.14 - WildTangent) Hidden
Zoner Photo Studio 15 (HKLM\...\ZonerPhotoStudio15_CZ_is1) (Version: 15.0.1.3 - ZONER software)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-329716168-676599413-1959386347-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\NT Acer\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329716168-676599413-1959386347-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\NT Acer\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329716168-676599413-1959386347-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\NT Acer\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329716168-676599413-1959386347-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\NT Acer\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

05-11-2014 06:35:04 Naplánovaný kontrolní bod
12-11-2014 06:54:37 Windows Update
15-11-2014 11:28:44 Installed OSHI Defender
16-11-2014 14:53:20 zoek.exe restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2014-11-16 15:53 - 00000753 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {06590508-945F-4B2F-9550-315CFFDB2E22} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-10-07] (Microsoft Corporation)
Task: {11CCD222-D3CE-4A15-9539-7421DB819F76} - System32\Tasks\Microsoft Office 15 Sync Maintenance for NT-NT Acer NT => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-09-23] (Microsoft Corporation)
Task: {1C5123DF-7AA7-405F-A400-DF44BBD65B10} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-03-13] ()
Task: {1C5363FA-8DE1-4221-AC4C-5A61123768FB} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-03-16] (Acer Incorporated)
Task: {2467AABB-2D76-4F50-9705-63A74F5882E4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-11-12] (Microsoft Corporation)
Task: {2A07DF55-1ADD-4E18-90DE-802083F37F7D} - System32\Tasks\Smart Timer Task Scheduler => C:\Program Files\Smart Timer\Smart_Timer.exe [2012-06-22] (Acer Incorporated)
Task: {53000D5F-47BD-4EB9-9704-7EB376846734} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-11] (Google Inc.)
Task: {6DCA1596-B44A-4511-A43D-C2FB7324E348} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {74E79D05-6862-4BB4-9EA3-52B715683B21} - System32\Tasks\Theft Shield\AcerTheftShieldTask => C:\Program Files\Acer\Acer Theft Shield\USecuAppLauncher.exe [2012-11-12] (Acer Incorporated)
Task: {87CAEF21-5797-4A17-B139-3CEF4E915AC1} - System32\Tasks\OSHI\Defender\Anti-winlock => C:\Program Files\OSHI\Defender\oshidfui.exe [2014-04-09] (Aveas Limited)
Task: {896D0440-5CA0-43F7-A379-4398B1039F02} - System32\Tasks\OSHI\Defender\Daily Full Scan => C:\Program Files\OSHI\Defender\oshidfui.exe [2014-04-09] (Aveas Limited)
Task: {B352708E-309A-4E7C-A14E-6CDC0E5AA8E4} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2013-01-24] (Acer Incorporated)
Task: {B4284FDB-0332-4A6D-9B07-ADD49DF5090E} - System32\Tasks\UnHackMe Task Scheduler => C:\Program Files (x86)\UnHackMe\hackmon.exe [2014-06-30] (Greatis Software)
Task: {BF04C3B1-7CB8-4199-9C36-E21105D78F19} - System32\Tasks\Dolby Selector => C:\Dolby PCEE4\pcee4.exe [2012-09-01] (Dolby Laboratories Inc.)
Task: {CE23A35D-FFDD-4D24-914B-D00E57064C44} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG PC TuneUp 2014\OneClick.exe [2014-07-14] (AVG)
Task: {D52E0E9A-2582-4398-BDEF-28C49742D438} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-11] (Google Inc.)
Task: {EC1204CE-23A7-4EC0-967C-C4C623443BBC} - System32\Tasks\OSHI\Launch Defender => C:\Program Files\OSHI\Defender\oshidfui.exe [2014-04-09] (Aveas Limited)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-04-06 15:42 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-07-14 11:26 - 2014-07-14 11:26 - 00699704 _____ () C:\Program Files (x86)\AVG PC TuneUp 2014\avgrepliba.dll
2014-07-14 11:26 - 2014-07-14 11:26 - 00407864 _____ () C:\Program Files (x86)\AVG PC TuneUp 2014\tuavga.dll
2013-01-25 09:09 - 2013-01-25 09:09 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-01-25 09:05 - 2013-01-25 09:05 - 00084992 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2014-01-25 01:22 - 2014-01-25 01:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-01-25 09:12 - 2013-01-25 09:12 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2014-11-16 16:22 - 2014-11-16 16:22 - 00029696 _____ () C:\Users\NT Acer\AppData\Local\MSGBOX.EXE
2013-11-26 23:57 - 2013-02-21 07:58 - 00089672 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll
2014-10-29 11:57 - 2014-10-22 05:04 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
2014-10-29 11:57 - 2014-10-22 05:04 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libegl.dll
2014-10-29 11:57 - 2014-10-22 05:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-10-29 11:57 - 2014-10-22 05:04 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
2014-10-29 11:57 - 2014-10-22 05:05 - 14902600 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll
2013-03-12 06:46 - 2012-06-25 18:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:CB0AACC9
AlternateDataStreams: C:\Users\NT Acer\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "OSHI Defender"
HKLM\...\StartupApproved\Run32: => "LManager"

========================= Accounts: ==========================

Administrator (S-1-5-21-329716168-676599413-1959386347-500 - Administrator - Disabled)
Guest (S-1-5-21-329716168-676599413-1959386347-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-329716168-676599413-1959386347-1005 - Limited - Enabled)
NT Acer (S-1-5-21-329716168-676599413-1959386347-1001 - Administrator - Enabled) => C:\Users\NT Acer

==================== Faulty Device Manager Devices =============

Name: Bluetooth Audio Device
Description: Bluetooth Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_A2DP
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Virtual Bluetooth Support (Include Audio)
Description: Virtual Bluetooth Support (Include Audio)
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: AthBTPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Bluetooth LWFLT Device
Description: Bluetooth LWFLT Device
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_LWFLT
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (11/16/2014 01:09:19 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: Generování kontextu aktivace pro asmv2:clrClassInvocation1 se nezdařilo. Chyba v souboru manifestu nebo zásady asmv2:clrClassInvocation2 na řádku asmv2:clrClassInvocation3.
Prvek asmv2:clrClassInvocation je zřejmě podřízeným prvku urn:schemas-microsoft-com:asm.v1^entryPoint, což tato verze systému Windows nepodporuje.

Error: (11/16/2014 01:09:19 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: Generování kontextu aktivace pro asmv2:clrClassInvocation1 se nezdařilo. Chyba v souboru manifestu nebo zásady asmv2:clrClassInvocation2 na řádku asmv2:clrClassInvocation3.
Prvek asmv2:clrClassInvocation je zřejmě podřízeným prvku urn:schemas-microsoft-com:asm.v1^entryPoint, což tato verze systému Windows nepodporuje.

Error: (11/16/2014 01:09:19 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: Generování kontextu aktivace pro asmv2:clrClassInvocation1 se nezdařilo. Chyba v souboru manifestu nebo zásady asmv2:clrClassInvocation2 na řádku asmv2:clrClassInvocation3.
Prvek asmv2:clrClassInvocation je zřejmě podřízeným prvku urn:schemas-microsoft-com:asm.v1^entryPoint, což tato verze systému Windows nepodporuje.

Error: (11/16/2014 11:27:29 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT)
Description: Product: OSHI Defender -- Error 1316. Zadaný účet již existuje.

Error: (11/16/2014 11:25:17 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT)
Description: Product: OSHI Defender -- Error 1316. Zadaný účet již existuje.

Error: (11/15/2014 04:43:30 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT)
Description: Product: OSHI Defender -- Error 1316. Zadaný účet již existuje.

Error: (11/15/2014 02:38:40 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: Generování kontextu aktivace pro asmv2:clrClassInvocation1 se nezdařilo. Chyba v souboru manifestu nebo zásady asmv2:clrClassInvocation2 na řádku asmv2:clrClassInvocation3.
Prvek asmv2:clrClassInvocation je zřejmě podřízeným prvku urn:schemas-microsoft-com:asm.v1^entryPoint, což tato verze systému Windows nepodporuje.

Error: (11/15/2014 02:38:40 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: Generování kontextu aktivace pro asmv2:clrClassInvocation1 se nezdařilo. Chyba v souboru manifestu nebo zásady asmv2:clrClassInvocation2 na řádku asmv2:clrClassInvocation3.
Prvek asmv2:clrClassInvocation je zřejmě podřízeným prvku urn:schemas-microsoft-com:asm.v1^entryPoint, což tato verze systému Windows nepodporuje.

Error: (11/15/2014 02:38:40 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: Generování kontextu aktivace pro asmv2:clrClassInvocation1 se nezdařilo. Chyba v souboru manifestu nebo zásady asmv2:clrClassInvocation2 na řádku asmv2:clrClassInvocation3.
Prvek asmv2:clrClassInvocation je zřejmě podřízeným prvku urn:schemas-microsoft-com:asm.v1^entryPoint, což tato verze systému Windows nepodporuje.

Error: (11/15/2014 02:38:09 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: Generování kontextu aktivace pro asmv2:clrClassInvocation1 se nezdařilo. Chyba v souboru manifestu nebo zásady asmv2:clrClassInvocation2 na řádku asmv2:clrClassInvocation3.
Prvek asmv2:clrClassInvocation je zřejmě podřízeným prvku urn:schemas-microsoft-com:asm.v1^entryPoint, což tato verze systému Windows nepodporuje.


System errors:
=============
Error: (11/16/2014 04:03:24 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby DeltaFix bylo dosaženo časového limitu (30000 ms).

Error: (11/16/2014 03:59:51 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (11/16/2014 03:59:51 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (11/16/2014 03:59:51 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (11/16/2014 03:59:51 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (11/16/2014 03:59:50 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (11/16/2014 03:46:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby DeltaFix bylo dosaženo časového limitu (30000 ms).

Error: (11/16/2014 03:45:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Windows Search neuspěla při spuštění v důsledku následující chyby:
%%1069

Error: (11/16/2014 03:45:28 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Služba WSearch se nemohla přihlásit jako NT AUTHORITY\SYSTEM s aktuálně konfigurovaným heslem z důvodu následující chyby:
%%50

Chcete-li zajistit správnou konfiguraci služby, použijte modul snap-in Služby konzoly Microsoft Management Console (MMC).

Error: (11/16/2014 03:45:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Služba Windows Media Player Network Sharing závisí na službě Windows Search, která neuspěla při spuštění v důsledku následující chyby:
%%1069


Microsoft Office Sessions:
=========================
Error: (11/16/2014 01:09:19 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest4

Error: (11/16/2014 01:09:19 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest4

Error: (11/16/2014 01:09:19 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest4

Error: (11/16/2014 11:27:29 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT)
Description: Product: OSHI Defender -- Error 1316. Zadaný účet již existuje.
(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (11/16/2014 11:25:17 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT)
Description: Product: OSHI Defender -- Error 1316. Zadaný účet již existuje.
(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (11/15/2014 04:43:30 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT)
Description: Product: OSHI Defender -- Error 1316. Zadaný účet již existuje.
(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (11/15/2014 02:38:40 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest4

Error: (11/15/2014 02:38:40 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest4

Error: (11/15/2014 02:38:40 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest4

Error: (11/15/2014 02:38:09 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest4


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3537U CPU @ 2.00GHz
Percentage of memory in use: 58%
Total physical RAM: 3911.27 MB
Available physical RAM: 1640.72 MB
Total Pagefile: 4999.27 MB
Available Pagefile: 2152.87 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:446.61 GB) (Free:361.97 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 059A1314)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 22.4 GB) (Disk ID: 3C34AF41)

Partition: GPT Partition Type.

==================== End Of Log ============================

Zatím se zdá, že ona upozornění od Esetu zmizla (předtím se objevovaly co cca 10min, teď nějakou dobu nic). Znamená to, že by ta breberka mohla být pryč? :)

Re: Podezření na trojana

Napsal: 16 lis 2014 16:47
od altrok
:arrow: Odinstalujte
  • OSHI Defender
  • Trojan Remover
  • AVG PC TuneUp 2014
  • UnHackMe
:arrow: Pak dejte novy FRST log (pri druhem spusteni FRST64.exe musite rucne zatrhnout Addition.txt, aby se vytvoril i tento log)

:arrow: Tezko rict... je tam tolik nastroju a zrychlovacu na automaticke mazani mozneho i nemozneho, ze to nedokazu s jistotou rict...

Re: Podezření na trojana

Napsal: 16 lis 2014 17:18
od curepiddy
FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-11-2014 02
Ran by NT Acer (administrator) on NT on 16-11-2014 17:13:14
Running from C:\Users\NT Acer\Desktop
Loaded Profile: NT Acer (Available profiles: NT Acer)
Platform: Windows 8.1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe
(Condusiv Technologies) C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Instant Service\Sleep Memory Optimizer\FFSService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(AVG) C:\Program Files (x86)\AVG PC TuneUp 2014\TuneUpUtilitiesService64.exe
(AVG) C:\Program Files (x86)\AVG PC TuneUp 2014\TuneUpUtilitiesApp64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe
(ZONER software) C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTray.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\RadioController\RfBtnHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17044_x64__8wekyb3d8bbwe\glcnd.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Theft Shield\USecuAppClient.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Aveas Limited) C:\Config.Msi\34330d.rbf
(forum.viry.cz) C:\Users\NT Acer\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2876816 2013-03-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13267016 2013-01-29] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1276488 2013-01-18] (Realtek Semiconductor)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe [4133072 2012-07-04] (ESET)
HKLM-x32\...\Run: [RadioController] => C:\Program Files (x86)\RadioController\RfBtnHelper.exe [111216 2013-11-26] (Dritek System Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [131712 2013-01-25] ( (Qualcomm Atheros Commnucations))
HKU\S-1-5-21-329716168-676599413-1959386347-1001\...\Run: [Zoner Photo Studio Autoupdate] => C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTRAY.EXE [752736 2012-10-18] (ZONER software)
HKU\S-1-5-21-329716168-676599413-1959386347-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [457728 2014-03-18] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-329716168-676599413-1959386347-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer13.msn.com
HKU\S-1-5-21-329716168-676599413-1959386347-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com
SearchScopes: HKLM - DefaultScope {4FED11A9-C66E-4EAE-ADFD-206C9F7D968A} URL =
SearchScopes: HKLM-x32 - DefaultScope {4FED11A9-C66E-4EAE-ADFD-206C9F7D968A} URL =
SearchScopes: HKCU - DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{C9868DCD-087E-41F5-86BE-22CA40150ACE}: [NameServer] 204.27.56.122,204.27.56.123,10.0.0.138

FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Endpoint Antivirus\Mozilla Thunderbird
FF Extension: ESET Endpoint Security Extension - C:\Program Files\ESET\ESET Endpoint Antivirus\Mozilla Thunderbird [2014-03-19]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\NT Acer\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\NT Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-16]
CHR Extension: (Docs) - C:\Users\NT Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-16]
CHR Extension: (Disk Google) - C:\Users\NT Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-11]
CHR Extension: (YouTube) - C:\Users\NT Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-11]
CHR Extension: (Vyhledávání Google) - C:\Users\NT Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-11]
CHR Extension: (Tabulky Google) - C:\Users\NT Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-16]
CHR Extension: (Gmail) - C:\Users\NT Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [227456 2013-01-25] (Qualcomm Atheros Commnucations)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-27] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [470056 2013-05-01] (Acer Incorporated)
S3 EhttpSrv; C:\Program Files\ESET\ESET Endpoint Antivirus\EHttpSrv.exe [35720 2012-07-04] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe [999704 2012-07-04] (ESET)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-16] (Acer Incorporated)
S3 ESHASRV; C:\Program Files\ESET\ESET Endpoint Antivirus\EShaSrv.exe [190208 2012-07-04] (ESET)
R2 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [107944 2013-01-08] (Condusiv Technologies)
R2 FFSOpzSvc; C:\Program Files\Acer\Acer Instant Service\Sleep Memory Optimizer\FFSService.exe [161384 2012-03-12] (Acer Incorporated)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
S3 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-19] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [96880 2013-11-26] (Dritek System INC.)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG PC TuneUp 2014\TuneUpUtilitiesService64.exe [2253112 2014-07-14] (AVG)
S3 USecuAppSvc; C:\Program Files\Acer\Acer Theft Shield\USecuAppSvc.exe [345744 2012-11-12] (Acer Incorporated)
R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [42808 2014-07-14] (AVG)
R2 UxTuneUp; C:\Windows\SysWOW64\uxtuneup.dll [35640 2014-07-14] (AVG)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S2 fc67e7a0; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\DeltaFix\DeltaFix.dll",serv

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-25] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2012-07-10] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [179920 2012-07-10] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [152136 2012-03-29] (ESET)
R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [140752 2012-03-29] (ESET)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [26024 2013-01-08] (Condusiv Technologies)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [112552 2013-01-08] (Condusiv Technologies)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-20] (Intel Corporation)
U0 Partizan; C:\Windows\SysWOW64\drivers\Partizan.sys [35816 2014-11-16] (Greatis Software)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2013-11-26] (Dritek System Inc.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG PC TuneUp 2014\TuneUpUtilitiesDriver64.sys [14112 2013-09-18] (TuneUp Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-16 17:13 - 2014-11-16 17:13 - 00014455 _____ () C:\Users\NT Acer\Desktop\FRST.txt
2014-11-16 16:33 - 2014-11-16 16:33 - 00000000 ___SH () C:\DkHyperbootSync
2014-11-16 16:22 - 2014-11-16 17:13 - 00000000 ____D () C:\FRST
2014-11-16 16:17 - 2014-11-16 16:17 - 00112640 _____ (forum.viry.cz) C:\Users\NT Acer\Desktop\FRSTLauncher.exe
2014-11-16 16:16 - 2014-11-16 16:16 - 00112640 _____ (forum.viry.cz) C:\Users\NT Acer\Downloads\Nepotvrzeno 722942.crdownload
2014-11-16 16:14 - 2014-11-16 16:14 - 00112640 _____ (forum.viry.cz) C:\Users\NT Acer\Downloads\Nepotvrzeno 918337.crdownload
2014-11-16 16:12 - 2014-11-16 16:12 - 02117120 _____ (Farbar) C:\Users\NT Acer\Desktop\FRST64.exe
2014-11-16 16:01 - 2014-11-16 15:50 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2014-11-16 15:53 - 2014-11-16 16:03 - 00007615 _____ () C:\zoek-results.log
2014-11-16 15:50 - 2014-11-16 16:00 - 00000000 ____D () C:\zoek_backup
2014-11-16 15:49 - 2014-11-16 15:49 - 01294848 _____ () C:\Users\NT Acer\Downloads\zoek.exe
2014-11-16 15:43 - 2014-11-16 15:44 - 00000000 ____D () C:\AdwCleaner
2014-11-16 15:38 - 2014-11-16 15:38 - 02140160 _____ () C:\Users\NT Acer\Downloads\adwcleaner_4.101.exe
2014-11-16 14:53 - 2014-11-16 14:53 - 01222144 _____ () C:\Users\NT Acer\Downloads\RSITx64 (1).exe
2014-11-16 14:24 - 2014-11-16 14:24 - 00021263 _____ () C:\Users\NT Acer\Downloads\soubor.txt
2014-11-16 14:17 - 2014-11-16 14:53 - 00000000 ____D () C:\Program Files\trend micro
2014-11-16 14:17 - 2014-11-16 14:17 - 00000000 ____D () C:\rsit
2014-11-16 14:16 - 2014-11-16 14:16 - 01222144 _____ () C:\Users\NT Acer\Downloads\RSITx64.exe
2014-11-16 11:31 - 2014-11-16 11:31 - 04803568 _____ (Aveas Limited) C:\Users\NT Acer\Downloads\WebInstaller (3).exe
2014-11-16 11:30 - 2014-11-16 11:30 - 04803568 _____ (Aveas Limited) C:\Users\NT Acer\Downloads\WebInstaller (2).exe
2014-11-16 11:26 - 2014-11-16 11:26 - 04803568 _____ (Aveas Limited) C:\Users\NT Acer\Downloads\WebInstaller (1).exe
2014-11-16 11:24 - 2014-11-16 11:24 - 04803568 _____ (Aveas Limited) C:\Users\NT Acer\Downloads\WebInstaller.exe
2014-11-16 11:03 - 2014-11-16 15:46 - 00000969 _____ () C:\Users\NT Acer\Desktop\Reanimator.lnk
2014-11-16 11:03 - 2014-11-16 15:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reanimator
2014-11-16 11:02 - 2014-11-16 17:08 - 00035816 _____ (Greatis Software) C:\WINDOWS\SysWOW64\Drivers\Partizan.sys
2014-11-16 11:02 - 2014-11-16 17:08 - 00000000 ____D () C:\Program Files (x86)\UnHackMe
2014-11-16 11:02 - 2014-11-16 15:46 - 00000002 RSHOT () C:\WINDOWS\winstart.bat
2014-11-16 11:02 - 2014-11-16 15:46 - 00000002 RSHOT () C:\WINDOWS\SysWOW64\CONFIG.NT
2014-11-16 11:02 - 2014-11-16 15:46 - 00000002 RSHOT () C:\WINDOWS\SysWOW64\AUTOEXEC.NT
2014-11-16 11:02 - 2014-11-16 11:04 - 00000000 ____D () C:\Users\NT Acer\Documents\RegRun2
2014-11-16 11:01 - 2014-11-16 11:01 - 15790435 _____ () C:\Users\NT Acer\Downloads\unhackme.zip
2014-11-15 14:51 - 2014-11-15 14:53 - 47272611 _____ (spydig.com, Inc. ) C:\Users\NT Acer\Desktop\Spydig_Setup.exe
2014-11-15 12:51 - 2014-11-16 17:00 - 00000000 _____ () C:\AUTOEXEC.BAT
2014-11-15 12:51 - 2014-11-15 12:51 - 00000046 _____ () C:\AUTOEXEC.SOL
2014-11-15 12:29 - 2014-11-15 12:29 - 00000000 ____D () C:\ProgramData\OSHI
2014-11-15 11:21 - 2014-11-15 11:21 - 00000000 ____D () C:\ProgramData\Licenses
2014-11-12 07:49 - 2014-10-10 02:58 - 00177472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2014-11-12 07:49 - 2014-10-10 02:58 - 00027456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2014-11-12 07:49 - 2014-10-10 02:44 - 00563976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-11-12 07:49 - 2014-10-08 08:37 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-11-12 07:49 - 2014-10-08 08:37 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2014-11-12 07:49 - 2014-10-08 08:34 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2014-11-12 07:49 - 2014-10-08 08:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll
2014-11-12 07:49 - 2014-10-08 07:56 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-11-12 07:49 - 2014-10-08 07:51 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-11-12 07:49 - 2014-10-08 07:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2014-11-12 07:49 - 2014-10-08 07:18 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-11-12 07:49 - 2014-10-08 07:17 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-11-12 07:49 - 2014-10-08 06:23 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2014-11-12 07:49 - 2014-09-27 08:13 - 00104336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2014-11-12 07:49 - 2014-09-27 06:24 - 00088800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2014-11-12 07:49 - 2014-09-27 04:38 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2014-11-12 07:49 - 2014-09-27 04:30 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2014-11-12 07:49 - 2014-09-27 04:17 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2014-11-12 07:47 - 2014-10-18 07:38 - 03557376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-11-12 07:47 - 2014-10-18 07:21 - 00894976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-11-12 07:47 - 2014-10-18 07:20 - 01714176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-11-12 07:47 - 2014-10-18 07:11 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-11-12 07:47 - 2014-10-17 08:01 - 00789184 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2014-11-12 07:47 - 2014-10-17 07:58 - 00602768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2014-11-12 07:47 - 2014-10-13 03:33 - 00116032 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2014-11-12 07:47 - 2014-10-11 01:58 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-11-12 07:47 - 2014-10-11 01:53 - 03607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-11-12 07:47 - 2014-10-08 08:30 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2014-11-12 07:47 - 2014-10-08 08:09 - 00428032 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2014-11-12 07:47 - 2014-10-08 07:27 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
2014-11-12 07:47 - 2014-10-08 06:32 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-11-12 07:47 - 2014-10-08 06:19 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-11-12 07:46 - 2014-10-18 10:55 - 00055776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-11-12 07:46 - 2014-10-18 09:09 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-11-12 07:46 - 2014-10-18 09:09 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2014-11-12 07:46 - 2014-10-18 08:25 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-11-12 07:46 - 2014-10-18 07:50 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2014-11-12 07:46 - 2014-10-18 07:27 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-11-12 07:46 - 2014-10-18 07:26 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-11-12 07:46 - 2014-10-18 07:23 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-11-12 07:46 - 2014-10-18 07:23 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-11-12 07:46 - 2014-10-18 07:14 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-11-12 07:46 - 2014-10-18 07:14 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-11-12 07:46 - 2014-10-18 07:12 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-11-12 07:45 - 2014-09-22 05:38 - 01519488 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2014-11-12 07:45 - 2014-09-22 04:06 - 00258368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-11-12 07:45 - 2014-09-22 04:06 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-11-12 07:45 - 2014-09-22 03:49 - 00035320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-11-12 07:45 - 2014-09-19 01:16 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2014-11-12 07:45 - 2014-09-02 23:08 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2014-11-12 07:45 - 2014-09-02 23:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2014-11-12 07:44 - 2014-10-31 06:28 - 25110016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-11-12 07:44 - 2014-10-31 04:59 - 14390272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-11-12 07:44 - 2014-10-31 04:42 - 19781632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-11-12 07:43 - 2014-10-31 06:12 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wextract.exe
2014-11-12 07:43 - 2014-10-31 06:12 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshta.exe
2014-11-12 07:43 - 2014-10-31 06:10 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iexpress.exe
2014-11-12 07:43 - 2014-10-31 06:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pngfilt.dll
2014-11-12 07:43 - 2014-10-31 06:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe
2014-11-12 07:43 - 2014-10-31 06:06 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-11-12 07:43 - 2014-10-31 06:06 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2014-11-12 07:43 - 2014-10-31 06:06 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-11-12 07:43 - 2014-10-31 06:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-11-12 07:43 - 2014-10-31 06:05 - 02884096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-11-12 07:43 - 2014-10-31 06:05 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-11-12 07:43 - 2014-10-31 06:04 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-11-12 07:43 - 2014-10-31 05:57 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-11-12 07:43 - 2014-10-31 05:56 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-11-12 07:43 - 2014-10-31 05:54 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\IEAdvpack.dll
2014-11-12 07:43 - 2014-10-31 05:53 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2014-11-12 07:43 - 2014-10-31 05:52 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2014-11-12 07:43 - 2014-10-31 05:51 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-11-12 07:43 - 2014-10-31 05:51 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-11-12 07:43 - 2014-10-31 05:51 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-11-12 07:43 - 2014-10-31 05:50 - 06040064 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-11-12 07:43 - 2014-10-31 05:50 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-11-12 07:43 - 2014-10-31 05:40 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2014-11-12 07:43 - 2014-10-31 05:38 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-11-12 07:43 - 2014-10-31 05:30 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-11-12 07:43 - 2014-10-31 05:29 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2014-11-12 07:43 - 2014-10-31 05:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2014-11-12 07:43 - 2014-10-31 05:28 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2014-11-12 07:43 - 2014-10-31 05:25 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-11-12 07:43 - 2014-10-31 05:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-11-12 07:43 - 2014-10-31 05:24 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2014-11-12 07:43 - 2014-10-31 05:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-11-12 07:43 - 2014-10-31 05:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-11-12 07:43 - 2014-10-31 05:19 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2014-11-12 07:43 - 2014-10-31 05:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-11-12 07:43 - 2014-10-31 05:08 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-11-12 07:43 - 2014-10-31 05:06 - 00372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-11-12 07:43 - 2014-10-31 05:05 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-11-12 07:43 - 2014-10-31 05:05 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-11-12 07:43 - 2014-10-31 05:03 - 02124288 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-11-12 07:43 - 2014-10-31 04:45 - 02365440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-11-12 07:43 - 2014-10-31 04:44 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-11-12 07:43 - 2014-10-31 04:42 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\imgutil.dll
2014-11-12 07:43 - 2014-10-31 04:32 - 01550336 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-11-12 07:43 - 2014-10-31 04:28 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wextract.exe
2014-11-12 07:43 - 2014-10-31 04:28 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshta.exe
2014-11-12 07:43 - 2014-10-31 04:27 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iexpress.exe
2014-11-12 07:43 - 2014-10-31 04:26 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pngfilt.dll
2014-11-12 07:43 - 2014-10-31 04:25 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedssync.exe
2014-11-12 07:43 - 2014-10-31 04:24 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-11-12 07:43 - 2014-10-31 04:24 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\url.dll
2014-11-12 07:43 - 2014-10-31 04:24 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-11-12 07:43 - 2014-10-31 04:23 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-11-12 07:43 - 2014-10-31 04:23 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-11-12 07:43 - 2014-10-31 04:22 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-11-12 07:43 - 2014-10-31 04:20 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-11-12 07:43 - 2014-10-31 04:18 - 02277376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-11-12 07:43 - 2014-10-31 04:16 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-11-12 07:43 - 2014-10-31 04:15 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-11-12 07:43 - 2014-10-31 04:14 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IEAdvpack.dll
2014-11-12 07:43 - 2014-10-31 04:13 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2014-11-12 07:43 - 2014-10-31 04:13 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2014-11-12 07:43 - 2014-10-31 04:12 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-11-12 07:43 - 2014-10-31 04:12 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-11-12 07:43 - 2014-10-31 04:11 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-11-12 07:43 - 2014-10-31 04:03 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licmgr10.dll
2014-11-12 07:43 - 2014-10-31 04:02 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-11-12 07:43 - 2014-10-31 03:57 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 07:43 - 2014-10-31 03:56 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inseng.dll
2014-11-12 07:43 - 2014-10-31 03:56 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2014-11-12 07:43 - 2014-10-31 03:56 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2014-11-12 07:43 - 2014-10-31 03:53 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-11-12 07:43 - 2014-10-31 03:53 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedsbs.dll
2014-11-12 07:43 - 2014-10-31 03:52 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-11-12 07:43 - 2014-10-31 03:51 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-11-12 07:43 - 2014-10-31 03:50 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-11-12 07:43 - 2014-10-31 03:48 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\occache.dll
2014-11-12 07:43 - 2014-10-31 03:46 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-11-12 07:43 - 2014-10-31 03:46 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-11-12 07:43 - 2014-10-31 03:42 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-11-12 07:43 - 2014-10-31 03:40 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-11-12 07:43 - 2014-10-31 03:40 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-11-12 07:43 - 2014-10-31 03:39 - 02051072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-11-12 07:43 - 2014-10-31 03:30 - 12819456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-11-12 07:43 - 2014-10-31 03:26 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-11-12 07:43 - 2014-10-31 03:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imgutil.dll
2014-11-12 07:43 - 2014-10-31 03:17 - 01892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-11-12 07:43 - 2014-10-31 03:13 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-11-12 07:43 - 2014-10-31 03:11 - 00708096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-11-12 07:42 - 2014-10-23 06:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2014-11-12 07:42 - 2014-10-23 06:05 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
2014-11-12 07:42 - 2014-10-07 07:28 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2014-11-12 07:42 - 2014-10-07 07:27 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2014-11-12 07:42 - 2014-10-07 07:27 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2014-11-12 07:42 - 2014-10-07 07:27 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2014-11-12 07:42 - 2014-10-07 07:27 - 00108432 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2014-11-12 07:42 - 2014-10-07 04:34 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2014-11-12 07:42 - 2014-10-07 04:34 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2014-11-12 07:42 - 2014-10-07 04:33 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2014-11-12 07:42 - 2014-10-07 04:30 - 04182016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-11-12 07:42 - 2014-10-07 02:54 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2014-11-12 07:42 - 2014-10-07 02:46 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-11-12 07:42 - 2014-08-23 06:18 - 02149376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2014-11-12 07:42 - 2014-08-23 06:03 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2014-11-12 07:41 - 2014-09-10 07:25 - 00474432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2014-11-12 07:41 - 2014-09-08 04:07 - 02497344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-11-12 07:41 - 2014-09-08 04:07 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-11-12 07:41 - 2014-09-07 23:08 - 00389176 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-11-12 07:41 - 2014-09-04 23:30 - 00822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2014-11-12 07:41 - 2014-09-04 23:21 - 01053184 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-11-12 07:41 - 2014-09-04 04:05 - 00836176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2014-11-12 07:41 - 2014-09-04 03:22 - 00670384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2014-11-12 07:41 - 2014-09-04 02:01 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2014-11-12 07:41 - 2014-09-04 01:32 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2014-11-12 07:41 - 2014-08-31 01:17 - 00148800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2014-11-12 07:41 - 2014-08-31 01:15 - 21197152 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-11-12 07:41 - 2014-08-30 23:59 - 18723112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-11-12 07:41 - 2014-08-30 23:05 - 00615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSCOMEX.dll
2014-11-12 07:41 - 2014-08-30 22:58 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSAPI.dll
2014-11-12 07:41 - 2014-08-30 22:04 - 00941568 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2014-11-12 07:41 - 2014-08-30 21:53 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSAPI.dll
2014-11-12 07:41 - 2014-08-30 21:17 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2014-11-12 07:41 - 2014-08-28 03:55 - 07484224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-11-12 07:41 - 2014-08-28 01:21 - 02480128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2014-11-12 07:41 - 2014-08-28 01:06 - 02030592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2014-11-12 07:41 - 2014-08-23 06:14 - 13424128 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-11-12 07:41 - 2014-08-23 06:04 - 11820544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-11-12 07:41 - 2014-08-23 05:50 - 02714112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2014-11-12 07:41 - 2014-08-02 01:51 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2014-11-12 07:41 - 2014-08-02 01:35 - 00485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2014-11-11 13:04 - 2014-11-11 21:36 - 00000000 ____D () C:\Users\NT Acer\Desktop\tlumočnictví fotky
2014-11-08 10:57 - 2014-11-08 10:57 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2014-11-08 10:57 - 2014-11-08 10:57 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-16 17:13 - 2014-03-19 12:41 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-329716168-676599413-1959386347-1001
2014-11-16 17:09 - 2014-04-18 14:47 - 01601493 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-16 17:01 - 2014-04-11 10:29 - 00000966 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-16 17:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-11-16 16:14 - 2014-07-02 17:28 - 00004958 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for NT-NT Acer NT
2014-11-16 16:07 - 2014-03-18 16:33 - 01745984 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-11-16 16:07 - 2014-03-18 15:54 - 00739924 _____ () C:\WINDOWS\system32\perfh005.dat
2014-11-16 16:07 - 2014-03-18 15:54 - 00151610 _____ () C:\WINDOWS\system32\perfc005.dat
2014-11-16 16:03 - 2014-04-19 12:24 - 00000000 ___DO () C:\Users\NT Acer\OneDrive
2014-11-16 16:03 - 2014-04-11 10:29 - 00000962 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-16 16:02 - 2014-03-18 08:20 - 00015338 _____ () C:\WINDOWS\PFRO.log
2014-11-16 16:02 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-16 16:02 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-11-16 15:09 - 2014-03-19 12:25 - 00000000 ____D () C:\Users\NT Acer\AppData\Local\Packages
2014-11-16 15:07 - 2014-04-18 15:57 - 00000000 ____D () C:\Users\NT Acer\AppData\Local\Deployment
2014-11-16 14:54 - 2014-04-06 20:10 - 01970688 ___SH () C:\Users\NT Acer\Desktop\Thumbs.db
2014-11-16 11:08 - 2013-03-12 06:57 - 00000000 ____D () C:\ProgramData\Temp
2014-11-16 10:52 - 2014-04-27 17:29 - 00003954 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{9580FCD8-9136-41F8-9840-D2E4B35088E7}
2014-11-16 10:51 - 2014-04-15 17:50 - 00287232 ___SH () C:\Users\NT Acer\Downloads\Thumbs.db
2014-11-16 10:51 - 2014-03-19 16:50 - 00000000 ____D () C:\Users\NT Acer\Desktop\filmy
2014-11-15 13:45 - 2014-03-19 12:26 - 00000000 ____D () C:\Users\NT Acer\AppData\Local\VirtualStore
2014-11-15 09:51 - 2014-03-19 12:49 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-11-14 19:50 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-11-13 06:18 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-11-13 05:56 - 2014-04-11 10:29 - 00003938 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-13 05:56 - 2014-04-11 10:29 - 00003702 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-12 18:58 - 2013-08-22 15:44 - 00372488 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-11-12 09:35 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-11-12 09:35 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-11-12 09:35 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-12 09:35 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-12 09:35 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-11-12 09:35 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-11-12 07:59 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-11-12 07:58 - 2014-04-07 20:08 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-11-12 07:56 - 2014-04-07 20:08 - 103374192 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-11-11 21:36 - 2014-09-07 18:23 - 00019456 ____H () C:\Users\NT Acer\Desktop\photothumb.db
2014-11-08 10:57 - 2014-09-07 18:23 - 00002062 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2014-11-08 10:57 - 2014-09-07 18:23 - 00002060 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2014-11-08 10:57 - 2014-09-07 18:23 - 00002050 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2014-11-08 10:57 - 2014-09-07 18:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-10-30 01:55 - 2013-08-22 16:38 - 00714208 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-10-30 01:55 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-29 21:45 - 2013-08-22 15:46 - 00297104 _____ () C:\WINDOWS\setupact.log
2014-10-26 19:59 - 2014-09-08 08:58 - 00000000 ____D () C:\Users\NT Acer\Desktop\Fotky

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-16 17:05




===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: (Acer) (Fixed) (Total:446.61 GB) (Free:361.96 GB) NTFS

Available physical RAM: 1591.84 MB
Total physical RAM: 3911.27 MB
Percentage of memory in use: 59%

==================== MBR and Partition Table ==================

Disk: 0 (Size: 465.8 GB) (Disk ID: 059A1314)
Disk: 1 (Size: 22.4 GB) (Disk ID: 3C34AF41)

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\ProgramData\Temp:CB0AACC9
AlternateDataStreams: C:\Users\NT Acer\OneDrive:ms-properties

==================== Security Center ==================

AV: ESET Endpoint Antivirus 5.0 (Enabled - Up to date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Endpoint Antivirus 5.0 (Enabled - Up to date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\NT Acer\Desktop" je 41158 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-11-2014 02
Ran by NT Acer at 2014-11-16 17:13:39
Running from C:\Users\NT Acer\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Endpoint Antivirus 5.0 (Enabled - Up to date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Endpoint Antivirus 5.0 (Enabled - Up to date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

clear.fi SDK - Video 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3013 - Acer Incorporated)
Acer Games (HKU\S-1-5-21-329716168-676599413-1959386347-1001\...\Pokki_03d432a7e610c3e908213e7689d4342ce2111caf) (Version: 1.1.7.42206 - Pokki)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3013 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated)
Acer Theft Shield (HKLM\...\{8ADB0CD2-4E5A-452F-BB3B-3A2984CAC749}) (Version: 1.01.3006 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.01.2008 - Acer Incorporated)
AcerCloud Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.02.2022 - Acer Incorporated)
AVG PC TuneUp 2014 (cs-CZ) (x32 Version: 14.0.1001.519 - AVG) Hidden
AVG PC TuneUp 2014 (HKLM-x32\...\AVG PC TuneUp) (Version: 14.0.1001.519 - AVG)
AVG PC TuneUp 2014 (x32 Version: 14.0.1001.519 - AVG) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.02.2012 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.02.2016 - Acer Incorporated)
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
ESET Endpoint Antivirus (HKLM\...\{5027F4BD-2B2A-4E4A-9758-785EE6EF6423}) (Version: 5.0.2126.11 - ESET, spol. s r.o.)
ETDWare PS/2-X64 11.6.20.203_WHQL (HKLM\...\Elantech) (Version: 11.6.20.203 - ELAN Microelectronic Corp.)
ExpressCache (HKLM\...\{C123584F-9C84-45E8-AE5F-522328BB79A0}) (Version: 1.0.100.0 - Condusiv Technologies)
Free RAR Extract Frog (HKLM-x32\...\Free RAR Extract Frog) (Version: 3.20 - Philipp Winterberg)
Game Channels (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 8.1.0.17 - WildTangent, Inc.)
Game Channels (HKLM-x32\...\WildTangentGameProvider-acer-main) (Version: 8.1.0.17 - WildTangent, Inc.)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.62.5209 - Gretech Corporation)
Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3006 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel(R) Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.12 - Acer Inc.)
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Microsoft Office 2013 pro podnikatele - cs-cz (HKLM\...\HomeBusinessRetail - cs-cz) (Version: 15.0.4667.1002 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-329716168-676599413-1959386347-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2008 - Acer)
Office Addin 2003 (HKLM-x32\...\{1FCC073B-CC01-4443-AD20-E559F66E6E83}) (Version: 2.02.2008 - Acer)
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.220 - Qualcomm Atheros Communications)
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.39 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6833 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
RegRun Reanimator (HKLM-x32\...\Greatis Reanimator_is1) (Version: - Greatis Software, LLC.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Sleep Memory Optimizer (HKLM\...\{BF63C2C3-9A5B-4366-AA5F-015292B919F0}) (Version: 1.01.3000 - Acer Incorporated)
Smart Timer (HKLM-x32\...\{89DB52FC-EA72-468F-A0C7-150AF8B7AB74}) (Version: 1.00.3007 - Acer Incorporated)
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.11.14 - WildTangent) Hidden
Zoner Photo Studio 15 (HKLM\...\ZonerPhotoStudio15_CZ_is1) (Version: 15.0.1.3 - ZONER software)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-329716168-676599413-1959386347-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\NT Acer\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329716168-676599413-1959386347-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\NT Acer\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329716168-676599413-1959386347-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\NT Acer\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-329716168-676599413-1959386347-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\NT Acer\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

05-11-2014 06:35:04 Naplánovaný kontrolní bod
12-11-2014 06:54:37 Windows Update
15-11-2014 11:28:44 Installed OSHI Defender
16-11-2014 14:53:20 zoek.exe restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2014-11-16 15:53 - 00000753 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {06590508-945F-4B2F-9550-315CFFDB2E22} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-10-07] (Microsoft Corporation)
Task: {11CCD222-D3CE-4A15-9539-7421DB819F76} - System32\Tasks\Microsoft Office 15 Sync Maintenance for NT-NT Acer NT => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-09-23] (Microsoft Corporation)
Task: {1C5123DF-7AA7-405F-A400-DF44BBD65B10} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-03-13] ()
Task: {1C5363FA-8DE1-4221-AC4C-5A61123768FB} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-03-16] (Acer Incorporated)
Task: {2467AABB-2D76-4F50-9705-63A74F5882E4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-11-12] (Microsoft Corporation)
Task: {2A07DF55-1ADD-4E18-90DE-802083F37F7D} - System32\Tasks\Smart Timer Task Scheduler => C:\Program Files\Smart Timer\Smart_Timer.exe [2012-06-22] (Acer Incorporated)
Task: {53000D5F-47BD-4EB9-9704-7EB376846734} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-11] (Google Inc.)
Task: {6DCA1596-B44A-4511-A43D-C2FB7324E348} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {74E79D05-6862-4BB4-9EA3-52B715683B21} - System32\Tasks\Theft Shield\AcerTheftShieldTask => C:\Program Files\Acer\Acer Theft Shield\USecuAppLauncher.exe [2012-11-12] (Acer Incorporated)
Task: {B352708E-309A-4E7C-A14E-6CDC0E5AA8E4} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2013-01-24] (Acer Incorporated)
Task: {BF04C3B1-7CB8-4199-9C36-E21105D78F19} - System32\Tasks\Dolby Selector => C:\Dolby PCEE4\pcee4.exe [2012-09-01] (Dolby Laboratories Inc.)
Task: {CE23A35D-FFDD-4D24-914B-D00E57064C44} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG PC TuneUp 2014\OneClick.exe [2014-07-14] (AVG)
Task: {D52E0E9A-2582-4398-BDEF-28C49742D438} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-11] (Google Inc.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-04-06 15:42 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-07-14 11:26 - 2014-07-14 11:26 - 00699704 _____ () C:\Program Files (x86)\AVG PC TuneUp 2014\avgrepliba.dll
2014-07-14 11:26 - 2014-07-14 11:26 - 00407864 _____ () C:\Program Files (x86)\AVG PC TuneUp 2014\tuavga.dll
2013-01-25 09:09 - 2013-01-25 09:09 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-01-25 09:05 - 2013-01-25 09:05 - 00084992 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2014-01-25 01:22 - 2014-01-25 01:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-01-25 09:12 - 2013-01-25 09:12 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2013-11-26 23:57 - 2013-02-21 07:58 - 00089672 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll
2014-10-29 11:57 - 2014-10-22 05:04 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
2014-10-29 11:57 - 2014-10-22 05:04 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libegl.dll
2014-10-29 11:57 - 2014-10-22 05:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-10-29 11:57 - 2014-10-22 05:04 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
2014-10-29 11:57 - 2014-10-22 05:05 - 14902600 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll
2013-03-12 06:46 - 2012-06-25 18:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:CB0AACC9
AlternateDataStreams: C:\Users\NT Acer\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "OSHI Defender"
HKLM\...\StartupApproved\Run32: => "LManager"

========================= Accounts: ==========================

Administrator (S-1-5-21-329716168-676599413-1959386347-500 - Administrator - Disabled)
Guest (S-1-5-21-329716168-676599413-1959386347-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-329716168-676599413-1959386347-1005 - Limited - Enabled)
NT Acer (S-1-5-21-329716168-676599413-1959386347-1001 - Administrator - Enabled) => C:\Users\NT Acer

==================== Faulty Device Manager Devices =============

Name: Bluetooth Audio Device
Description: Bluetooth Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_A2DP
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Virtual Bluetooth Support (Include Audio)
Description: Virtual Bluetooth Support (Include Audio)
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: AthBTPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Bluetooth LWFLT Device
Description: Bluetooth LWFLT Device
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_LWFLT
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (11/16/2014 05:06:29 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: Generování kontextu aktivace pro asmv2:clrClassInvocation1 se nezdařilo. Chyba v souboru manifestu nebo zásady asmv2:clrClassInvocation2 na řádku asmv2:clrClassInvocation3.
Prvek asmv2:clrClassInvocation je zřejmě podřízeným prvku urn:schemas-microsoft-com:asm.v1^entryPoint, což tato verze systému Windows nepodporuje.

Error: (11/16/2014 05:06:29 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: Generování kontextu aktivace pro asmv2:clrClassInvocation1 se nezdařilo. Chyba v souboru manifestu nebo zásady asmv2:clrClassInvocation2 na řádku asmv2:clrClassInvocation3.
Prvek asmv2:clrClassInvocation je zřejmě podřízeným prvku urn:schemas-microsoft-com:asm.v1^entryPoint, což tato verze systému Windows nepodporuje.

Error: (11/16/2014 05:06:29 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: Generování kontextu aktivace pro asmv2:clrClassInvocation1 se nezdařilo. Chyba v souboru manifestu nebo zásady asmv2:clrClassInvocation2 na řádku asmv2:clrClassInvocation3.
Prvek asmv2:clrClassInvocation je zřejmě podřízeným prvku urn:schemas-microsoft-com:asm.v1^entryPoint, což tato verze systému Windows nepodporuje.

Error: (11/16/2014 01:09:19 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: Generování kontextu aktivace pro asmv2:clrClassInvocation1 se nezdařilo. Chyba v souboru manifestu nebo zásady asmv2:clrClassInvocation2 na řádku asmv2:clrClassInvocation3.
Prvek asmv2:clrClassInvocation je zřejmě podřízeným prvku urn:schemas-microsoft-com:asm.v1^entryPoint, což tato verze systému Windows nepodporuje.

Error: (11/16/2014 01:09:19 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: Generování kontextu aktivace pro asmv2:clrClassInvocation1 se nezdařilo. Chyba v souboru manifestu nebo zásady asmv2:clrClassInvocation2 na řádku asmv2:clrClassInvocation3.
Prvek asmv2:clrClassInvocation je zřejmě podřízeným prvku urn:schemas-microsoft-com:asm.v1^entryPoint, což tato verze systému Windows nepodporuje.

Error: (11/16/2014 01:09:19 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: Generování kontextu aktivace pro asmv2:clrClassInvocation1 se nezdařilo. Chyba v souboru manifestu nebo zásady asmv2:clrClassInvocation2 na řádku asmv2:clrClassInvocation3.
Prvek asmv2:clrClassInvocation je zřejmě podřízeným prvku urn:schemas-microsoft-com:asm.v1^entryPoint, což tato verze systému Windows nepodporuje.

Error: (11/16/2014 11:27:29 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT)
Description: Product: OSHI Defender -- Error 1316. Zadaný účet již existuje.

Error: (11/16/2014 11:25:17 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT)
Description: Product: OSHI Defender -- Error 1316. Zadaný účet již existuje.

Error: (11/15/2014 04:43:30 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT)
Description: Product: OSHI Defender -- Error 1316. Zadaný účet již existuje.

Error: (11/15/2014 02:38:40 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: Generování kontextu aktivace pro asmv2:clrClassInvocation1 se nezdařilo. Chyba v souboru manifestu nebo zásady asmv2:clrClassInvocation2 na řádku asmv2:clrClassInvocation3.
Prvek asmv2:clrClassInvocation je zřejmě podřízeným prvku urn:schemas-microsoft-com:asm.v1^entryPoint, což tato verze systému Windows nepodporuje.


System errors:
=============
Error: (11/16/2014 04:03:24 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby DeltaFix bylo dosaženo časového limitu (30000 ms).

Error: (11/16/2014 03:59:51 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (11/16/2014 03:59:51 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (11/16/2014 03:59:51 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (11/16/2014 03:59:51 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (11/16/2014 03:59:50 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (11/16/2014 03:46:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby DeltaFix bylo dosaženo časového limitu (30000 ms).

Error: (11/16/2014 03:45:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Windows Search neuspěla při spuštění v důsledku následující chyby:
%%1069

Error: (11/16/2014 03:45:28 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Služba WSearch se nemohla přihlásit jako NT AUTHORITY\SYSTEM s aktuálně konfigurovaným heslem z důvodu následující chyby:
%%50

Chcete-li zajistit správnou konfiguraci služby, použijte modul snap-in Služby konzoly Microsoft Management Console (MMC).

Error: (11/16/2014 03:45:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Služba Windows Media Player Network Sharing závisí na službě Windows Search, která neuspěla při spuštění v důsledku následující chyby:
%%1069


Microsoft Office Sessions:
=========================
Error: (11/16/2014 05:06:29 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest4

Error: (11/16/2014 05:06:29 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest4

Error: (11/16/2014 05:06:29 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest4

Error: (11/16/2014 01:09:19 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest4

Error: (11/16/2014 01:09:19 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest4

Error: (11/16/2014 01:09:19 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest4

Error: (11/16/2014 11:27:29 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT)
Description: Product: OSHI Defender -- Error 1316. Zadaný účet již existuje.
(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (11/16/2014 11:25:17 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT)
Description: Product: OSHI Defender -- Error 1316. Zadaný účet již existuje.
(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (11/15/2014 04:43:30 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT)
Description: Product: OSHI Defender -- Error 1316. Zadaný účet již existuje.
(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (11/15/2014 02:38:40 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: asmv2:clrClassInvocationurn:schemas-microsoft-com:asm.v1^entryPointC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.ManifestC:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest4


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3537U CPU @ 2.00GHz
Percentage of memory in use: 59%
Total physical RAM: 3911.27 MB
Available physical RAM: 1591.84 MB
Total Pagefile: 4999.27 MB
Available Pagefile: 1782.41 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:446.61 GB) (Free:361.96 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 059A1314)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 22.4 GB) (Disk ID: 3C34AF41)

Partition: GPT Partition Type.

==================== End Of Log ============================

Ano, programů tam má určitě hodně, to víte, holka... Jinak říká, že Eset je v klidu, od toho čištění vypadá vše v pořádku. Tak jestli tam už nic nevidíte (asi už ne, jak říkám, Eset nic neohlašuje), mohlo by to být u konce :) Panejo, to byla rychlost. Moc děkujeme :))

Re: Podezření na trojana

Napsal: 16 lis 2014 17:53
od altrok
:arrow: Predpokladam, ze vsechny 4 programy jsou odinstalovane, takze ve skriptu mazu jejich zbytky.

:arrow: Velikost plochy by nemela presahovat 200 MB. Zvysuje se pak doba startu PC a snizuje se rychlost samotneho OS.

:arrow: Vypnete trvale Windows Defender - http://windows.microsoft.com/cs-cz/wind ... =windows-7
  • Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
  • ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
  • znovu spustte FRST a kliknete na Fix
  • po restartu na Vas vyskoci fixlog (pripadne bude ulozen na Plose), jehoz obsah mi vlozte do pristi odpovedi

    Kód: Vybrat vše

    Start
CloseProcesses:
HKU\S-1-5-21-329716168-676599413-1959386347-1001\...\Run: [Zoner Photo Studio Autoupdate] => C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTRAY.EXE [752736 2012-10-18] (ZONER software)
HKU\S-1-5-21-329716168-676599413-1959386347-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer13.msn.com
HKU\S-1-5-21-329716168-676599413-1959386347-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com
SearchScopes: HKLM - DefaultScope {4FED11A9-C66E-4EAE-ADFD-206C9F7D968A} URL =
SearchScopes: HKLM-x32 - DefaultScope {4FED11A9-C66E-4EAE-ADFD-206C9F7D968A} URL =
SearchScopes: HKCU - DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
CHR dev: Chrome dev build detected! <======= ATTENTION
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG PC TuneUp 2014\TuneUpUtilitiesService64.exe [2253112 2014-07-14] (AVG)
S2 fc67e7a0; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\DeltaFix\DeltaFix.dll",serv
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG PC TuneUp 2014\TuneUpUtilitiesDriver64.sys [14112 2013-09-18] (TuneUp Software)
2014-11-16 16:16 - 2014-11-16 16:16 - 00112640 _____ (forum.viry.cz) C:\Users\NT Acer\Downloads\Nepotvrzeno 722942.crdownload
2014-11-16 16:14 - 2014-11-16 16:14 - 00112640 _____ (forum.viry.cz) C:\Users\NT Acer\Downloads\Nepotvrzeno 918337.crdownload
2014-11-16 16:01 - 2014-11-16 15:50 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2014-11-16 15:53 - 2014-11-16 16:03 - 00007615 _____ () C:\zoek-results.log
2014-11-16 15:50 - 2014-11-16 16:00 - 00000000 ____D () C:\zoek_backup
2014-11-16 15:49 - 2014-11-16 15:49 - 01294848 _____ () C:\Users\NT Acer\Downloads\zoek.exe
2014-11-16 15:38 - 2014-11-16 15:38 - 02140160 _____ () C:\Users\NT Acer\Downloads\adwcleaner_4.101.exe
2014-11-16 14:53 - 2014-11-16 14:53 - 01222144 _____ () C:\Users\NT Acer\Downloads\RSITx64 (1).exe
2014-11-16 14:17 - 2014-11-16 14:53 - 00000000 ____D () C:\Program Files\trend micro
2014-11-16 11:31 - 2014-11-16 11:31 - 04803568 _____ (Aveas Limited) C:\Users\NT Acer\Downloads\WebInstaller (3).exe
2014-11-16 11:30 - 2014-11-16 11:30 - 04803568 _____ (Aveas Limited) C:\Users\NT Acer\Downloads\WebInstaller (2).exe
2014-11-16 11:26 - 2014-11-16 11:26 - 04803568 _____ (Aveas Limited) C:\Users\NT Acer\Downloads\WebInstaller (1).exe
2014-11-15 12:29 - 2014-11-15 12:29 - 00000000 ____D () C:\ProgramData\OSHI
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
AlternateDataStreams: C:\ProgramData\Temp:CB0AACC9
Task: {CE23A35D-FFDD-4D24-914B-D00E57064C44} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG PC TuneUp 2014\OneClick.exe [2014-07-14] (AVG)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\AVG PC TuneUp 2014
Hosts:
EmptyTemp:
End
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz