Trojan.Gen.2

[Lionetta]

Dobrý den,
před nějakou dobou (tj. v červenci letošního roku) mě začal notebook zlobit. Máma pracuje v Datartu, tudíž mi do něj kluci od ní v práci nainstalovali nějaký jejich antivirus (už si nepamatuji název). Notebook zlobil a prověřování nic neobvyklého nehlásilo. No, nakonec se úplně sesypal a někdy v září šel do opravny, jelikož se mi přes baterku odbouchla hl. deska (notebook mám často na peřině, na posteli atd.)
Vyměnili mi hlavní desku, baterku a věci s tím spojené (možná bych tu zprávu ještě našla, nevím). Servis to byl autorizovaný a mámin kolega z práce nám doporučil produkt Norton 360. Tak jsme si ho koupili, vše fungovalo normálně, licenci máme legální, taky stála nějaký ten peníz, krabička a CD disky ještě máme.
Vše fungovalo v pořádku a zcela normálně... Asi měsíc se s tím trápím..
Takže to začalo následovně:
Norton jsem dávala projíždět pravidelně (týdně) a jednou mi psal, že je třeba oprava, že to chce kontrolu. No jo. Kontrola se spustila, jenže jak došlo na vyhledávání virů a těchto bordelů, kontrola neproběhla. Zapla se, ale naskočil červený křížek a nic nebylo. Nepustilo mě to do žádného prověřování, ani do Norton Power Eraser. A už vůbec mě to nepustilo do Historie akcí v počítači (kde píšou o karanténách atd.. nevím jak se to jmenuje ). Když jsem dala úplné prověřování, live update, zálohování a defragmentace disku proběhla zcela v pořádku. Ale samotné prověřování se otevřelo, velký červený křížek "Kontrola neproběhla" a konec.
Na Norton fóru, kde je automatická "poradna", kde nejsou lidi, kteří by vám radili, jsem se dočetla, že mám restartovat počítač a celé to zkusit znovu.
Počítač tedy restartuji a norton je najednou spokojený a v pořádku. Kontroly proběhnou "v pořádku", vynechá to několik stovek souborů, pustí mě to do historie a co nevidím. Neoprávněné pokusy o získání dat, o připíchnutí na počítač (střední výstrahy, blokováno).
Takhle to jelo nějaký ten pátek a pak to vygradovalo v trojské koně. Když si otevřu tu historii mám tam karanténu několika Trojan.Gen.2 (přiložím print screen-Historie karantény)
Takhle je to s antivirem čím dál častější a já už si nevím rady.
Stahuji jen ze spolehlivých zdrojů, přítel říká, že cracky do her to občas označí jako virus tak nevím..
Počítač je zpomalený, na internetu čekám na načtení stránky hodinu..
Jediné, co na internetu dělám je facebook, youtube, howrse a občas nějaké to googlování, kde mě informuje norton toolbar o spolehlivosti stránky..
Prosím někoho kdo se v tom vyzná o radu, vážně už nevím co s tím

[Lionetta]

momentálně se snažím udělat ten FRST moc to nechápu, ale opravdu se o to snažím
už vím, že mám 64-bitový operační systém

[Márty84]

Zdravim

Byla vase snaha korunovana uspechem?

Kdyz to nepujde, zkuste RSITx64 http://images.malwareremoval.com/random/RSITx64.exe , je to o neco jednodussi. Navod je zde http://forum.viry.cz/viewtopic.php?f=13&t=130786

[Lionetta]

No právěže vůbec, večer jsem na to zapomněla a koukám na to až teď tak zkusím tu vaši metodu Jak že se to dělá?
Pardon, je to se mnou náročné, přes počítače jsem totálně neschopná co se týče takového programování.. :/

[Márty84]

1. Stahnete programek do pc http://images.malwareremoval.com/random/RSITx64.exe
2. Kliknete na jeho ikonku pravym mysidlem, otevre se nabidka moznosti a vy kliknete levym mysidlem na moznost Spustit jako spravce.
3. Zrejme vyskoci hlaska, jestli jste si jista, ze to chcete spustit, tak to samozrejme potvrdite.
4. Spusti se program, kde budou dve moznosti - Continue a Exit. Kliknete na Continue a program zacne pracovat.
5. Za chvilicku by se mely objevit dva poznamkove bloky s logama. Poslete mi ten s nazvem log (nejlepe zkopirovanim obsahu sem, nebo jako prilohu treba na mail)

Kdyby ten poznamkovy blok nevyskocil sam, bude zde C:\rsit\log

[Lionetta]

Logfile of random's system information tool 1.10 (written by random/random)
Run by HP at 2015-01-01 14:09:05
Microsoft Windows 8.1
System drive C: has 382 GB (83%) free of 461 GB
Total RAM: 3983 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:38:33, on 1. 1. 2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17416)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coNatHst.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\HP.exe
C:\WINDOWS\syswow64\wwahost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CPNTDFJS
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CPNTDFJS
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll
O4 - HKLM\..\Run: [BtTray] "C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe"
O4 - HKLM\..\Run: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKCU\..\Run: [Remote Mouse] C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWow64\skype4com.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: BlueSoleilCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BsHelpCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11445 bytes

======Listing Processes======





wininit.exe

C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe"
C:\WINDOWS\system32\svchost.exe -k apphost
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe"
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe" /s "N360" /m "C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\diMaster.dll" /prefetch:1
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe"
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
C:\WINDOWS\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
"C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"

C:\WINDOWS\System32\WinLogon.exe -SpecialSession
-hiberboot
"C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe" /c /a /s UserSession
taskhostex.exe
"\Program Files\Synaptics\SynTP\SynTPEnh.exe"
C:\WINDOWS\Explorer.EXE
"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
"C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe"
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
"C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="3724.0.1941852392\1692753648" --disable-d3d11 --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,6,17,38 --gpu-vendor-id=0x8086 --gpu-device-id=0x0106 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=9.17.10.3347 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group4 pct:10d stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/ControlBootstrap/ExtensionInstallVerification/Enforce/GoogleNow/Enable/NewProfileManagement/OldAvatarMenu/OmniboxBundledExperimentV1/NewSuggestType_A10_Stable_R2/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Control/RapporRollout/Enabled/RememberCertificateErrorDecisions/Default/SPDY/DefaultSpdy31Enabled/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-1-Percent/group_10/UMA-Uniformity-Trial-10-Percent/group_06/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="3724.3.481327137\1125359192" /prefetch:673131151
C:\WINDOWS\system32\cmd.exe /c "C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coNatHst.exe" --parent-window=0 chrome-extension://mkfokfffehpeedafpekjeddnmnjhmcmk/ < \\.\pipe\chrome.nativeMessaging.in.f3849fb47a4d4b23 > \\.\pipe\chrome.nativeMessaging.out.f3849fb47a4d4b23
"C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\nacl64" --type=nacl-broker --channel="3724.7.1927345381\708726522" /prefetch:-875166825
\??\C:\WINDOWS\system32\conhost.exe 0x4
"C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\nacl64.exe" --type=nacl-loader --channel="3724.6.683357611\1090133370" --ignored=" --type=renderer " /prefetch:-1502398898
"C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coNatHst.exe" --parent-window=0 chrome-extension://mkfokfffehpeedafpekjeddnmnjhmcmk/
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="3724.69.2000618066\322910924" --ppapi-flash-args=enable_hw_video_decode=1 --lang=cs --ignored=" --type=renderer " /prefetch:-632637702
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group4 pct:10d stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/ControlBootstrap/ExtensionInstallVerification/Enforce/GoogleNow/Enable/NewProfileManagement/OldAvatarMenu/OmniboxBundledExperimentV1/NewSuggestType_A10_Stable_R2/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Control/RapporRollout/Enabled/RememberCertificateErrorDecisions/Default/SPDY/DefaultSpdy31Enabled/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-1-Percent/group_10/UMA-Uniformity-Trial-10-Percent/group_06/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="3724.70.199287596\966975055" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group4 pct:10d stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/ControlBootstrap/ExtensionInstallVerification/Enforce/GoogleNow/Enable/NewProfileManagement/OldAvatarMenu/OmniboxBundledExperimentV1/NewSuggestType_A10_Stable_R2/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Control/RapporRollout/Enabled/RememberCertificateErrorDecisions/Default/SPDY/DefaultSpdy31Enabled/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-1-Percent/group_10/UMA-Uniformity-Trial-10-Percent/group_06/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="3724.88.782471989\772260551" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group4 pct:10d stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/ControlBootstrap/ExtensionInstallVerification/Enforce/GoogleNow/Enable/NewProfileManagement/OldAvatarMenu/OmniboxBundledExperimentV1/NewSuggestType_A10_Stable_R2/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Control/RapporRollout/Enabled/RememberCertificateErrorDecisions/Default/SPDY/DefaultSpdy31Enabled/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-1-Percent/group_10/UMA-Uniformity-Trial-10-Percent/group_06/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="3724.90.1145842262\1127379122" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group4 pct:10d stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/ControlBootstrap/ExtensionInstallVerification/Enforce/GoogleNow/Enable/NewProfileManagement/OldAvatarMenu/OmniboxBundledExperimentV1/NewSuggestType_A10_Stable_R2/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Control/RapporRollout/Enabled/RememberCertificateErrorDecisions/Default/SPDY/DefaultSpdy31Enabled/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-1-Percent/group_10/UMA-Uniformity-Trial-10-Percent/group_06/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="3724.98.1730770355\1621810011" /prefetch:673131151
"C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe"
C:\WINDOWS\system32\wbem\wmiprvse.exe
"C:\Users\HP\Desktop\RSITx64.exe"

"C:\WINDOWS\syswow64\wwahost.exe" -ServerName:App.wwa

"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe23_ Global\UsGthrCtrlFltPipeMssGthrPipe23 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\WINDOWS\system32\SearchFilterHost.exe" 0 584 588 596 65536 592

======Scheduled tasks folder======

C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-2424316963-631298389-2926100737-1001Core.job - C:\Users\HP\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver
C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-2424316963-631298389-2926100737-1001UA.job - C:\Users\HP\AppData\Local\Facebook\Update\FacebookUpdate.exe /ua /installsource scheduler
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\WINDOWS\tasks\Synaptics TouchPad Enhancements.job - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Norton Identity Protection - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll [2014-09-20 917856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2013-12-18 6671064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files (x86)\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Norton Identity Protection - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll [2014-09-20 655200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Norton Vulnerability Protection - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL [2014-08-26 392336]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-18 4171480]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2012-07-09 351136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll [2014-09-20 917856]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll [2014-09-20 655200]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2012-06-12 6548112]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2012-11-05 108144]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-24 2916152]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Remote Mouse"=C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"BtTray"=C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [2012-08-02 363520]
"CLVirtualDrive"=C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [2012-07-26 491320]
"RemoteControl10"=C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [2012-03-28 91432]
"HP Quick Launch"=C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [2012-07-09 580512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2014-01-29 442880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2013-12-18 6671064]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-18 4171480]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2091-08-07 08:04:47 ----A---- C:\WINDOWS\system32\netcfg-80890.txt
2091-08-07 08:04:17 ----A---- C:\WINDOWS\system32\netcfg-50437.txt
2015-01-01 14:09:06 ----D---- C:\Program Files\trend micro
2015-01-01 14:09:05 ----D---- C:\rsit
2014-12-29 15:15:06 ----D---- C:\Program Files (x86)\Euro Truck Simulator 2
2014-12-18 22:37:09 ----A---- C:\WINDOWS\ntbtlog.txt
2014-12-11 14:04:55 ----D---- C:\WINDOWS\system32\appraiser
2014-12-11 10:18:42 ----A---- C:\WINDOWS\BlendSettings.ini
2014-12-11 09:06:55 ----A---- C:\WINDOWS\SYSWOW64\DeviceSetupStatusProvider.dll
2014-12-11 09:06:55 ----A---- C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2014-12-11 09:06:37 ----A---- C:\WINDOWS\system32\crypt32.dll
2014-12-11 09:06:36 ----A---- C:\WINDOWS\SYSWOW64\crypt32.dll
2014-12-11 08:19:46 ----A---- C:\WINDOWS\system32\mshtml.dll
2014-12-11 08:19:43 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll
2014-12-11 08:19:34 ----A---- C:\WINDOWS\system32\ieframe.dll
2014-12-11 08:19:32 ----A---- C:\WINDOWS\SYSWOW64\ieframe.dll
2014-12-11 08:19:30 ----A---- C:\WINDOWS\system32\jscript9.dll
2014-12-11 08:19:29 ----A---- C:\WINDOWS\system32\wininet.dll
2014-12-11 08:19:28 ----A---- C:\WINDOWS\SYSWOW64\wininet.dll
2014-12-11 08:19:28 ----A---- C:\WINDOWS\system32\urlmon.dll
2014-12-11 08:19:28 ----A---- C:\WINDOWS\system32\iertutil.dll
2014-12-11 08:19:27 ----A---- C:\WINDOWS\SYSWOW64\urlmon.dll
2014-12-11 08:19:27 ----A---- C:\WINDOWS\SYSWOW64\iertutil.dll
2014-12-11 08:19:26 ----A---- C:\WINDOWS\SYSWOW64\jscript9.dll
2014-12-11 08:19:24 ----A---- C:\WINDOWS\SYSWOW64\ieapfltr.dll
2014-12-11 08:19:24 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2014-12-11 08:19:21 ----A---- C:\WINDOWS\SYSWOW64\vbscript.dll
2014-12-11 08:19:19 ----A---- C:\WINDOWS\SYSWOW64\msfeeds.dll
2014-12-11 08:19:19 ----A---- C:\WINDOWS\system32\msfeeds.dll
2014-12-11 08:19:19 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2014-12-11 08:19:18 ----A---- C:\WINDOWS\SYSWOW64\iedkcs32.dll
2014-12-11 08:19:18 ----A---- C:\WINDOWS\system32\vbscript.dll
2014-12-11 08:19:18 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2014-12-11 08:19:17 ----A---- C:\WINDOWS\system32\iepeers.dll
2014-12-11 08:19:16 ----A---- C:\WINDOWS\SYSWOW64\mshtmled.dll
2014-12-11 08:19:16 ----A---- C:\WINDOWS\SYSWOW64\dxtrans.dll
2014-12-11 08:19:16 ----A---- C:\WINDOWS\system32\MshtmlDac.dll
2014-12-11 08:19:15 ----A---- C:\WINDOWS\SYSWOW64\webcheck.dll
2014-12-11 08:19:15 ----A---- C:\WINDOWS\SYSWOW64\MshtmlDac.dll
2014-12-11 08:19:15 ----A---- C:\WINDOWS\SYSWOW64\iepeers.dll
2014-12-11 08:19:15 ----A---- C:\WINDOWS\system32\webcheck.dll
2014-12-11 08:19:15 ----A---- C:\WINDOWS\system32\mshtmled.dll
2014-12-11 08:19:15 ----A---- C:\WINDOWS\system32\dxtrans.dll
2014-12-11 08:19:14 ----A---- C:\WINDOWS\system32\jscript.dll
2014-12-11 08:19:14 ----A---- C:\WINDOWS\system32\inetcomm.dll
2014-12-11 08:19:13 ----A---- C:\WINDOWS\SYSWOW64\jscript.dll
2014-12-11 08:19:13 ----A---- C:\WINDOWS\SYSWOW64\inetcomm.dll
2014-12-11 08:17:19 ----A---- C:\WINDOWS\system32\WindowsCodecs.dll
2014-12-11 08:17:18 ----A---- C:\WINDOWS\SYSWOW64\WindowsCodecs.dll
2014-12-11 08:14:30 ----A---- C:\WINDOWS\system32\appraiser.dll
2014-12-11 08:14:30 ----A---- C:\WINDOWS\system32\aepic.dll
2014-12-11 08:14:29 ----A---- C:\WINDOWS\system32\aeinv.dll
2014-12-11 08:14:28 ----A---- C:\WINDOWS\system32\invagent.dll
2014-12-11 08:14:28 ----A---- C:\WINDOWS\system32\generaltel.dll
2014-12-11 08:14:28 ----A---- C:\WINDOWS\system32\devinv.dll
2014-12-11 08:14:26 ----A---- C:\WINDOWS\system32\aepdu.dll
2014-12-11 08:14:22 ----A---- C:\WINDOWS\system32\MrmCoreR.dll
2014-12-11 08:14:21 ----A---- C:\WINDOWS\SYSWOW64\MrmCoreR.dll
2014-12-11 08:13:35 ----AC---- C:\WINDOWS\system32\drivers\sdbus.sys
2014-12-11 08:13:34 ----AC---- C:\WINDOWS\system32\drivers\intelpep.sys
2014-12-11 08:13:34 ----AC---- C:\WINDOWS\system32\drivers\dumpsd.sys
2014-12-11 08:13:34 ----A---- C:\WINDOWS\system32\drivers\pdc.sys
2014-12-11 08:13:19 ----A---- C:\WINDOWS\system32\poqexec.exe
2014-12-11 08:13:17 ----A---- C:\WINDOWS\SYSWOW64\poqexec.exe
2014-12-11 08:09:17 ----A---- C:\WINDOWS\SYSWOW64\XAudio2_7.dll
2014-12-11 08:09:17 ----A---- C:\WINDOWS\SYSWOW64\XAPOFX1_5.dll
2014-12-11 08:09:17 ----A---- C:\WINDOWS\system32\XAudio2_7.dll
2014-12-11 08:09:17 ----A---- C:\WINDOWS\system32\XAPOFX1_5.dll
2014-12-11 08:09:16 ----A---- C:\WINDOWS\SYSWOW64\xactengine3_7.dll
2014-12-11 08:09:16 ----A---- C:\WINDOWS\system32\xactengine3_7.dll
2014-12-11 08:09:15 ----A---- C:\WINDOWS\SYSWOW64\D3DCompiler_43.dll
2014-12-11 08:09:15 ----A---- C:\WINDOWS\system32\D3DCompiler_43.dll
2014-12-11 08:09:14 ----A---- C:\WINDOWS\SYSWOW64\d3dcsx_43.dll
2014-12-11 08:09:14 ----A---- C:\WINDOWS\system32\d3dcsx_43.dll
2014-12-11 08:09:13 ----A---- C:\WINDOWS\SYSWOW64\d3dx11_43.dll
2014-12-11 08:09:13 ----A---- C:\WINDOWS\SYSWOW64\d3dx10_43.dll
2014-12-11 08:09:13 ----A---- C:\WINDOWS\system32\d3dx11_43.dll
2014-12-11 08:09:13 ----A---- C:\WINDOWS\system32\d3dx10_43.dll
2014-12-11 08:09:12 ----A---- C:\WINDOWS\SYSWOW64\D3DX9_43.dll
2014-12-11 08:09:12 ----A---- C:\WINDOWS\system32\D3DX9_43.dll
2014-12-11 07:53:05 ----D---- C:\Steam
2014-12-10 20:48:55 ----A---- C:\WINDOWS\SYSWOW64\XAudio2_6.dll
2014-12-10 20:48:55 ----A---- C:\WINDOWS\SYSWOW64\XAPOFX1_4.dll
2014-12-10 20:48:55 ----A---- C:\WINDOWS\system32\XAudio2_6.dll
2014-12-10 20:48:55 ----A---- C:\WINDOWS\system32\XAPOFX1_4.dll
2014-12-10 20:48:53 ----A---- C:\WINDOWS\SYSWOW64\xactengine3_6.dll
2014-12-10 20:48:53 ----A---- C:\WINDOWS\system32\xactengine3_6.dll
2014-12-10 20:48:51 ----A---- C:\WINDOWS\SYSWOW64\X3DAudio1_7.dll
2014-12-10 20:48:51 ----A---- C:\WINDOWS\system32\X3DAudio1_7.dll
2014-12-10 20:48:45 ----A---- C:\WINDOWS\SYSWOW64\XAudio2_5.dll
2014-12-10 20:48:45 ----A---- C:\WINDOWS\system32\XAudio2_5.dll
2014-12-10 20:48:41 ----A---- C:\WINDOWS\SYSWOW64\xactengine3_5.dll
2014-12-10 20:48:41 ----A---- C:\WINDOWS\system32\xactengine3_5.dll
2014-12-10 20:48:39 ----A---- C:\WINDOWS\SYSWOW64\D3DCompiler_42.dll
2014-12-10 20:48:39 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll
2014-12-10 20:48:29 ----A---- C:\WINDOWS\SYSWOW64\d3dcsx_42.dll
2014-12-10 20:48:29 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll
2014-12-10 20:48:24 ----A---- C:\WINDOWS\SYSWOW64\d3dx11_42.dll
2014-12-10 20:48:24 ----A---- C:\WINDOWS\system32\d3dx11_42.dll
2014-12-10 20:48:14 ----A---- C:\WINDOWS\SYSWOW64\d3dx10_42.dll
2014-12-10 20:48:14 ----A---- C:\WINDOWS\system32\d3dx10_42.dll
2014-12-10 20:48:11 ----A---- C:\WINDOWS\SYSWOW64\D3DX9_42.dll
2014-12-10 20:48:11 ----A---- C:\WINDOWS\system32\D3DX9_42.dll
2014-12-10 20:48:08 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2014-12-10 20:48:08 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2014-12-10 20:48:04 ----A---- C:\WINDOWS\SYSWOW64\D3DX9_41.dll
2014-12-10 20:48:04 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2014-12-10 20:47:59 ----A---- C:\WINDOWS\SYSWOW64\XAudio2_4.dll
2014-12-10 20:47:59 ----A---- C:\WINDOWS\SYSWOW64\XAPOFX1_3.dll
2014-12-10 20:47:59 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2014-12-10 20:47:59 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2014-12-10 20:47:57 ----A---- C:\WINDOWS\SYSWOW64\xactengine3_4.dll
2014-12-10 20:47:57 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2014-12-10 20:47:56 ----A---- C:\WINDOWS\SYSWOW64\X3DAudio1_6.dll
2014-12-10 20:47:56 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2014-12-10 20:47:54 ----A---- C:\WINDOWS\SYSWOW64\d3dx10_40.dll
2014-12-10 20:47:54 ----A---- C:\WINDOWS\SYSWOW64\D3DCompiler_40.dll
2014-12-10 20:47:54 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2014-12-10 20:47:54 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2014-12-10 20:47:52 ----A---- C:\WINDOWS\SYSWOW64\D3DX9_40.dll
2014-12-10 20:47:52 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2014-12-10 20:47:48 ----A---- C:\WINDOWS\SYSWOW64\XAudio2_3.dll
2014-12-10 20:47:48 ----A---- C:\WINDOWS\SYSWOW64\XAPOFX1_2.dll
2014-12-10 20:47:48 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2014-12-10 20:47:48 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2014-12-10 20:47:45 ----A---- C:\WINDOWS\SYSWOW64\xactengine3_3.dll
2014-12-10 20:47:45 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2014-12-10 20:47:42 ----A---- C:\WINDOWS\SYSWOW64\X3DAudio1_5.dll
2014-12-10 20:47:42 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2014-12-10 20:47:39 ----A---- C:\WINDOWS\SYSWOW64\XAudio2_2.dll
2014-12-10 20:47:39 ----A---- C:\WINDOWS\SYSWOW64\XAPOFX1_1.dll
2014-12-10 20:47:39 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2014-12-10 20:47:39 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2014-12-10 20:47:37 ----A---- C:\WINDOWS\SYSWOW64\xactengine3_2.dll
2014-12-10 20:47:37 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2014-12-10 20:47:35 ----A---- C:\WINDOWS\SYSWOW64\d3dx10_39.dll
2014-12-10 20:47:35 ----A---- C:\WINDOWS\SYSWOW64\D3DCompiler_39.dll
2014-12-10 20:47:35 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2014-12-10 20:47:35 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2014-12-10 20:47:34 ----A---- C:\WINDOWS\SYSWOW64\D3DX9_39.dll
2014-12-10 20:47:34 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2014-12-10 20:47:31 ----A---- C:\WINDOWS\SYSWOW64\XAudio2_1.dll
2014-12-10 20:47:31 ----A---- C:\WINDOWS\SYSWOW64\XAPOFX1_0.dll
2014-12-10 20:47:31 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2014-12-10 20:47:31 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2014-12-10 20:47:28 ----A---- C:\WINDOWS\SYSWOW64\xactengine3_1.dll
2014-12-10 20:47:28 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2014-12-10 20:47:25 ----A---- C:\WINDOWS\SYSWOW64\X3DAudio1_4.dll
2014-12-10 20:47:25 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2014-12-10 20:47:19 ----A---- C:\WINDOWS\SYSWOW64\d3dx10_38.dll
2014-12-10 20:47:19 ----A---- C:\WINDOWS\SYSWOW64\D3DCompiler_38.dll
2014-12-10 20:47:19 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2014-12-10 20:47:19 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2014-12-10 20:47:14 ----A---- C:\WINDOWS\SYSWOW64\D3DX9_38.dll
2014-12-10 20:47:14 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2014-12-10 20:47:11 ----A---- C:\WINDOWS\SYSWOW64\XAudio2_0.dll
2014-12-10 20:47:11 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2014-12-10 20:47:10 ----A---- C:\WINDOWS\SYSWOW64\xactengine3_0.dll
2014-12-10 20:47:10 ----A---- C:\WINDOWS\SYSWOW64\X3DAudio1_3.dll
2014-12-10 20:47:10 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2014-12-10 20:47:10 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2014-12-10 20:47:08 ----A---- C:\WINDOWS\SYSWOW64\d3dx10_37.dll
2014-12-10 20:47:08 ----A---- C:\WINDOWS\SYSWOW64\D3DCompiler_37.dll
2014-12-10 20:47:08 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2014-12-10 20:47:08 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2014-12-10 20:47:06 ----A---- C:\WINDOWS\SYSWOW64\D3DX9_37.dll
2014-12-10 20:47:06 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2014-12-10 20:47:04 ----A---- C:\WINDOWS\SYSWOW64\xactengine2_10.dll
2014-12-10 20:47:04 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2014-12-10 20:46:55 ----A---- C:\WINDOWS\SYSWOW64\d3dx10_36.dll
2014-12-10 20:46:55 ----A---- C:\WINDOWS\SYSWOW64\D3DCompiler_36.dll
2014-12-10 20:46:55 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2014-12-10 20:46:55 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2014-12-10 20:46:52 ----A---- C:\WINDOWS\SYSWOW64\d3dx9_36.dll
2014-12-10 20:46:52 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2014-12-10 20:46:50 ----A---- C:\WINDOWS\SYSWOW64\xactengine2_9.dll
2014-12-10 20:46:50 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2014-12-10 20:46:49 ----A---- C:\WINDOWS\SYSWOW64\d3dx10_35.dll
2014-12-10 20:46:49 ----A---- C:\WINDOWS\SYSWOW64\D3DCompiler_35.dll
2014-12-10 20:46:49 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2014-12-10 20:46:49 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2014-12-10 20:46:47 ----A---- C:\WINDOWS\SYSWOW64\d3dx9_35.dll
2014-12-10 20:46:47 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2014-12-10 20:46:45 ----A---- C:\WINDOWS\SYSWOW64\xactengine2_8.dll
2014-12-10 20:46:45 ----A---- C:\WINDOWS\SYSWOW64\X3DAudio1_2.dll
2014-12-10 20:46:45 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2014-12-10 20:46:45 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2014-12-10 20:46:44 ----A---- C:\WINDOWS\SYSWOW64\d3dx10_34.dll
2014-12-10 20:46:44 ----A---- C:\WINDOWS\SYSWOW64\D3DCompiler_34.dll
2014-12-10 20:46:44 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2014-12-10 20:46:44 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2014-12-10 20:46:40 ----A---- C:\WINDOWS\SYSWOW64\d3dx9_34.dll
2014-12-10 20:46:40 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2014-12-10 20:46:33 ----A---- C:\WINDOWS\SYSWOW64\xinput1_3.dll
2014-12-10 20:46:33 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2014-12-10 20:46:28 ----A---- C:\WINDOWS\SYSWOW64\xactengine2_7.dll
2014-12-10 20:46:28 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2014-12-10 20:46:27 ----A---- C:\WINDOWS\SYSWOW64\d3dx10_33.dll
2014-12-10 20:46:27 ----A---- C:\WINDOWS\SYSWOW64\D3DCompiler_33.dll
2014-12-10 20:46:27 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2014-12-10 20:46:27 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2014-12-10 20:46:25 ----A---- C:\WINDOWS\SYSWOW64\d3dx9_33.dll
2014-12-10 20:46:25 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2014-12-10 20:46:20 ----A---- C:\WINDOWS\SYSWOW64\xactengine2_6.dll
2014-12-10 20:46:20 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2014-12-10 20:46:16 ----A---- C:\WINDOWS\SYSWOW64\xactengine2_5.dll
2014-12-10 20:46:16 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2014-12-10 20:46:14 ----A---- C:\WINDOWS\SYSWOW64\d3dx10.dll
2014-12-10 20:46:14 ----A---- C:\WINDOWS\system32\d3dx10.dll
2014-12-10 20:46:07 ----A---- C:\WINDOWS\SYSWOW64\d3dx9_32.dll
2014-12-10 20:46:07 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2014-12-10 20:46:00 ----A---- C:\WINDOWS\SYSWOW64\xactengine2_4.dll
2014-12-10 20:46:00 ----A---- C:\WINDOWS\SYSWOW64\x3daudio1_1.dll
2014-12-10 20:46:00 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2014-12-10 20:46:00 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2014-12-10 20:45:56 ----A---- C:\WINDOWS\SYSWOW64\d3dx9_31.dll
2014-12-10 20:45:56 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2014-12-10 20:45:54 ----A---- C:\WINDOWS\SYSWOW64\xactengine2_3.dll
2014-12-10 20:45:54 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2014-12-10 20:45:53 ----A---- C:\WINDOWS\SYSWOW64\xinput1_2.dll
2014-12-10 20:45:53 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2014-12-10 20:45:48 ----A---- C:\WINDOWS\SYSWOW64\xactengine2_2.dll
2014-12-10 20:45:48 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2014-12-10 20:45:47 ----A---- C:\WINDOWS\SYSWOW64\xinput1_1.dll
2014-12-10 20:45:47 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2014-12-10 20:45:45 ----A---- C:\WINDOWS\SYSWOW64\xactengine2_1.dll
2014-12-10 20:45:45 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2014-12-10 20:45:31 ----A---- C:\WINDOWS\SYSWOW64\d3dx9_30.dll
2014-12-10 20:45:31 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2014-12-10 20:45:28 ----A---- C:\WINDOWS\SYSWOW64\xactengine2_0.dll
2014-12-10 20:45:28 ----A---- C:\WINDOWS\SYSWOW64\x3daudio1_0.dll
2014-12-10 20:45:28 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2014-12-10 20:45:28 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2014-12-10 20:45:23 ----A---- C:\WINDOWS\SYSWOW64\d3dx9_29.dll
2014-12-10 20:45:23 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2014-12-10 20:45:21 ----A---- C:\WINDOWS\SYSWOW64\d3dx9_28.dll
2014-12-10 20:45:21 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2014-12-10 20:45:20 ----A---- C:\WINDOWS\SYSWOW64\d3dx9_27.dll
2014-12-10 20:45:20 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2014-12-10 20:45:19 ----A---- C:\WINDOWS\SYSWOW64\d3dx9_26.dll
2014-12-10 20:45:19 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2014-12-10 20:45:17 ----A---- C:\WINDOWS\SYSWOW64\d3dx9_25.dll
2014-12-10 20:45:17 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2014-12-10 20:45:12 ----A---- C:\WINDOWS\SYSWOW64\d3dx9_24.dll
2014-12-10 20:45:12 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2014-12-10 20:34:40 ----D---- C:\Program Files (x86)\The Elder Scrolls V Skyrim
2014-12-07 16:40:16 ----D---- C:\NPE
2014-12-07 13:06:18 ----D---- C:\Users\HP\AppData\Roaming\Opera Software
2014-12-07 13:05:48 ----D---- C:\Program Files (x86)\Opera

======List of files/folders modified in the last 1 month======

2015-01-01 14:34:13 ----D---- C:\WINDOWS\Temp
2015-01-01 14:11:34 ----A---- C:\WINDOWS\SYSWOW64\bscs.ini
2015-01-01 14:09:22 ----D---- C:\WINDOWS\Prefetch
2015-01-01 14:09:06 ----RD---- C:\Program Files
2015-01-01 14:08:29 ----A---- C:\WINDOWS\SYSWOW64\LOCALSERVICE.INI
2015-01-01 14:08:28 ----A---- C:\WINDOWS\SYSWOW64\LOCALDEVICE.INI
2015-01-01 14:00:00 ----D---- C:\WINDOWS\system32\sru
2014-12-31 23:38:15 ----D---- C:\WINDOWS\Inf
2014-12-31 23:36:37 ----D---- C:\WINDOWS\Microsoft.NET
2014-12-31 17:20:20 ----A---- C:\WINDOWS\SYSWOW64\log.txt
2014-12-31 17:17:16 ----SHD---- C:\System Volume Information
2014-12-31 15:31:03 ----D---- C:\WINDOWS\LiveKernelReports
2014-12-31 15:16:56 ----D---- C:\WINDOWS\system32\drivers
2014-12-31 14:57:47 ----D---- C:\Users\HP\AppData\Roaming\BitTorrent
2014-12-31 11:59:47 ----D---- C:\Program Files (x86)\Steam
2014-12-31 11:56:26 ----D---- C:\Program Files (x86)\Common Files
2014-12-30 01:16:46 ----D---- C:\WINDOWS\system32\Tasks
2014-12-29 23:06:56 ----D---- C:\WINDOWS\AppReadiness
2014-12-29 15:15:06 ----RD---- C:\Program Files (x86)
2014-12-28 11:30:45 ----RD---- C:\WINDOWS\System32
2014-12-28 11:30:45 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-21 23:35:02 ----D---- C:\WINDOWS\system32\config
2014-12-20 17:59:37 ----D---- C:\WINDOWS\rescache
2014-12-20 12:35:37 ----D---- C:\WINDOWS\WinSxS
2014-12-20 12:34:31 ----D---- C:\WINDOWS\system32\catroot2
2014-12-20 11:47:07 ----D---- C:\WINDOWS\CbsTemp
2014-12-18 22:48:29 ----HD---- C:\ProgramData
2014-12-18 22:48:10 ----D---- C:\Windows
2014-12-18 10:17:07 ----HD---- C:\Program Files\WindowsApps
2014-12-17 22:28:34 ----D---- C:\WINDOWS\system32\DriverStore
2014-12-12 08:06:35 ----D---- C:\WINDOWS\system32\catroot
2014-12-11 19:37:56 ----D---- C:\WINDOWS\SysWOW64
2014-12-11 14:04:56 ----D---- C:\WINDOWS\SYSWOW64\cs-CZ
2014-12-11 14:04:56 ----D---- C:\WINDOWS\system32\sr-Latn-RS
2014-12-11 14:04:56 ----D---- C:\WINDOWS\system32\sr-Latn-CS
2014-12-11 14:04:56 ----D---- C:\WINDOWS\system32\cs-CZ
2014-12-11 14:04:55 ----SD---- C:\WINDOWS\system32\CompatTel
2014-12-11 14:04:55 ----SD---- C:\ProgramData\Microsoft
2014-12-11 14:04:50 ----D---- C:\WINDOWS\PolicyDefinitions
2014-12-11 14:04:50 ----D---- C:\Program Files\Internet Explorer
2014-12-11 14:04:50 ----D---- C:\Program Files (x86)\Internet Explorer
2014-12-11 10:53:40 ----SHD---- C:\WINDOWS\Installer
2014-12-11 10:53:33 ----D---- C:\ProgramData\Microsoft Help
2014-12-11 10:53:01 ----D---- C:\WINDOWS\system32\MRT
2014-12-11 10:42:07 ----A---- C:\WINDOWS\system32\MRT.exe
2014-12-11 08:25:32 ----D---- C:\Users\HP\AppData\Roaming\ESTsoft
2014-12-11 08:07:57 ----RSD---- C:\WINDOWS\assembly
2014-12-10 20:41:41 ----D---- C:\WINDOWS\Logs
2014-12-07 16:42:20 ----D---- C:\WINDOWS\system32\wdi
2014-12-07 16:37:19 ----D---- C:\ProgramData\Norton

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStorA;iaStorA; C:\WINDOWS\System32\drivers\iaStorA.sys [2012-08-01 645952]
R0 SymDS;Symantec Data Store; C:\WINDOWS\system32\drivers\N360x64\1506000.020\SYMDS64.SYS [2014-08-26 493656]
R0 SymEFA;Symantec Extended File Attributes; C:\WINDOWS\system32\drivers\N360x64\1506000.020\SYMEFA64.SYS [2014-08-26 1148120]
R1 BHDrvx64;BHDrvx64; \??\C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\BASHDefs\20141209.001\BHDrvx64.sys [2014-10-17 1587416]
R1 ccSet_N360;N360 Settings Manager; C:\WINDOWS\system32\drivers\N360x64\1506000.020\ccSetx64.sys [2014-02-21 162392]
R1 CLVirtualDrive;CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [2012-06-25 92536]
R1 dtsoftbus01;@oem18.inf,%DTSoftBus.SVCDESC%;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [2014-10-28 283064]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2014-12-11 487216]
R1 IDSVia64;IDSVia64; \??\C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\IPSDefs\20141231.001\IDSvia64.sys [2014-11-18 637656]
R1 SRTSP;Symantec Real Time Storage Protection x64; C:\WINDOWS\system32\drivers\N360x64\1506000.020\SRTSP64.SYS [2014-08-26 876248]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\WINDOWS\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [2014-08-26 37592]
R1 SymIRON;Symantec Iron Driver; C:\WINDOWS\system32\drivers\N360x64\1506000.020\Ironx64.SYS [2014-08-06 266968]
R1 SymNetS;Symantec Network Security WFP Driver; C:\WINDOWS\system32\drivers\N360x64\1506000.020\SYMNETS.SYS [2014-08-26 593112]
R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\WINDOWS\system32\DRIVERS\vwififlt.sys [2014-04-30 71680]
R3 BtAudioBusSrv;@oem6.inf,%SvcDesc%;IVT Bluetooth Audio Bus Service; C:\WINDOWS\System32\Drivers\BtAudioBus.sys [2012-06-15 23136]
R3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Služba Bluetooth Enumerator; C:\WINDOWS\System32\drivers\BthEnum.sys [2013-08-22 53248]
R3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service; C:\WINDOWS\System32\Drivers\BtL2caScoIf.sys [2012-07-19 56904]
R3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Ovladač úspory energie technologie Bluetooth; C:\WINDOWS\system32\DRIVERS\BthLEEnum.sys [2014-09-24 226304]
R3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Zařízení Bluetooth (síť PAN); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2014-09-24 118272]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2014-09-24 81920]
R3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service; C:\WINDOWS\System32\Drivers\IvtUrbBtFlt.sys [2012-08-08 48736]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-12-11 142640]
R3 igfx;igfx; C:\WINDOWS\system32\DRIVERS\igdkmd64.sys [2014-01-29 5363200]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RTKVHD64.sys [2012-06-20 4065296]
R3 IntcDAud;@oem10.inf,%IntcDAud.SvcDesc%;Intel(R) Display Audio; C:\WINDOWS\system32\DRIVERS\IntcDAud.sys [2012-06-20 342528]
R3 MEIx64;@oem14.inf,%HECI_SvcDesc%;Intel(R) Management Engine Interface ; C:\WINDOWS\System32\drivers\HECIx64.sys [2012-07-03 62784]
R3 NAVENG;NAVENG; \??\C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\VirusDefs\20141231.020\ENG64.SYS [2014-08-11 129752]
R3 NAVEX15;NAVEX15; \??\C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\VirusDefs\20141231.020\EX64.SYS [2014-08-11 2137304]
R3 netr28x;@oem16.inf,%Generic.Service.DispName%;Ralink 802.11n Extensible Wireless Driver; C:\WINDOWS\system32\DRIVERS\netr28x.sys [2013-12-04 2505904]
R3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2014-09-24 167424]
R3 rtbth;@oem17.inf,%General.Service.DispName%;RTBTH Bluetooth Device Driver; C:\WINDOWS\System32\drivers\rtbth.sys [2013-12-02 1204424]
R3 RTL8168;@netrt630x64.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\WINDOWS\system32\DRIVERS\Rt630x64.sys [2013-06-18 591360]
R3 SmbDrvI;SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [2012-08-24 43832]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [2014-10-21 177752]
R3 SynTP;@oem22.inf,%SynTP.SvcDesc%;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2012-08-24 448312]
R3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2013-08-22 212224]
R3 vwifimp;@%SystemRoot%\System32\drivers\vwifimp.sys,-261; C:\WINDOWS\system32\DRIVERS\vwifimp.sys [2014-04-30 38912]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2014-09-24 1200640]
S3 RSP2STOR;@oem20.inf,%Rts5229%;Realtek PCIE CardReader Driver - P2; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [2012-07-03 269968]
S3 SmbDrv;SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [2012-08-24 41272]
S4 SymELAM;Symantec ELAM Driver; C:\WINDOWS\system32\drivers\N360x64\1506000.020\SymELAM.sys [2014-08-26 23568]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AERTFilters;Andrea RT Filters Service; C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\WINDOWS\system32\svchost.exe [2013-08-22 37768]
R2 BlueSoleilCS;BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [2012-08-02 1544192]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
R2 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-08-10 85504]
R2 HPWMISVC;HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-07-09 35232]
R2 IconMan_R;IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-07-14 2451456]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-04-20 635104]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-07-18 165760]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2012-07-18 276864]
R2 N360;Norton 360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [2014-09-21 265040]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-07-18 364416]
R3 BsHelpCS;BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [2012-07-10 138752]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2012-08-10 1001376]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-15 107912]
S3 aspnet_state;@%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_rc.dll,-1; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-08-10 50784]
S3 cphs;Intel(R) Content Protection HECI Service; C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe [2014-01-29 279000]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2013-08-03 43696]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-15 107912]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2013-12-18 50942144]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2014-11-18 833728]
S3 w3logsvc;@%windir%\system32\inetsrv\iisres.dll,-30014; C:\WINDOWS\system32\svchost.exe [2013-08-22 37768]
S3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\WINDOWS\system32\svchost.exe [2013-08-22 37768]
S4 BthAvrcpTg;@bthaudhid.inf,%BthAvrcpTg_SvcDesc%;Bluetooth Audio/Video Remote Control HID; C:\WINDOWS\System32\drivers\BthAvrcpTg.sys [2013-08-22 36992]
S4 BthHFEnum;@bthhfenum.inf,%BthHFEnum.SVCDESC%;Bluetooth Hands-Free Audio and Call Control HID Enumerator; C:\WINDOWS\System32\drivers\bthhfenum.sys [2013-08-22 57856]
S4 bthhfhid;@bthaudhid.inf,%BthAudioHFHid.SVCDESC%;Bluetooth Hands-Free Call Control HID; C:\WINDOWS\System32\drivers\BthHFHid.sys [2013-08-22 30720]

-----------------EOF-----------------

[Lionetta]

Tak snad je to ono děkuji za návod

[Márty84]

Je to ono, sikulka


Stahnete AdwCleaner https://toolslib.net/downloads/finish/1/ a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Clean
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner [S?].txt ). Ten mi sem zkopirujte.

[Lionetta]

# AdwCleaner v4.106 - Report created 01/01/2015 at 19:06:44
# Updated 21/12/2014 by Xplode
# Database : 2015-01-01.1 [Live]
# Operating System : Windows 8.1 (64 bits)
# Username : HP - HP-HP
# Running from : C:\Users\HP\Desktop\adwcleaner_4.106.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\AlawarWrapper
Folder Deleted : C:\Users\Public\Documents\AlawarWrapper
Folder Deleted : C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
File Deleted : C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage
File Deleted : C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Google Chrome v39.0.2171.95


-\\ Opera v26.0.1656.60

[C:\Users\HP\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : aaipilfmheplbcghignccoiiebekkdhe
[C:\Users\HP\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : elchiiiejkobdbblfejjkbphbddgmljf
[C:\Users\HP\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : ffhfoagmjcnkolneahbpagjcjjaeofbg
[C:\Users\HP\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : hjghiofiijcepdnocbgefbdlbckjfheg
[C:\Users\HP\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : iklgpchfbohgmghgfagediakopecfmbm
[C:\Users\HP\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : kfgaibfbmkjgmimhbbaikfnpkkjkpoan
[C:\Users\HP\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : lmnbobhffedhdhfpcjkjphcfpeeiocdn
[C:\Users\HP\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : kjpifmjicccpbkfjdkehimhgklfkbanh
[C:\Users\HP\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : hoidflomjnnnbiemmkjdjkkialmhbago
[C:\Users\HP\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : ekpibplnnkfdcafdpoekhoffegcajene
[C:\Users\HP\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : ipljmghelflfikejmgkmlmpjmehfjodc
[C:\Users\HP\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : ejddjnilmdncjilbfjgameihlklfpohp
[C:\Users\HP\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : eagomcfjiefffhpaejnlpjccikpipdoe
[C:\Users\HP\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : aonedlchkbicmhepimiahfalheedjgbh

*************************

AdwCleaner[R0].txt - [3883 octets] - [01/01/2015 18:59:36]
AdwCleaner[S0].txt - [3509 octets] - [01/01/2015 19:06:44]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3569 octets] ##########

[Márty84]

Udelejte kontrolu s MBAM. Test nastavte podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=29&t=137928 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

[Lionetta]

Tak jsem konečně tu (výlet na hory a svátky s rodinou), také se omlouvám za to, že jsem to neudělala dříve, nebyla možnost :/
Tak tady je ten log:
Objects Scanned: 541535
Time Elapsed: 9 hr, 34 min, 51 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

[Márty84]

Vitejte doma

Nic se nedeje, rodina je vzdy na prvnim miste, pocitac prece pocka, tak je to spravne


MBAM odinstalujte.

Zkuste ted dat logy podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100 - vypnete na chvili antivir, je mozne, ze to bude blokovat jako skodnou, ale pouzivame to porad, jedna se o falesny poplach

Kdyby vam to neslo, tak dejte novy log z RSITx64

[Lionetta]

Ten FRST mi vůbec nejde, zkusím zítra říct příteli jestli bude u mě

[Lionetta]

Tady je kdyžtak RSIT, a ten FRST zkusíme tedy zítra
Logfile of random's system information tool 1.10 (written by random/random)
Run by HP at 2015-01-05 00:41:07
Microsoft Windows 8.1
System drive C: has 380 GB (82%) free of 461 GB
Total RAM: 3983 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:41:26, on 5. 1. 2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17416)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coNatHst.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\HP.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CPNTDFJS
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CPNTDFJS
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll
O4 - HKLM\..\Run: [BtTray] "C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe"
O4 - HKLM\..\Run: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKCU\..\Run: [Remote Mouse] C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWow64\skype4com.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: BlueSoleilCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BsHelpCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11596 bytes

======Listing Processes======





wininit.exe

C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe"
C:\WINDOWS\system32\svchost.exe -k apphost
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe"
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe" /s "N360" /m "C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\diMaster.dll" /prefetch:1
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe"
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
"C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"

C:\WINDOWS\System32\WinLogon.exe -SpecialSession
-hiberboot
taskhostex.exe
"\Program Files\Synaptics\SynTP\SynTPEnh.exe"
C:\WINDOWS\Explorer.EXE
"C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe" /c /a /s UserSession
"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
"C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe"
"C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
"C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
taskhost.exe
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe"
dashost.exe {c917ed76-e62a-4561-ab01df5b7d17708e}
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="5984.0.1648926373\352595761" --disable-d3d11 --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,6,17,38 --gpu-vendor-id=0x8086 --gpu-device-id=0x0106 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=9.17.10.3347 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group4 pct:10d stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/ControlBootstrap/ExtensionInstallVerification/Enforce/GoogleNow/Enable/NewProfileManagement/OldAvatarMenu/OmniboxBundledExperimentV1/NewSuggestType_A10_Stable_R2/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/QUIC/Disabled/RememberCertificateErrorDecisions/Default/SPDY/DefaultSpdy31Enabled/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-1-Percent/group_10/UMA-Uniformity-Trial-10-Percent/group_06/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="5984.3.1092175648\1763615384" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\nacl64" --type=nacl-broker --channel="5984.6.1214346821\1564638040" /prefetch:-875166825
C:\WINDOWS\system32\cmd.exe /c "C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coNatHst.exe" --parent-window=0 chrome-extension://mkfokfffehpeedafpekjeddnmnjhmcmk/ < \\.\pipe\chrome.nativeMessaging.in.e1b92c044025b100 > \\.\pipe\chrome.nativeMessaging.out.e1b92c044025b100
\??\C:\WINDOWS\system32\conhost.exe 0x4
"C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\nacl64.exe" --type=nacl-loader --channel="5984.5.1614414679\1444528785" --ignored=" --type=renderer " /prefetch:-1502398898
"C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coNatHst.exe" --parent-window=0 chrome-extension://mkfokfffehpeedafpekjeddnmnjhmcmk/
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group4 pct:10d stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/ControlBootstrap/ExtensionInstallVerification/Enforce/GoogleNow/Enable/NewProfileManagement/OldAvatarMenu/OmniboxBundledExperimentV1/NewSuggestType_A10_Stable_R2/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/QUIC/Disabled/RememberCertificateErrorDecisions/Default/SPDY/DefaultSpdy31Enabled/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-1-Percent/group_10/UMA-Uniformity-Trial-10-Percent/group_06/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="5984.170.1355188404\1466952371" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="5984.173.622977197\1708157272" --ppapi-flash-args=enable_hw_video_decode=1 --lang=cs --ignored=" --type=renderer " /prefetch:-632637702
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group4 pct:10d stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/ControlBootstrap/ExtensionInstallVerification/Enforce/GoogleNow/Enable/NewProfileManagement/OldAvatarMenu/OmniboxBundledExperimentV1/NewSuggestType_A10_Stable_R2/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/QUIC/Disabled/RememberCertificateErrorDecisions/Default/SPDY/DefaultSpdy31Enabled/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-1-Percent/group_10/UMA-Uniformity-Trial-10-Percent/group_06/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="5984.177.981434570\1616748004" /prefetch:673131151

"C:\Users\HP\Desktop\RSITx64.exe"
C:\WINDOWS\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-2424316963-631298389-2926100737-1001Core.job - C:\Users\HP\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver
C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-2424316963-631298389-2926100737-1001UA.job - C:\Users\HP\AppData\Local\Facebook\Update\FacebookUpdate.exe /ua /installsource scheduler
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\WINDOWS\tasks\Synaptics TouchPad Enhancements.job - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Norton Identity Protection - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll [2014-09-20 917856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2013-12-18 6671064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files (x86)\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Norton Identity Protection - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll [2014-09-20 655200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Norton Vulnerability Protection - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL [2014-08-26 392336]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-18 4171480]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2012-07-09 351136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll [2014-09-20 917856]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll [2014-09-20 655200]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2012-06-12 6548112]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2012-11-05 108144]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-24 2916152]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Remote Mouse"=C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"BtTray"=C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [2012-08-02 363520]
"CLVirtualDrive"=C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [2012-07-26 491320]
"RemoteControl10"=C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [2012-03-28 91432]
"HP Quick Launch"=C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [2012-07-09 580512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2014-01-29 442880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2013-12-18 6671064]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-18 4171480]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2091-08-07 08:04:47 ----A---- C:\WINDOWS\system32\netcfg-80890.txt
2091-08-07 08:04:17 ----A---- C:\WINDOWS\system32\netcfg-50437.txt
2015-01-04 02:38:31 ----A---- C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
2015-01-04 02:37:04 ----D---- C:\ProgramData\Malwarebytes
2015-01-04 02:37:04 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-04 02:37:04 ----A---- C:\WINDOWS\system32\drivers\mwac.sys
2015-01-04 02:37:04 ----A---- C:\WINDOWS\system32\drivers\mbamchameleon.sys
2015-01-04 02:37:04 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2015-01-03 20:59:00 ----D---- C:\Users\HP\AppData\Roaming\Firefly Studios
2015-01-01 18:59:34 ----D---- C:\AdwCleaner
2015-01-01 14:09:06 ----D---- C:\Program Files\trend micro
2015-01-01 14:09:05 ----D---- C:\rsit
2014-12-29 15:15:06 ----D---- C:\Program Files (x86)\Euro Truck Simulator 2
2014-12-18 22:37:09 ----A---- C:\WINDOWS\ntbtlog.txt
2014-12-11 14:04:55 ----D---- C:\WINDOWS\system32\appraiser
2014-12-11 10:18:42 ----A---- C:\WINDOWS\BlendSettings.ini
2014-12-11 09:06:55 ----A---- C:\WINDOWS\SYSWOW64\DeviceSetupStatusProvider.dll
2014-12-11 09:06:55 ----A---- C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2014-12-11 09:06:37 ----A---- C:\WINDOWS\system32\crypt32.dll
2014-12-11 09:06:36 ----A---- C:\WINDOWS\SYSWOW64\crypt32.dll
2014-12-11 08:19:46 ----A---- C:\WINDOWS\system32\mshtml.dll
2014-12-11 08:19:43 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll
2014-12-11 08:19:34 ----A---- C:\WINDOWS\system32\ieframe.dll
2014-12-11 08:19:32 ----A---- C:\WINDOWS\SYSWOW64\ieframe.dll
2014-12-11 08:19:30 ----A---- C:\WINDOWS\system32\jscript9.dll
2014-12-11 08:19:29 ----A---- C:\WINDOWS\system32\wininet.dll
2014-12-11 08:19:28 ----A---- C:\WINDOWS\SYSWOW64\wininet.dll
2014-12-11 08:19:28 ----A---- C:\WINDOWS\system32\urlmon.dll
2014-12-11 08:19:28 ----A---- C:\WINDOWS\system32\iertutil.dll
2014-12-11 08:19:27 ----A---- C:\WINDOWS\SYSWOW64\urlmon.dll
2014-12-11 08:19:27 ----A---- C:\WINDOWS\SYSWOW64\iertutil.dll
2014-12-11 08:19:26 ----A---- C:\WINDOWS\SYSWOW64\jscript9.dll
2014-12-11 08:19:24 ----A---- C:\WINDOWS\SYSWOW64\ieapfltr.dll
2014-12-11 08:19:24 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2014-12-11 08:19:21 ----A---- C:\WINDOWS\SYSWOW64\vbscript.dll
2014-12-11 08:19:19 ----A---- C:\WINDOWS\SYSWOW64\msfeeds.dll
2014-12-11 08:19:19 ----A---- C:\WINDOWS\system32\msfeeds.dll
2014-12-11 08:19:19 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2014-12-11 08:19:18 ----A---- C:\WINDOWS\SYSWOW64\iedkcs32.dll
2014-12-11 08:19:18 ----A---- C:\WINDOWS\system32\vbscript.dll
2014-12-11 08:19:18 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2014-12-11 08:19:17 ----A---- C:\WINDOWS\system32\iepeers.dll
2014-12-11 08:19:16 ----A---- C:\WINDOWS\SYSWOW64\mshtmled.dll
2014-12-11 08:19:16 ----A---- C:\WINDOWS\SYSWOW64\dxtrans.dll
2014-12-11 08:19:16 ----A---- C:\WINDOWS\system32\MshtmlDac.dll
2014-12-11 08:19:15 ----A---- C:\WINDOWS\SYSWOW64\webcheck.dll
2014-12-11 08:19:15 ----A---- C:\WINDOWS\SYSWOW64\MshtmlDac.dll
2014-12-11 08:19:15 ----A---- C:\WINDOWS\SYSWOW64\iepeers.dll
2014-12-11 08:19:15 ----A---- C:\WINDOWS\system32\webcheck.dll
2014-12-11 08:19:15 ----A---- C:\WINDOWS\system32\mshtmled.dll
2014-12-11 08:19:15 ----A---- C:\WINDOWS\system32\dxtrans.dll
2014-12-11 08:19:14 ----A---- C:\WINDOWS\system32\jscript.dll
2014-12-11 08:19:14 ----A---- C:\WINDOWS\system32\inetcomm.dll
2014-12-11 08:19:13 ----A---- C:\WINDOWS\SYSWOW64\jscript.dll
2014-12-11 08:19:13 ----A---- C:\WINDOWS\SYSWOW64\inetcomm.dll
2014-12-11 08:17:19 ----A---- C:\WINDOWS\system32\WindowsCodecs.dll
2014-12-11 08:17:18 ----A---- C:\WINDOWS\SYSWOW64\WindowsCodecs.dll
2014-12-11 08:14:30 ----A---- C:\WINDOWS\system32\appraiser.dll
2014-12-11 08:14:30 ----A---- C:\WINDOWS\system32\aepic.dll
2014-12-11 08:14:29 ----A---- C:\WINDOWS\system32\aeinv.dll
2014-12-11 08:14:28 ----A---- C:\WINDOWS\system32\invagent.dll
2014-12-11 08:14:28 ----A---- C:\WINDOWS\system32\generaltel.dll
2014-12-11 08:14:28 ----A---- C:\WINDOWS\system32\devinv.dll
2014-12-11 08:14:26 ----A---- C:\WINDOWS\system32\aepdu.dll
2014-12-11 08:14:22 ----A---- C:\WINDOWS\system32\MrmCoreR.dll
2014-12-11 08:14:21 ----A---- C:\WINDOWS\SYSWOW64\MrmCoreR.dll
2014-12-11 08:13:35 ----AC---- C:\WINDOWS\system32\drivers\sdbus.sys
2014-12-11 08:13:34 ----AC---- C:\WINDOWS\system32\drivers\intelpep.sys
2014-12-11 08:13:34 ----AC---- C:\WINDOWS\system32\drivers\dumpsd.sys
2014-12-11 08:13:34 ----A---- C:\WINDOWS\system32\drivers\pdc.sys
2014-12-11 08:13:19 ----A---- C:\WINDOWS\system32\poqexec.exe
2014-12-11 08:13:17 ----A---- C:\WINDOWS\SYSWOW64\poqexec.exe
2014-12-11 08:09:17 ----A---- C:\WINDOWS\SYSWOW64\XAudio2_7.dll
2014-12-11 08:09:17 ----A---- C:\WINDOWS\SYSWOW64\XAPOFX1_5.dll
2014-12-11 08:09:17 ----A---- C:\WINDOWS\system32\XAudio2_7.dll
2014-12-11 08:09:17 ----A---- C:\WINDOWS\system32\XAPOFX1_5.dll
2014-12-11 08:09:16 ----A---- C:\WINDOWS\SYSWOW64\xactengine3_7.dll
2014-12-11 08:09:16 ----A---- C:\WINDOWS\system32\xactengine3_7.dll
2014-12-11 08:09:15 ----A---- C:\WINDOWS\SYSWOW64\D3DCompiler_43.dll
2014-12-11 08:09:15 ----A---- C:\WINDOWS\system32\D3DCompiler_43.dll
2014-12-11 08:09:14 ----A---- C:\WINDOWS\SYSWOW64\d3dcsx_43.dll
2014-12-11 08:09:14 ----A---- C:\WINDOWS\system32\d3dcsx_43.dll
2014-12-11 08:09:13 ----A---- C:\WINDOWS\SYSWOW64\d3dx11_43.dll
2014-12-11 08:09:13 ----A---- C:\WINDOWS\SYSWOW64\d3dx10_43.dll
2014-12-11 08:09:13 ----A---- C:\WINDOWS\system32\d3dx11_43.dll
2014-12-11 08:09:13 ----A---- C:\WINDOWS\system32\d3dx10_43.dll
2014-12-11 08:09:12 ----A---- C:\WINDOWS\SYSWOW64\D3DX9_43.dll
2014-12-11 08:09:12 ----A---- C:\WINDOWS\system32\D3DX9_43.dll
2014-12-11 07:53:05 ----D---- C:\Steam
2014-12-10 20:48:55 ----A---- C:\WINDOWS\SYSWOW64\XAudio2_6.dll
2014-12-10 20:48:55 ----A---- C:\WINDOWS\SYSWOW64\XAPOFX1_4.dll
2014-12-10 20:48:55 ----A---- C:\WINDOWS\system32\XAudio2_6.dll
2014-12-10 20:48:55 ----A---- C:\WINDOWS\system32\XAPOFX1_4.dll
2014-12-10 20:48:53 ----A---- C:\WINDOWS\SYSWOW64\xactengine3_6.dll
2014-12-10 20:48:53 ----A---- C:\WINDOWS\system32\xactengine3_6.dll
2014-12-10 20:48:51 ----A---- C:\WINDOWS\SYSWOW64\X3DAudio1_7.dll
2014-12-10 20:48:51 ----A---- C:\WINDOWS\system32\X3DAudio1_7.dll
2014-12-10 20:48:45 ----A---- C:\WINDOWS\SYSWOW64\XAudio2_5.dll
2014-12-10 20:48:45 ----A---- C:\WINDOWS\system32\XAudio2_5.dll
2014-12-10 20:48:41 ----A---- C:\WINDOWS\SYSWOW64\xactengine3_5.dll
2014-12-10 20:48:41 ----A---- C:\WINDOWS\system32\xactengine3_5.dll
2014-12-10 20:48:39 ----A---- C:\WINDOWS\SYSWOW64\D3DCompiler_42.dll
2014-12-10 20:48:39 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll
2014-12-10 20:48:29 ----A---- C:\WINDOWS\SYSWOW64\d3dcsx_42.dll
2014-12-10 20:48:29 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll
2014-12-10 20:48:24 ----A---- C:\WINDOWS\SYSWOW64\d3dx11_42.dll
2014-12-10 20:48:24 ----A---- C:\WINDOWS\system32\d3dx11_42.dll
2014-12-10 20:48:14 ----A---- C:\WINDOWS\SYSWOW64\d3dx10_42.dll
2014-12-10 20:48:14 ----A---- C:\WINDOWS\system32\d3dx10_42.dll
2014-12-10 20:48:11 ----A---- C:\WINDOWS\SYSWOW64\D3DX9_42.dll
2014-12-10 20:48:11 ----A---- C:\WINDOWS\system32\D3DX9_42.dll
2014-12-10 20:48:08 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2014-12-10 20:48:08 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2014-12-10 20:48:04 ----A---- C:\WINDOWS\SYSWOW64\D3DX9_41.dll
2014-12-10 20:48:04 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2014-12-10 20:47:59 ----A---- C:\WINDOWS\SYSWOW64\XAudio2_4.dll
2014-12-10 20:47:59 ----A---- C:\WINDOWS\SYSWOW64\XAPOFX1_3.dll
2014-12-10 20:47:59 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2014-12-10 20:47:59 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2014-12-10 20:47:57 ----A---- C:\WINDOWS\SYSWOW64\xactengine3_4.dll
2014-12-10 20:47:57 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2014-12-10 20:47:56 ----A---- C:\WINDOWS\SYSWOW64\X3DAudio1_6.dll
2014-12-10 20:47:56 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2014-12-10 20:47:54 ----A---- C:\WINDOWS\SYSWOW64\d3dx10_40.dll
2014-12-10 20:47:54 ----A---- C:\WINDOWS\SYSWOW64\D3DCompiler_40.dll
2014-12-10 20:47:54 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2014-12-10 20:47:54 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2014-12-10 20:47:52 ----A---- C:\WINDOWS\SYSWOW64\D3DX9_40.dll
2014-12-10 20:47:52 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2014-12-10 20:47:48 ----A---- C:\WINDOWS\SYSWOW64\XAudio2_3.dll
2014-12-10 20:47:48 ----A---- C:\WINDOWS\SYSWOW64\XAPOFX1_2.dll
2014-12-10 20:47:48 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2014-12-10 20:47:48 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2014-12-10 20:47:45 ----A---- C:\WINDOWS\SYSWOW64\xactengine3_3.dll
2014-12-10 20:47:45 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2014-12-10 20:47:42 ----A---- C:\WINDOWS\SYSWOW64\X3DAudio1_5.dll
2014-12-10 20:47:42 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2014-12-10 20:47:39 ----A---- C:\WINDOWS\SYSWOW64\XAudio2_2.dll
2014-12-10 20:47:39 ----A---- C:\WINDOWS\SYSWOW64\XAPOFX1_1.dll
2014-12-10 20:47:39 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2014-12-10 20:47:39 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2014-12-10 20:47:37 ----A---- C:\WINDOWS\SYSWOW64\xactengine3_2.dll
2014-12-10 20:47:37 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2014-12-10 20:47:35 ----A---- C:\WINDOWS\SYSWOW64\d3dx10_39.dll
2014-12-10 20:47:35 ----A---- C:\WINDOWS\SYSWOW64\D3DCompiler_39.dll
2014-12-10 20:47:35 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2014-12-10 20:47:35 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2014-12-10 20:47:34 ----A---- C:\WINDOWS\SYSWOW64\D3DX9_39.dll
2014-12-10 20:47:34 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2014-12-10 20:47:31 ----A---- C:\WINDOWS\SYSWOW64\XAudio2_1.dll
2014-12-10 20:47:31 ----A---- C:\WINDOWS\SYSWOW64\XAPOFX1_0.dll
2014-12-10 20:47:31 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2014-12-10 20:47:31 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2014-12-10 20:47:28 ----A---- C:\WINDOWS\SYSWOW64\xactengine3_1.dll
2014-12-10 20:47:28 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2014-12-10 20:47:25 ----A---- C:\WINDOWS\SYSWOW64\X3DAudio1_4.dll
2014-12-10 20:47:25 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2014-12-10 20:47:19 ----A---- C:\WINDOWS\SYSWOW64\d3dx10_38.dll
2014-12-10 20:47:19 ----A---- C:\WINDOWS\SYSWOW64\D3DCompiler_38.dll
2014-12-10 20:47:19 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2014-12-10 20:47:19 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2014-12-10 20:47:14 ----A---- C:\WINDOWS\SYSWOW64\D3DX9_38.dll
2014-12-10 20:47:14 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2014-12-10 20:47:11 ----A---- C:\WINDOWS\SYSWOW64\XAudio2_0.dll
2014-12-10 20:47:11 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2014-12-10 20:47:10 ----A---- C:\WINDOWS\SYSWOW64\xactengine3_0.dll
2014-12-10 20:47:10 ----A---- C:\WINDOWS\SYSWOW64\X3DAudio1_3.dll
2014-12-10 20:47:10 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2014-12-10 20:47:10 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2014-12-10 20:47:08 ----A---- C:\WINDOWS\SYSWOW64\d3dx10_37.dll
2014-12-10 20:47:08 ----A---- C:\WINDOWS\SYSWOW64\D3DCompiler_37.dll
2014-12-10 20:47:08 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2014-12-10 20:47:08 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2014-12-10 20:47:06 ----A---- C:\WINDOWS\SYSWOW64\D3DX9_37.dll
2014-12-10 20:47:06 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2014-12-10 20:47:04 ----A---- C:\WINDOWS\SYSWOW64\xactengine2_10.dll
2014-12-10 20:47:04 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2014-12-10 20:46:55 ----A---- C:\WINDOWS\SYSWOW64\d3dx10_36.dll
2014-12-10 20:46:55 ----A---- C:\WINDOWS\SYSWOW64\D3DCompiler_36.dll
2014-12-10 20:46:55 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2014-12-10 20:46:55 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2014-12-10 20:46:52 ----A---- C:\WINDOWS\SYSWOW64\d3dx9_36.dll
2014-12-10 20:46:52 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2014-12-10 20:46:50 ----A---- C:\WINDOWS\SYSWOW64\xactengine2_9.dll
2014-12-10 20:46:50 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2014-12-10 20:46:49 ----A---- C:\WINDOWS\SYSWOW64\d3dx10_35.dll
2014-12-10 20:46:49 ----A---- C:\WINDOWS\SYSWOW64\D3DCompiler_35.dll
2014-12-10 20:46:49 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2014-12-10 20:46:49 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2014-12-10 20:46:47 ----A---- C:\WINDOWS\SYSWOW64\d3dx9_35.dll
2014-12-10 20:46:47 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2014-12-10 20:46:45 ----A---- C:\WINDOWS\SYSWOW64\xactengine2_8.dll
2014-12-10 20:46:45 ----A---- C:\WINDOWS\SYSWOW64\X3DAudio1_2.dll
2014-12-10 20:46:45 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2014-12-10 20:46:45 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2014-12-10 20:46:44 ----A---- C:\WINDOWS\SYSWOW64\d3dx10_34.dll
2014-12-10 20:46:44 ----A---- C:\WINDOWS\SYSWOW64\D3DCompiler_34.dll
2014-12-10 20:46:44 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2014-12-10 20:46:44 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2014-12-10 20:46:40 ----A---- C:\WINDOWS\SYSWOW64\d3dx9_34.dll
2014-12-10 20:46:40 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2014-12-10 20:46:33 ----A---- C:\WINDOWS\SYSWOW64\xinput1_3.dll
2014-12-10 20:46:33 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2014-12-10 20:46:28 ----A---- C:\WINDOWS\SYSWOW64\xactengine2_7.dll
2014-12-10 20:46:28 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2014-12-10 20:46:27 ----A---- C:\WINDOWS\SYSWOW64\d3dx10_33.dll
2014-12-10 20:46:27 ----A---- C:\WINDOWS\SYSWOW64\D3DCompiler_33.dll
2014-12-10 20:46:27 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2014-12-10 20:46:27 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2014-12-10 20:46:25 ----A---- C:\WINDOWS\SYSWOW64\d3dx9_33.dll
2014-12-10 20:46:25 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2014-12-10 20:46:20 ----A---- C:\WINDOWS\SYSWOW64\xactengine2_6.dll
2014-12-10 20:46:20 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2014-12-10 20:46:16 ----A---- C:\WINDOWS\SYSWOW64\xactengine2_5.dll
2014-12-10 20:46:16 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2014-12-10 20:46:14 ----A---- C:\WINDOWS\SYSWOW64\d3dx10.dll
2014-12-10 20:46:14 ----A---- C:\WINDOWS\system32\d3dx10.dll
2014-12-10 20:46:07 ----A---- C:\WINDOWS\SYSWOW64\d3dx9_32.dll
2014-12-10 20:46:07 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2014-12-10 20:46:00 ----A---- C:\WINDOWS\SYSWOW64\xactengine2_4.dll
2014-12-10 20:46:00 ----A---- C:\WINDOWS\SYSWOW64\x3daudio1_1.dll
2014-12-10 20:46:00 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2014-12-10 20:46:00 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2014-12-10 20:45:56 ----A---- C:\WINDOWS\SYSWOW64\d3dx9_31.dll
2014-12-10 20:45:56 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2014-12-10 20:45:54 ----A---- C:\WINDOWS\SYSWOW64\xactengine2_3.dll
2014-12-10 20:45:54 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2014-12-10 20:45:53 ----A---- C:\WINDOWS\SYSWOW64\xinput1_2.dll
2014-12-10 20:45:53 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2014-12-10 20:45:48 ----A---- C:\WINDOWS\SYSWOW64\xactengine2_2.dll
2014-12-10 20:45:48 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2014-12-10 20:45:47 ----A---- C:\WINDOWS\SYSWOW64\xinput1_1.dll
2014-12-10 20:45:47 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2014-12-10 20:45:45 ----A---- C:\WINDOWS\SYSWOW64\xactengine2_1.dll
2014-12-10 20:45:45 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2014-12-10 20:45:31 ----A---- C:\WINDOWS\SYSWOW64\d3dx9_30.dll
2014-12-10 20:45:31 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2014-12-10 20:45:28 ----A---- C:\WINDOWS\SYSWOW64\xactengine2_0.dll
2014-12-10 20:45:28 ----A---- C:\WINDOWS\SYSWOW64\x3daudio1_0.dll
2014-12-10 20:45:28 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2014-12-10 20:45:28 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2014-12-10 20:45:23 ----A---- C:\WINDOWS\SYSWOW64\d3dx9_29.dll
2014-12-10 20:45:23 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2014-12-10 20:45:21 ----A---- C:\WINDOWS\SYSWOW64\d3dx9_28.dll
2014-12-10 20:45:21 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2014-12-10 20:45:20 ----A---- C:\WINDOWS\SYSWOW64\d3dx9_27.dll
2014-12-10 20:45:20 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2014-12-10 20:45:19 ----A---- C:\WINDOWS\SYSWOW64\d3dx9_26.dll
2014-12-10 20:45:19 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2014-12-10 20:45:17 ----A---- C:\WINDOWS\SYSWOW64\d3dx9_25.dll
2014-12-10 20:45:17 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2014-12-10 20:45:12 ----A---- C:\WINDOWS\SYSWOW64\d3dx9_24.dll
2014-12-10 20:45:12 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2014-12-10 20:34:40 ----D---- C:\Program Files (x86)\The Elder Scrolls V Skyrim
2014-12-07 16:40:16 ----D---- C:\NPE
2014-12-07 13:06:18 ----D---- C:\Users\HP\AppData\Roaming\Opera Software
2014-12-07 13:05:48 ----D---- C:\Program Files (x86)\Opera

======List of files/folders modified in the last 1 month======

2015-01-05 00:04:00 ----D---- C:\WINDOWS\Temp
2015-01-05 00:02:00 ----D---- C:\WINDOWS\system32\sru
2015-01-04 20:38:39 ----A---- C:\WINDOWS\SYSWOW64\LOCALSERVICE.INI
2015-01-04 16:21:20 ----D---- C:\WINDOWS\Prefetch
2015-01-04 11:18:42 ----A---- C:\WINDOWS\SYSWOW64\bscs.ini
2015-01-04 11:15:34 ----A---- C:\WINDOWS\SYSWOW64\LOCALDEVICE.INI
2015-01-04 02:38:31 ----D---- C:\WINDOWS\system32\drivers
2015-01-04 02:37:04 ----RD---- C:\Program Files (x86)
2015-01-04 02:37:04 ----HD---- C:\ProgramData
2015-01-04 00:42:58 ----D---- C:\Program Files (x86)\Steam
2015-01-03 23:48:03 ----D---- C:\WINDOWS\Microsoft.NET
2015-01-03 20:58:30 ----SD---- C:\Users\HP\AppData\Roaming\Microsoft
2015-01-02 23:06:39 ----D---- C:\WINDOWS\AppReadiness
2015-01-01 19:12:09 ----A---- C:\WINDOWS\SYSWOW64\log.txt
2015-01-01 19:09:09 ----SHD---- C:\System Volume Information
2015-01-01 14:09:06 ----RD---- C:\Program Files
2014-12-31 23:38:15 ----D---- C:\WINDOWS\Inf
2014-12-31 15:31:03 ----D---- C:\WINDOWS\LiveKernelReports
2014-12-31 14:57:47 ----D---- C:\Users\HP\AppData\Roaming\BitTorrent
2014-12-31 11:56:26 ----D---- C:\Program Files (x86)\Common Files
2014-12-30 01:16:46 ----D---- C:\WINDOWS\system32\Tasks
2014-12-28 11:30:45 ----RD---- C:\WINDOWS\System32
2014-12-28 11:30:45 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-21 23:35:02 ----D---- C:\WINDOWS\system32\config
2014-12-20 17:59:37 ----D---- C:\WINDOWS\rescache
2014-12-20 12:35:37 ----D---- C:\WINDOWS\WinSxS
2014-12-20 12:34:31 ----D---- C:\WINDOWS\system32\catroot2
2014-12-20 11:47:07 ----D---- C:\WINDOWS\CbsTemp
2014-12-18 22:48:10 ----D---- C:\Windows
2014-12-18 10:17:07 ----HD---- C:\Program Files\WindowsApps
2014-12-17 22:28:34 ----D---- C:\WINDOWS\system32\DriverStore
2014-12-12 08:06:35 ----D---- C:\WINDOWS\system32\catroot
2014-12-11 19:37:56 ----D---- C:\WINDOWS\SysWOW64
2014-12-11 14:04:56 ----D---- C:\WINDOWS\SYSWOW64\cs-CZ
2014-12-11 14:04:56 ----D---- C:\WINDOWS\system32\sr-Latn-RS
2014-12-11 14:04:56 ----D---- C:\WINDOWS\system32\sr-Latn-CS
2014-12-11 14:04:56 ----D---- C:\WINDOWS\system32\cs-CZ
2014-12-11 14:04:55 ----SD---- C:\WINDOWS\system32\CompatTel
2014-12-11 14:04:55 ----SD---- C:\ProgramData\Microsoft
2014-12-11 14:04:50 ----D---- C:\WINDOWS\PolicyDefinitions
2014-12-11 14:04:50 ----D---- C:\Program Files\Internet Explorer
2014-12-11 14:04:50 ----D---- C:\Program Files (x86)\Internet Explorer
2014-12-11 10:53:40 ----SHD---- C:\WINDOWS\Installer
2014-12-11 10:53:33 ----D---- C:\ProgramData\Microsoft Help
2014-12-11 10:53:01 ----D---- C:\WINDOWS\system32\MRT
2014-12-11 10:42:07 ----A---- C:\WINDOWS\system32\MRT.exe
2014-12-11 08:25:32 ----D---- C:\Users\HP\AppData\Roaming\ESTsoft
2014-12-11 08:07:57 ----RSD---- C:\WINDOWS\assembly
2014-12-10 20:41:41 ----D---- C:\WINDOWS\Logs
2014-12-07 16:42:20 ----D---- C:\WINDOWS\system32\wdi
2014-12-07 16:37:19 ----D---- C:\ProgramData\Norton

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStorA;iaStorA; C:\WINDOWS\System32\drivers\iaStorA.sys [2012-08-01 645952]
R0 SymDS;Symantec Data Store; C:\WINDOWS\system32\drivers\N360x64\1506000.020\SYMDS64.SYS [2014-08-26 493656]
R0 SymEFA;Symantec Extended File Attributes; C:\WINDOWS\system32\drivers\N360x64\1506000.020\SYMEFA64.SYS [2014-08-26 1148120]
R1 BHDrvx64;BHDrvx64; \??\C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\BASHDefs\20141209.001\BHDrvx64.sys [2014-10-17 1587416]
R1 ccSet_N360;N360 Settings Manager; C:\WINDOWS\system32\drivers\N360x64\1506000.020\ccSetx64.sys [2014-02-21 162392]
R1 CLVirtualDrive;CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [2012-06-25 92536]
R1 dtsoftbus01;@oem18.inf,%DTSoftBus.SVCDESC%;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [2014-10-28 283064]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2014-12-11 487216]
R1 IDSVia64;IDSVia64; \??\C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\IPSDefs\20150102.001\IDSvia64.sys [2014-11-18 637656]
R1 SRTSP;Symantec Real Time Storage Protection x64; C:\WINDOWS\system32\drivers\N360x64\1506000.020\SRTSP64.SYS [2014-08-26 876248]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\WINDOWS\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [2014-08-26 37592]
R1 SymIRON;Symantec Iron Driver; C:\WINDOWS\system32\drivers\N360x64\1506000.020\Ironx64.SYS [2014-08-06 266968]
R1 SymNetS;Symantec Network Security WFP Driver; C:\WINDOWS\system32\drivers\N360x64\1506000.020\SYMNETS.SYS [2014-08-26 593112]
R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\WINDOWS\system32\DRIVERS\vwififlt.sys [2014-04-30 71680]
R3 BtAudioBusSrv;@oem6.inf,%SvcDesc%;IVT Bluetooth Audio Bus Service; C:\WINDOWS\System32\Drivers\BtAudioBus.sys [2012-06-15 23136]
R3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Služba Bluetooth Enumerator; C:\WINDOWS\System32\drivers\BthEnum.sys [2013-08-22 53248]
R3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service; C:\WINDOWS\System32\Drivers\BtL2caScoIf.sys [2012-07-19 56904]
R3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Ovladač úspory energie technologie Bluetooth; C:\WINDOWS\system32\DRIVERS\BthLEEnum.sys [2014-09-24 226304]
R3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Zařízení Bluetooth (síť PAN); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2014-09-24 118272]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2014-09-24 81920]
R3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service; C:\WINDOWS\System32\Drivers\IvtUrbBtFlt.sys [2012-08-08 48736]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-12-11 142640]
R3 igfx;igfx; C:\WINDOWS\system32\DRIVERS\igdkmd64.sys [2014-01-29 5363200]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RTKVHD64.sys [2012-06-20 4065296]
R3 IntcDAud;@oem10.inf,%IntcDAud.SvcDesc%;Intel(R) Display Audio; C:\WINDOWS\system32\DRIVERS\IntcDAud.sys [2012-06-20 342528]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys [2014-11-21 25816]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [2015-01-05 129752]
R3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\WINDOWS\system32\drivers\mwac.sys [2014-11-21 64216]
R3 MEIx64;@oem14.inf,%HECI_SvcDesc%;Intel(R) Management Engine Interface ; C:\WINDOWS\System32\drivers\HECIx64.sys [2012-07-03 62784]
R3 NAVENG;NAVENG; \??\C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\VirusDefs\20150103.001\ENG64.SYS [2014-08-11 129752]
R3 NAVEX15;NAVEX15; \??\C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\VirusDefs\20150103.001\EX64.SYS [2014-08-11 2137304]
R3 netr28x;@oem16.inf,%Generic.Service.DispName%;Ralink 802.11n Extensible Wireless Driver; C:\WINDOWS\system32\DRIVERS\netr28x.sys [2013-12-04 2505904]
R3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2014-09-24 167424]
R3 rtbth;@oem17.inf,%General.Service.DispName%;RTBTH Bluetooth Device Driver; C:\WINDOWS\System32\drivers\rtbth.sys [2013-12-02 1204424]
R3 RTL8168;@netrt630x64.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\WINDOWS\system32\DRIVERS\Rt630x64.sys [2013-06-18 591360]
R3 SmbDrvI;SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [2012-08-24 43832]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [2014-10-21 177752]
R3 SynTP;@oem22.inf,%SynTP.SvcDesc%;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2012-08-24 448312]
R3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2013-08-22 212224]
R3 vwifimp;@%SystemRoot%\System32\drivers\vwifimp.sys,-261; C:\WINDOWS\system32\DRIVERS\vwifimp.sys [2014-04-30 38912]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2014-09-24 1200640]
S3 RSP2STOR;@oem20.inf,%Rts5229%;Realtek PCIE CardReader Driver - P2; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [2012-07-03 269968]
S3 SmbDrv;SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [2012-08-24 41272]
S4 SymELAM;Symantec ELAM Driver; C:\WINDOWS\system32\drivers\N360x64\1506000.020\SymELAM.sys [2014-08-26 23568]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AERTFilters;Andrea RT Filters Service; C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\WINDOWS\system32\svchost.exe [2013-08-22 37768]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
R2 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-08-10 85504]
R2 HPWMISVC;HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-07-09 35232]
R2 IconMan_R;IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-07-14 2451456]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-04-20 635104]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-07-18 165760]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2012-07-18 276864]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-11-21 969016]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-11-21 1871160]
R2 N360;Norton 360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [2014-09-21 265040]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-07-18 364416]
R3 BsHelpCS;BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [2012-07-10 138752]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2012-08-10 1001376]
S2 BlueSoleilCS;BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [2012-08-02 1544192]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-15 107912]
S3 aspnet_state;@%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_rc.dll,-1; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-08-10 50784]
S3 cphs;Intel(R) Content Protection HECI Service; C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe [2014-01-29 279000]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2013-08-03 43696]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-15 107912]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2013-12-18 50942144]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2014-11-18 833728]
S3 w3logsvc;@%windir%\system32\inetsrv\iisres.dll,-30014; C:\WINDOWS\system32\svchost.exe [2013-08-22 37768]
S3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\WINDOWS\system32\svchost.exe [2013-08-22 37768]
S4 BthAvrcpTg;@bthaudhid.inf,%BthAvrcpTg_SvcDesc%;Bluetooth Audio/Video Remote Control HID; C:\WINDOWS\System32\drivers\BthAvrcpTg.sys [2013-08-22 36992]
S4 BthHFEnum;@bthhfenum.inf,%BthHFEnum.SVCDESC%;Bluetooth Hands-Free Audio and Call Control HID Enumerator; C:\WINDOWS\System32\drivers\bthhfenum.sys [2013-08-22 57856]
S4 bthhfhid;@bthaudhid.inf,%BthAudioHFHid.SVCDESC%;Bluetooth Hands-Free Call Control HID; C:\WINDOWS\System32\drivers\BthHFHid.sys [2013-08-22 30720]

-----------------EOF-----------------

[Márty84]

Pokud se nepovede FRST, tak dejte jeste logy z OTL a docistime zbytek


Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte na plochu.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*AntiWPA* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s

Kliknete na Prohledat
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).